MAVMM: Lightweight and purpose built VMM for malware analysis

  • Nguyen A
  • Schear N
  • Jung H
 et al. 
  • 62

    Readers

    Mendeley users who have this article in their library.
  • 31

    Citations

    Citations of this article.

Abstract

Malicious software is rampant on the Internet and costs billions of dollars each year. Safe and thorough analysis of malware is key to protecting vulnerable systems and cleaning those that have already been infected. Most current state-of-the-art analysis platforms run alongside the malware, increasing their detectability. This reduces the value of analysis because some malware is known to behave differently when being analyzed. Virtualization offers a compelling platform for malware analysis, with strong isolation and the ability to save and restore guest state. Current virtual machine monitors (VMMs), however, are not designed for malware analysis. Due to their complexity, they often fail to provide transparency and even expose vulnerabilities which could be exploited by the malware running inside guest system. We propose a lightweight VMM (namely MAVMM) that is designed specially for a single job: malware analysis. MAVMM does not implement unnecessary virtualization features commonly found in general purpose hypervisors, including virtual device emulation. We take advantage of hardware virtualization support to make MAVMM more simple, secure and transparent. In this paper, we describe the design and implementation of MAVMM, and the features that we can extract from programs running inside the guest OS. We evaluate our platform in three aspects: functionality, detectability and performance. We show that our system can extract useful information from malicious software, and that it is not susceptible to known virtualization detection techniques.

Author-supplied keywords

  • Malware analysis
  • Security
  • Virtual machine monitors

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text

Authors

  • Anh M. Nguyen

  • Nabil Schear

  • Hee Dong Jung

  • Apeksha Godiyal

  • Samuel T. King

  • Hai D. Nguyen

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free