Analysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment

Author

Salman Javaid, Computer SciencesFollow

Date of Award

Summer 8-2014

Degree Type

Thesis

Degree Name

M.S.

Degree Program

Computer Science

Department

Computer Science

Major Professor

Dr. Golden Richard III

Second Advisor

Dr. Vassil Roussev

Third Advisor

Dr. Irfan Ahmed

Abstract

Malware detection and analysis is a major part of computer security. There is an arm race between security experts and malware developers to develop various techniques to secure computer systems and to find ways to circumvent these security methods. In recent years process heap-based attacks have increased significantly. These attacks exploit the system under attack via the heap, typically by using a heap spraying attack. The main drawback with existing techniques is that they either consume too many resources or are complicated to implement. Our work in this thesis focuses on new methods which offloads process heap analysis for guest Virtual Machines (VM) to the privileged domain using Virtual Machine Introspection (VMI) in a Cloud environment. VMI provides us with a seamless, non-intrusive and invisible (to malwares) way of observing the memory and state of VMs without raising red flags for the malwares.

Rights

The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.

Recommended Citation

Javaid, Salman, "Analysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment" (2014). University of New Orleans Theses and Dissertations. 1875.
https://scholarworks.uno.edu/td/1875