JITScanner: Just-in-Time Executable Page Check in the Linux Operating System
Pasquale Caporaso, Giuseppe Bianchi, Francesco Quaglia
TL;DR
JITScanner is a Linux kernel module-based tool that detects malware by analyzing executable pages during runtime, offering an efficient and minimally intrusive alternative to traditional dynamic analysis methods.
Contribution
The paper introduces JITScanner, a novel Linux-based system that detects malware signatures in executable pages during runtime with minimal performance impact.
Findings
Effective malware detection demonstrated in experiments
Minimal runtime overhead observed
Compatible with multi-core Linux systems
Abstract
Modern malware poses a severe threat to cybersecurity, continually evolving in sophistication. To combat this threat, researchers and security professionals continuously explore advanced techniques for malware detection and analysis. Dynamic analysis, a prevalent approach, offers advantages over static analysis by enabling observation of runtime behavior and detecting obfuscated or encrypted code used to evade detection. However, executing programs within a controlled environment can be resource-intensive, often necessitating compromises, such as limiting sandboxing to an initial period. In our article, we propose an alternative method for dynamic executable analysis: examining the presence of malicious signatures within executable virtual pages precisely when their current content, including any updates over time, is accessed for instruction fetching. Our solution, named JITScanner, is…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDistributed and Parallel Computing Systems · Software System Performance and Reliability · Software Testing and Debugging Techniques