HIGH-FIDELITY VIRTUAL MACHINE ARTIFACT MITIGATION BY DRAKVUF INJECTION
Loading...
Authors
Prince, Charles D.
Subjects
virtual machine
VM
VM artifacts
defensive cyber operations
DCO
higher fidelity virtualization
HFV
Drakvuf
VM
VM artifacts
defensive cyber operations
DCO
higher fidelity virtualization
HFV
Drakvuf
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2024-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
As malware becomes more capable and aware of the system on which it resides, it can act differently to obfuscate its methods for infecting and infiltrating systems, potentially preventing cyber defenders from mitigating and deterring malware and the malware controller, whether it be individuals, groups, or nation states. As malware becomes more capable of detecting virtualization on target systems, defensive cyber operations (DCO) operators are forced to use higher fidelity virtualization (HFV) tactics, techniques and procedures to prevent counter-detection of virtualized systems and to mitigate these advanced malware threats. Mitigating virtualization artifacts has become increasingly essential for hypervisors providing HFV and will increasingly be essential for DCO. This technical report explores mitigation of virtualization artifacts, surveying areas in need of mitigation and previous methods for achieving HFV, and explores a promising method using Xen-Drakvuf Process-Injection to obfuscate virtualization artifacts with minimal chance of detection. The result of this work is an in-depth survey of the technical aspects for achieving HFV and charting the next steps for maximizing HFV.
Type
Thesis
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Distribution Statement A. Approved for public release: Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.