Stealth malware analysis from kernel space with Kolumbo |
| |
Authors: | Julien Desfossez Justine Dieppedale Gabriel Girard |
| |
Affiliation: | 1. Revolution Linux, Sherbrooke, QC, Canada 2. D??partement d??informatique, Facult?? des Sciences, Universit?? de Sherbrooke, Sherbrooke, QC, Canada
|
| |
Abstract: | Most of today’s malware are able to detect traditional debuggers and change their behavior whenever somebody tries to analyze
them. The analysis of such malware becomes then a much more complex task. In this paper, we present the functionalities provided
by the Kolumbo kernel module that can help simplify the analysis of malware. Four functionalities are provided for the analyst:
system calls monitoring, virtual memory contents dumping, pseudo-breakpoints insertion and eluding anti-debugging protections
based on ptrace. The module as been designed to minimize its impact on the system and to be as undetectable as possible. However, it has
not been conceived to analyze programs with kernel access. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|