Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
VIROLOGY
2011
2011
Improving antivirus accuracy with hypervisor assisted analysis
Modern malware protection systems bring an especially difficult problem to antivirus scanners. Simple obfuscationmethodscandiminishtheeffectivenessofascanner significantly, oftentimes renderingthemcompletelyineffective. This paper outlines the usage of a hypervisor based deobfuscation engine that greatly improves the effectiveness of existing scanning engines. We have modified the Ether malware analysis framework to add the following features to deobfuscation: section and header rebuilding and automated kernel virtual address descriptor import rebuilding. Using these repair mechanisms we have shown as high as 45% improvement in the effectiveness of antivirus scanning engines.
Real-time TrafficRelated Content
| Added | 15 May 2011 |
| Updated | 15 May 2011 |
| Type | Journal |
| Year | 2011 |
| Where | VIROLOGY |
| Authors | Daniel Quist, Lorie M. Liebrock, Joshua Neil |
Comments (0)
Researcher Info
|
