A Survey on Virtual Machines for Malware Analysis

Daniel Reynaud 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Virtualisation and emulation technologies are increasingly used for malware analysis. However this is not what they were developed for and as a result, new problems arise. This presentation will introduce the different kinds of virtualisation technologies, the problem they try to solve for malware analysts (real-time behavior monitoring) and the currently emerging problems (virtual machine detection and logic bombs). The conclusion of this survey is that perfect monitoring and undetectability are reachable goals for virtual machines, but the detection of logic bombs is intractable. As a result, virtual machines are a handy tool for malware analysts but undetectable real-time monitoring techniques should be developed instead.
Type de document :
Communication dans un congrès
3rd International Workshop on the Theory of Computer Viruses - TCV 08, 2008, Nancy, France. 2008
Liste complète des métadonnées

https://hal.inria.fr/inria-00337520
Contributeur : Daniel Reynaud <>
Soumis le : vendredi 7 novembre 2008 - 11:42:09
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25

Identifiants

  • HAL Id : inria-00337520, version 1

Collections

Citation

Daniel Reynaud. A Survey on Virtual Machines for Malware Analysis. 3rd International Workshop on the Theory of Computer Viruses - TCV 08, 2008, Nancy, France. 2008. 〈inria-00337520〉

Partager

Métriques

Consultations de la notice

230