Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

恶意软件分析是网络安全中最重要的任务。恶意软件分析有两种方法：静态和动态。现代恶意软件使用大量技术来逃避动态和静态分析工具。当前的动态分析解决方案要么修改正在运行的恶意软件，要么使用更高权限的组件进行实际分析。前者很容易被复杂的恶意软件检测到，而后者通常会导致显着的性能开销。我们提出了一种在操作系统本身的上下文中执行恶意软件分析的方法。此外，分析组件由管理程序伪装，这使其对运行的操作系统及其应用程序完全透明。系统效率的评估表明引起的性能开销可以忽略不计。