Dynamic malware analysis techniques assist to fully understand the cause, intention, and extent of damage caused by malicious applications. Therefore, malware analysis tools dissect and analyze the behavior of malicious entities at run-time. In this way, security analysts can deduct the cause of infection, e.g., to provide necessary means for potential countermeasures. DRAKVUF is an open source malware analysis framework running on top of the Xen hypervisor. By using Virtual Machine Introspection (VMI) techniques, DRAKVUF is able to transparently monitor and control the state of a virtual machine from a level beyond the OS. While DRAKVUF is a powerful means to analyze malware, its use is currently limited to x86-64 based architectures. This project aims to shift the scope of application of DRAKVUF towards ARM and thus the mobile market ultimately providing powerful malware analysis on mobile devices.

Organization

Student

Sergej Proskurin

Mentors

  • webstergd
  • Steven Maresca
  • Tamas K Lengyel
close

2016