JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Efficient Exploring Multiple Execution Path for Dynamic Malware Analysis
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Efficient Exploring Multiple Execution Path for Dynamic Malware Analysis
Hwang, Ho; Moon, Daesung; Kim, Ikkun;
  PDF(new window)
 Abstract
As the number of malware has been increased, it is necessary to analyze malware rapidly against cyber attack. Additionally, Dynamic malware analysis has been widely studied to overcome the limitation of static analysis such as packing and obfuscation, but still has a problem of exploring multiple execution path. Previous works for exploring multiple execution path have several problems that it requires much time to analyze and resource for preparing analysis environment. In this paper, we proposed efficient exploring approach for multiple execution path in a single analysis environment by pipelining processes and showed the improvement of speed by 29% in 2-core and 70% in 4-core through experiment.
 Keywords
Malware;Dynamic Malware Analysis;Multiple Execution;
 Language
Korean
 Cited by
 References
1.
E. Skoudis, L. Zeltser, Malware: fighting malicious code, Prentice Hall, Nov. 2003

2.
ASEC, "Asec report", vol. 70, Oct. 2015

3.
Boo-Joong Kang, Kyoung-Soo Han, Eul-Gyu Im, "Malicious code trends and detection technologies," communication of the korea I SCIENCE SOCIETY, 30(1), pp. 44-53, Jan. 2012

4.
NSHC, "3.20 South korea cyber attack, red alert research report", Mar. 2013

5.
R. Lyda and J. Hamrock, "Using entropy analysis to find encrypted and packed malware," IEEE Security & Privacy, vol. 5, no. 2, pp. 40-45, Apr. 2007

6.
C. Willems,T Holz & F. Freiling, "Toward automated dynamic malware analysis using cwsandbox," IEEE Symposium on Security & Privacy, vol. 5, no.2, pp 32-39, Mar. 2007

7.
K. Rieck, T. Holz, C. Willems, P. Düssel & P. Laskov, "Learning and classification of malware behavior", In Detection of Intrusions and Malware and Vulnerability Assessment, pp. 108-125, Jul. 2008

8.
D. Kirat, G Vigna and C Kruegel."Barecloud: bare-metal analysis-based evasive malware detection", In Proceedings of the 23rd USENIX Security Symposium, pp. 287-301, Aug. 2014

9.
M. Lindorfer, C Kolbitsch and P.M. Comparetti. "Detecting environment-sensitive malware," In Recent Advances in Intrusion Detection, pp. 338-357, Sep. 2011

10.
A. Moser, C. Kruegel and E Kirda, "Exploring multiple execution paths for malware analysis", In Security and Privacy IEEE Symposium, pp. 231-245, May. 2007.

11.
F. Peng, Z. Deng, X. Zhang, D. Xu, Z. Lin, Z and Z. Su, "X-force: Force-executing binary programs for security applications", In Proceedings of the 2014 USENIX Security Symposium, pp.829-844, Aug. 2014

12.
Byeong-ho Kang, Eul-Gyu Im. "Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution," Journal of THe Korea Institute of information Secuirty & Cryptology, 24(3), pp. 437-444, Jun. 2014 crossref(new window)

13.
Z. Xu, J. Zhang, G. Gu and Z. Lin "Goldeneye: efficiently and effectively unveiling malware's targeted environment" In Research in Attacks, Intrusions and Defenses , LNCS 8688, pp. 22-45, Sep. 2014

14.
D. Geer, Chip makers turn to multicore processors. Computer, vo. 38, no. 5, pp. 11-13. May. 2005

15.
R. Pechoux and T. D. Tam, "A Categorical Treatment of Malicious Behavioral Obfuscation," In Theory and Applications of Models of Computation, LNCS 8402, pp. 280-299, Apr. 2014

16.
D. Brumley,C. Hartwig,Z. Liang,J. Newsome,D. Song and H. Yin. "Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis," Technical Report CMU-CS-07-105, Carnegie Mellon University School of Computer Science, Jan. 2007

17.
Sudeep Singh, "Breaking the Sandbox", Sep. 2014.