Skipping Sleeps in Dynamic Analysis of Multithreaded Malware

Many malware programs execute sleeps for various purposes. In the dynamic analysis of malware, the executions of sleep functions are often skipped to reduce analysis time. However, in the analysis of a multithreaded malware program, it must be determined whether a given sleep can be skipped as this...

Full description

Saved in:
Bibliographic Details
Published in2018 IEEE Conference on Dependable and Secure Computing (DSC) pp. 1 - 8
Main Author Oyama, Yoshihiro
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.12.2018
Subjects
Linux
Malware
Message systems
Monitoring
Performance analysis
Timing
Virtual machine monitors
Online AccessGet full text

Cover

More Information
Summary:Many malware programs execute sleeps for various purposes. In the dynamic analysis of malware, the executions of sleep functions are often skipped to reduce analysis time. However, in the analysis of a multithreaded malware program, it must be determined whether a given sleep can be skipped as this can alter the behavior of the program due to the non-determinism of concurrent executions. In this study, we propose a method to skip sleeps or reduce their duration in multithreaded malware programs to minimize their effect on program behavior. We implemented a system of malware analysis based on the proposed method, and confirmed through experiments that it can effectively skip sleeps or reduce their duration without changing the behavior of the program.
DOI:10.1109/DESEC.2018.8625167