Malware Analysis Platform Based on Secondary Development of Xen

The API calls reflect the functional levels of a program, analysis of the API calls would lead to an understanding of the behavior of the malware. Malware analysis environment has been widely used, but some malware already have the anti-virtual, anti-debugging and anti-tracking ability with the evolution of the malware. These analysis environments use a combination of API hooking and/or API virtualization, which are detectable by malware running at the same privilege level. In this work, we develop the fully automated platform to trace the native API calls based on secondary development of Xen and have obtained the most transparent and similar system to a Windows OS as possible in order to obtain an execution trace of a program as if it was run in an environment with no tracer present. In contrast to other approaches, the hardware-assisted nature of our approach implicitly avoids many shortcomings that arise from incomplete or inaccurate system emulation.

Download Full-text

The Study of CAD/CAE Integrated Technology in Network Environment

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.145.567 ◽

2010 ◽

Vol 145 ◽

pp. 567-572

Author(s):

Hua Ding ◽

Zhao Jian Yang ◽

Xue Wen Wang ◽

Zhi Yong Ding

Keyword(s):

Parametric Design ◽

Parametric Modeling ◽

Component Technology ◽

Secondary Development ◽

Element Analysis ◽

Development Tool ◽

Database Technology ◽

Remote Design ◽

Parametric Finite Element Analysis ◽

Analysis Platform

Based on the concept of parametric design, this paper realizes the parametric modeling and parametric finite element analysis by utilizing UG/OPEN secondary development tool and APDL module of ANSYS software respectively. This paper also achieves data sharing of CAD/CAE through compiling interface program between UG6.0 and ANSYS10.0. In addition, the remote design and analysis platform has been built by using ASP.NET technology, component technology, and database technology. We take piston-piston rod part of coal mining machine’s cutting unit as an example to verify the system. Meanwhile, it proves system can effectively shorten design and analysis cycle time, and reduce workload of designer. Therefore, this software has potential application value in engineering.

Download Full-text

CAD/CAE Integration System of the Excavator Boom

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.401-403.81 ◽

2013 ◽

Vol 401-403 ◽

pp. 81-84

Author(s):

Kun Zhu ◽

Xu Yin ◽

Ai Min Ji

Keyword(s):

Parametric Design ◽

Parametric Method ◽

Integrated Design ◽

Secondary Development ◽

Element Analysis ◽

Integration System ◽

Existing Problems ◽

Analysis Platform ◽

Design Ideas ◽

Ansys Workbench

According to the existing problems in the design of the excavator working devices boom, the method of integrated design and analysis for the boom was put forward by CAD/CAE integration technology. Firstly, design ideas of database in CAD/CAE integration system was given, so the data of model can be transmitted and exchanged effectively between CAD and CAE systems. Secondly, the parametric model of the boom was established based on parametric method. Thirdly, the customization analysis platform of the boom is built with customization technology and secondary development of ANSYS Workbench code. Finally, the parametric design and automatic finite element analysis for the excavator boom were implemented.

Download Full-text

An Open Source, Extensible Malware Analysis Platform

MATEC Web of Conferences ◽

10.1051/matecconf/201818805009 ◽

2018 ◽

Vol 188 ◽

pp. 05009

Author(s):

P. Michalopoulos ◽

V. Ieronymakis ◽

M.T. Khan ◽

D. Serpanos

Keyword(s):

Open Source ◽

Malware Detection ◽

High Rate ◽

Machine Learning Techniques ◽

False Alarms ◽

Malware Analysis ◽

Detection Techniques ◽

It Systems ◽

The One ◽

Analysis Platform

A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist.

Download Full-text

Sisyfos: A Modular and Extendable Open Malware Analysis Platform

Applied Sciences ◽

10.3390/app11072980 ◽

2021 ◽

Vol 11 (7) ◽

pp. 2980

Author(s):

Dimitrios Serpanos ◽

Panagiotis Michalopoulos ◽

Georgios Xenos ◽

Vasilios Ieronymakis

Keyword(s):

Feature Extraction ◽

Operating Systems ◽

Critical Infrastructure ◽

Malware Analysis ◽

Web Interface ◽

Operational Environment ◽

Android Malware ◽

Analysis Platform

Sisyfos is a modular and extensible platform for malware analysis; it addresses multiple operating systems, including critical infrastructure ones. Its purpose is to enable the development and evaluation of new tools as well as the evaluation of malware classifiers. Sisyfos has been developed based on open software for feature extraction and is available as a stand-alone tool with a web interface but can be integrated into an operational environment with a continuous sample feed. We present the structure and implementation of Sisyfos, which accommodates analysis for Windows, Linux and Android malware.

Download Full-text

Program analysis environment for writing COBOL aspects

Proceedings of the Eighth International Conference on Aspect-Oriented Software Development - AOSD '10 ◽

10.1145/1739230.1739257 ◽

2010 ◽

Author(s):

Hideaki Shinomi ◽

Yasuhisa Ichimori

Keyword(s):

Program Analysis ◽

Analysis Environment

Download Full-text

A Malware Analysis Platform Based on Taint Analysis

2013 International Conference on Computer Sciences and Applications ◽

10.1109/csa.2013.13 ◽

2013 ◽

Cited By ~ 1

Author(s):

Fan Zhang ◽

Minghui Yang ◽

Mingdi Xu

Keyword(s):

Malware Analysis ◽

Taint Analysis ◽

Analysis Platform

Download Full-text

Farm: An automated malware analysis environment

2008 42nd Annual IEEE International Carnahan Conference on Security Technology ◽

10.1109/ccst.2008.4751322 ◽

2008 ◽

Cited By ~ 3

Author(s):

Jamie Van Randwyk ◽

Ken Chiang ◽

Levi Lloyd ◽

Keith Vanderveen

Keyword(s):

Malware Analysis ◽

Analysis Environment

Download Full-text

Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment

Security and Communication Networks ◽

10.1002/sec.764 ◽

2013 ◽

Vol 7 (3) ◽

pp. 626-640 ◽

Cited By ~ 4

Author(s):

Ying-Dar Lin ◽

Tzung-Bi Shih ◽

Yu-Sung Wu ◽

Yuan-Cheng Lai

Keyword(s):

Network Traffic ◽

Malware Analysis ◽

Transparent Network ◽

Analysis Environment

Download Full-text

On Fingerprinting of Public Malware Analysis Services

Logic Journal of IGPL ◽

10.1093/jigpal/jzz050 ◽

2019 ◽

Vol 28 (4) ◽

pp. 473-486 ◽

Cited By ~ 1

Author(s):

Alvaro Botas ◽

Ricardo J Rodríguez ◽

Vicente Matellan ◽

Juan F Garcia ◽

M T Trobajo ◽

...

Keyword(s):

Empirical Study ◽

Virtual Environments ◽

Malware Analysis ◽

Malicious Software ◽

Analysis Environment

Abstract Automatic public malware analysis services (PMAS, e.g. VirusTotal, Jotti or ClamAV, to name a few) provide controlled, isolated and virtual environments to analyse malicious software (malware) samples. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment; when an analysis environment is detected, malware behaves as a benign application or even shows no activity. In this work, we present an empirical study and characterization of automatic PMAS, considering 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments; the lower the unlikeability of these features, the easier for us (and thus for malware) to fingerprint the analysis service they belong to. Finally, we propose a method for these analysis services to counter or at least mitigate our proposal.

Download Full-text

ToR-SIM - A mobile malware analysis platform

2019 International Conference on Speech Technology and Human-Computer Dialogue (SpeD) ◽

10.1109/sped.2019.8906638 ◽

2019 ◽

Author(s):

Alexandru Caranica ◽

Alexandru Vulpe ◽

Marius Emil Parvu ◽

Dragos Draghicescu ◽

Octavian Fratu ◽

...

Keyword(s):

Malware Analysis ◽

Mobile Malware ◽

Analysis Platform

Download Full-text