Integrity verification of user space code |
| |
Institution: | Queensland University of Technology, Brisbane, Australia |
| |
Abstract: | We present a novel approach for the construction and application of cryptographic hashes to user space memory for the purposes of verifying the provenance of code in memory images. Several key aspects of Windows behaviour which influence this process are examined in-depth. Our approach is implemented and evaluated on a selection of malware samples with user space components as well as a collection of common Windows applications. The results demonstrate that our approach is highly effective at reducing the amount of memory requiring manual analysis, highlighting the presence of malicious code in all the malware sampled. |
| |
Keywords: | Memory forensics User space Windows XP Windows 7 Malware analysis |
本文献已被 ScienceDirect 等数据库收录! |