The Resource EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination, by Joshua Michael Eads, (electronic resource)

EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination, by Joshua Michael Eads, (electronic resource)

Label
EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination
Title
EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination
Statement of responsibility
by Joshua Michael Eads
Creator
Subject
Genre
Language
eng
Summary
"Software security researchers commonly reverse engineer and analyze current malicious software (malware) to determine what the latest techniques malicious attackers are utilizing and how to protect computer systems from attack. The most common analysis methods involve examining how the program behaves during execution and interpreting its machine-level instructions. However, modern malicious applications use advanced anti-debugger, anti-virtualization, and code packing techniques to obfuscate the malware's true activities and divert security analysts. Malware analysts currently do not have a simple method for tracing malicious code activity at the instruction-level in a highly undetectable environment. There also lacks a simple method for combining actual run-time register and memory values with statically disassembled code. Combining statically disassembled code with the run-time values found in the memory and registers being accessed would create a new level of analysis possible by combining key aspects of static analysis with dynamic analysis. This thesis presents EtherAnnotate, a new extension to the Xen Ether virtualization framework and the IDA Pro disassembler to aid in the task of malicious software analysis. This new extension consists of two separate components - an enhanced instruction tracer and a graphical annotation and visualization plug-in for IDA Pro. The specialized instruction tracer places a malware binary into a virtualized environment and records the contents of all processor general register values that occur during its execution. The annotation plug-in for IDA Pro interprets the output of the instruction tracer and adds line comments of the register values in addition to visualizing code coverage of all disassembled instructions that were executed during the malware's execution. These two tools can be combined to provide a new level of introspection for advanced malware that was not available with the previous state-of-the-art analysis tools"--Abstract, p. iii
Related
Cataloging source
UMR
http://library.link/vocab/creatorDate
1987-
http://library.link/vocab/creatorName
Eads, Joshua Michael
Degree
M.S.
Dissertation year
2010.
Granting institution
Missouri University of Science and Technology
Illustrations
illustrations
Index
no index present
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
  • theses
http://library.link/vocab/subjectName
  • Computer security
  • Reverse engineering
  • Malware (Computer software)
  • Virtual computer systems
Target audience
specialized
Label
EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination, by Joshua Michael Eads, (electronic resource)
Instantiates
Publication
Note
  • Vita
  • The entire thesis text is included in file
  • Title from title screen of thesis/dissertation PDF file (viewed May 4, 2010)
Bibliography note
Includes bibliographical references (pages 65-68)
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Color
black and white
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Control code
611152286
Dimensions
unknown
Extent
1 online resource (ix, 69 pages)
Form of item
electronic
Media category
computer
Media MARC source
rdamedia
Media type code
c
Other physical details
illustrations, digital, PDF file.
Specific material designation
remote
System control number
(OCoLC)611152286
System details
  • System requirements: Adobe Acrobat Reader; Internet browser
  • Mode of access: World Wide Web
Label
EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination, by Joshua Michael Eads, (electronic resource)
Publication
Note
  • Vita
  • The entire thesis text is included in file
  • Title from title screen of thesis/dissertation PDF file (viewed May 4, 2010)
Bibliography note
Includes bibliographical references (pages 65-68)
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Color
black and white
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Control code
611152286
Dimensions
unknown
Extent
1 online resource (ix, 69 pages)
Form of item
electronic
Media category
computer
Media MARC source
rdamedia
Media type code
c
Other physical details
illustrations, digital, PDF file.
Specific material designation
remote
System control number
(OCoLC)611152286
System details
  • System requirements: Adobe Acrobat Reader; Internet browser
  • Mode of access: World Wide Web

Library Locations

  • Ellis LibraryBorrow it
    1020 Lowry Street, Columbia, MO, 65201, US
    38.944491 -92.326012
  • Engineering Library & Technology CommonsBorrow it
    W2001 Lafferre Hall, Columbia, MO, 65211, US
    38.946102 -92.330125
  • Fisher Delta Research CenterBorrow it
    2-64 Agricultural Bldg, Columbia, MO, 65201, US
    38.958397 -92.303491
  • Geological Sciences LibraryBorrow it
    201 Geological Sciences, Columbia, MO, 65211, US
    38.947375 -92.329062
  • J. Otto Lottes Health Sciences LibraryBorrow it
    1 Hospital Dr, Columbia, MO, 65201, US
    38.939544 -92.328377
  • Journalism LibraryBorrow it
    102 Reynolds Jrnlism Institute, Columbia, MO, 65211, US
    38.947290 -92.328025
  • Mathematical Sciences LibraryBorrow it
    104 Ellis Library, Columbia, MO, 65201, US
    38.944377 -92.326537
  • University ArchivesBorrow it
    Columbia, MO, 65201, US
  • University Archives McAlester AnnexBorrow it
    703 Lewis Hall, Columbia, MO, 65211, US
    38.934630 -92.342290
  • University of Missouri Libraries DepositoryBorrow it
    2908 Lemone Blvd, Columbia, MO, 65211, US
    38.919360 -92.291620
  • Zalk Veterinary Medical LibraryBorrow it
    Veterinary Medicine West, Columbia, MO, 65211, US
    38.941099 -92.317911
Processing Feedback ...