Abstract
Virtual environment is frequently used for malware analysis. To hide their behavior, malware began to adopt virtual environment detection techniques. One of trickiest things when analyzing malware on real systems is that the operating system became unbootable due to the crash of partition and boot loader stored in the first sector of hard disk called the master boot record (MBR). It is quite time consuming to extract its MBR image from the crashed hard disk, so running malware on real system is usually considered as the last resort. In this research, we proposed a malware analysis system utilizing Emulab to extract crashed MBR images very easily.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Internet Security Threat Report, Vol. 21, Symantec Corp., April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
Internet Security Threat Report, Vol. 20, Symantec Corp., April 2015. https://www.symantec.com/content/dam/symantec/docs/reports/istr-20-2015-en.pdf
Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: Proceedings of the 23rd USENIX Security Symposium, pp. 287–301, August 2014
Kirat, D., Vigna, G.: MalGene: automation extraction of malware analysis evasion signa-ture. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 769–780, October 2015
Utah Emulab, Network Emulation Testbed Home. https://www.emulab.net/
Lee, M., Seok, W.: Research on the trend of utilizing emulab as cyber security research framework. J. Korea Inst. Inform. Secur. Cryptology 23, 1169–1180 (2013)
Lee, M., Seok, W.: Research on utilizing emulab for malware analysis. J. Korea Inst. Inform. Secur. Cryptology 26, 117–124 (2016)
VMware Virtualization, VMware. https://www.vmware.com/
sshpass. http://manpages.ubuntu.com/manpages/trusty/man1/sshpass.1.html
Netwide Assembler. http://www.nasm.us/
KISTI Emulab, Network Emulation Testbed Home. https://www.emulab.kreonet.net/
South Korea cyberattack. https://en.wikipedia.org/wiki/2013_South_Korea_cyberattack
Dissecting Operation Troy: Cyberespionage in South Korea, McAfee. http://www.mcafee.com/kr/resources/white-papers/wp-dissecting-operation-troy.pdf
Acknowledgments
This research is financially supported by 2016 Hannam University Research Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Song, G., Lee, M. (2017). MBR Image Automation Analysis Techniques Utilizing Emulab. In: Kim, K., Joukov, N. (eds) Information Science and Applications 2017. ICISA 2017. Lecture Notes in Electrical Engineering, vol 424. Springer, Singapore. https://doi.org/10.1007/978-981-10-4154-9_25
Download citation
DOI: https://doi.org/10.1007/978-981-10-4154-9_25
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4153-2
Online ISBN: 978-981-10-4154-9
eBook Packages: EngineeringEngineering (R0)