DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kang, Brent Byunghoon | - |
dc.contributor.advisor | 강병훈 | - |
dc.contributor.author | Lee, Jaehyuk | - |
dc.date.accessioned | 2018-06-20T06:24:57Z | - |
dc.date.available | 2018-06-20T06:24:57Z | - |
dc.date.issued | 2015 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=669193&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/243491 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2015.8,[vi, 38 p. :] | - |
dc.description.abstract | QEMU is being widely used for emulating hardware. The emulation technology can be applied to various fields, one of the good example is dynamic malware analysis. A number of state-of-the-art malware analysis platforms are based on the QEMU. As the emulation is popularly deployed to analyze the behavior, malwares equip themselves with various anti-emulation techniques to fingerprint the QEMU environment. Research communities start to develop stealthy malware analysis platforms that manipulate the run-time environment to make malware misapprehend it is running on a native environment.Despite the fact that malware analysis platforms are equipped with stealth technology, discrepancies created by complicated hardware logics are exploited by attacker to detect emulated environment. It's an arms race between attacker who wants to conceal malicious behavior and defender who wants to reveal undisclosed malware. This paper systematically locate previous timing based QEMU detection methods using lazy TLB emulation and introduce new detection mechanism based on the characteristic of Tiny Code Generator(TCG) and behavioral discrepancies in QEMU which could be easily exploited for detecting emulated environment with least privileges and higher detection rate than previous works. We hope this paper alarm research communities and drive them to consider it in developing stealthy malware analysis platform. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | QEMU | - |
dc.subject | Emulator Detection | - |
dc.subject | Tiny Code Generator(TCG) | - |
dc.subject | Race condition | - |
dc.subject | Timing attack | - |
dc.subject | 큐이엠유 | - |
dc.subject | 에뮬레이터 탐지 | - |
dc.subject | 동적 코드 분석기 | - |
dc.subject | 레이스 컨디션 | - |
dc.subject | 시간차 공격 | - |
dc.title | Detecting emulated environment | - |
dc.title.alternative | 에뮬레이터와 하드웨어의 행동 차이를 사용한 QEMU 탐지 기법 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 이재혁 | - |
dc.title.subtitle | exploiting behavioral discrepancies In QEMU | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.