Return to search

Maitland: analysis of packed and encrypted malware via paravirtualization extensions

Malicious software (malware) attacks are an ever-increasing cyber-security problem. One reason for this trend is the widespread adoption of packing technology as a way to mask the semantics of binary instructions, hiding them from detection. Packing is so successful that it is estimated 70-80% of malicious programs utilize it to avoid detection [1]. The popularity of virtualization provides new tools for dealing with this threat. Researchers have successfully used facilities provided by virtualization to develop new ways of detecting and analyzing packed and encrypted malware. Methods like these typically require changes to the virtualization platform, making them difficult to deploy as well as hard to reuse. This thesis presents Maitland, a proof-of-concept unpacking system which achieves similar functionality to existing research, using paravirtualization extensions instead of requiring changes to the hypervisor. During our experiments, Maitland successfully exposed instructions in software that was packed by the UPX and gzexe packers. Maitland’s avoidance of changes to the hypervisor means it is better suited for quick deployment in a cloud environment. / Graduate

Identiferoai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/3866
Date04 April 2012
CreatorsBenninger, Christopher Adam
ContributorsCoady, Yvonne, Neville, Stephen William
Source SetsUniversity of Victoria
LanguageEnglish, English
Detected LanguageEnglish
TypeThesis
Formatapplication/pdf
RightsAvailable to the World Wide Web

Page generated in 0.0023 seconds