Maitland: analysis of packed and encrypted malware via paravirtualization extensions

Simple item page
dc.contributor.authorBenninger, Christopher Adam
dc.contributor.supervisorCoady, Yvonne
dc.contributor.supervisorNeville, Stephen William
dc.date.accessioned2012-04-04T18:50:31Z
dc.date.available2012-04-04T18:50:31Z
dc.date.copyright2012en_US
dc.date.issued2012-04-04
dc.degree.departmentDept. of Computer Scienceen_US
dc.degree.levelMaster of Science M.Sc.en_US
dc.description.abstractMalicious software (malware) attacks are an ever-increasing cyber-security problem. One reason for this trend is the widespread adoption of packing technology as a way to mask the semantics of binary instructions, hiding them from detection. Packing is so successful that it is estimated 70-80% of malicious programs utilize it to avoid detection [1]. The popularity of virtualization provides new tools for dealing with this threat. Researchers have successfully used facilities provided by virtualization to develop new ways of detecting and analyzing packed and encrypted malware. Methods like these typically require changes to the virtualization platform, making them difficult to deploy as well as hard to reuse. This thesis presents Maitland, a proof-of-concept unpacking system which achieves similar functionality to existing research, using paravirtualization extensions instead of requiring changes to the hypervisor. During our experiments, Maitland successfully exposed instructions in software that was packed by the UPX and gzexe packers. Maitland’s avoidance of changes to the hypervisor means it is better suited for quick deployment in a cloud environment.en_US
dc.description.scholarlevelGraduateen_US
dc.identifier.urihttp://hdl.handle.net/1828/3866
dc.languageEnglisheng
dc.language.isoenen_US
dc.rights.tempAvailable to the World Wide Weben_US
dc.subjectmalwareen_US
dc.subjectvirtualizationen_US
dc.subjectparavirtualizationen_US
dc.subjectclouden_US
dc.subjectXenen_US
dc.subjectLinuxen_US
dc.titleMaitland: analysis of packed and encrypted malware via paravirtualization extensionsen_US
dc.typeThesisen_US

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Benninger_Christopher_MSc_2012.pdf
Size:
601.63 KB
Format:
Adobe Portable Document Format
Description:
Thesis
Download
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.74 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Electronic Theses and Dissertations (ETD)
Theses (Computer Science)
 
University of Victoria Libraries

We acknowledge and respect the Lək̓ʷəŋən (Songhees and Esquimalt) Peoples on whose territory the university stands, and the Lək̓ʷəŋən and W̱SÁNEĆ Peoples whose historical relationships with the land continue to this day.