Advanced SearchSearch Tips
Efficient Exploring Multiple Execution Path for Dynamic Malware Analysis
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Efficient Exploring Multiple Execution Path for Dynamic Malware Analysis
Hwang, Ho; Moon, Daesung; Kim, Ikkun;
  PDF(new window)
As the number of malware has been increased, it is necessary to analyze malware rapidly against cyber attack. Additionally, Dynamic malware analysis has been widely studied to overcome the limitation of static analysis such as packing and obfuscation, but still has a problem of exploring multiple execution path. Previous works for exploring multiple execution path have several problems that it requires much time to analyze and resource for preparing analysis environment. In this paper, we proposed efficient exploring approach for multiple execution path in a single analysis environment by pipelining processes and showed the improvement of speed by 29% in 2-core and 70% in 4-core through experiment.
Malware;Dynamic Malware Analysis;Multiple Execution;
 Cited by
E. Skoudis, L. Zeltser, Malware: fighting malicious code, Prentice Hall, Nov. 2003

ASEC, "Asec report", vol. 70, Oct. 2015

Boo-Joong Kang, Kyoung-Soo Han, Eul-Gyu Im, "Malicious code trends and detection technologies," communication of the korea I SCIENCE SOCIETY, 30(1), pp. 44-53, Jan. 2012

NSHC, "3.20 South korea cyber attack, red alert research report", Mar. 2013

R. Lyda and J. Hamrock, "Using entropy analysis to find encrypted and packed malware," IEEE Security & Privacy, vol. 5, no. 2, pp. 40-45, Apr. 2007

C. Willems,T Holz & F. Freiling, "Toward automated dynamic malware analysis using cwsandbox," IEEE Symposium on Security & Privacy, vol. 5, no.2, pp 32-39, Mar. 2007

K. Rieck, T. Holz, C. Willems, P. Düssel & P. Laskov, "Learning and classification of malware behavior", In Detection of Intrusions and Malware and Vulnerability Assessment, pp. 108-125, Jul. 2008

D. Kirat, G Vigna and C Kruegel."Barecloud: bare-metal analysis-based evasive malware detection", In Proceedings of the 23rd USENIX Security Symposium, pp. 287-301, Aug. 2014

M. Lindorfer, C Kolbitsch and P.M. Comparetti. "Detecting environment-sensitive malware," In Recent Advances in Intrusion Detection, pp. 338-357, Sep. 2011

A. Moser, C. Kruegel and E Kirda, "Exploring multiple execution paths for malware analysis", In Security and Privacy IEEE Symposium, pp. 231-245, May. 2007.

F. Peng, Z. Deng, X. Zhang, D. Xu, Z. Lin, Z and Z. Su, "X-force: Force-executing binary programs for security applications", In Proceedings of the 2014 USENIX Security Symposium, pp.829-844, Aug. 2014

Byeong-ho Kang, Eul-Gyu Im. "Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution," Journal of THe Korea Institute of information Secuirty & Cryptology, 24(3), pp. 437-444, Jun. 2014 crossref(new window)

Z. Xu, J. Zhang, G. Gu and Z. Lin "Goldeneye: efficiently and effectively unveiling malware's targeted environment" In Research in Attacks, Intrusions and Defenses , LNCS 8688, pp. 22-45, Sep. 2014

D. Geer, Chip makers turn to multicore processors. Computer, vo. 38, no. 5, pp. 11-13. May. 2005

R. Pechoux and T. D. Tam, "A Categorical Treatment of Malicious Behavioral Obfuscation," In Theory and Applications of Models of Computation, LNCS 8402, pp. 280-299, Apr. 2014

D. Brumley,C. Hartwig,Z. Liang,J. Newsome,D. Song and H. Yin. "Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis," Technical Report CMU-CS-07-105, Carnegie Mellon University School of Computer Science, Jan. 2007

Sudeep Singh, "Breaking the Sandbox", Sep. 2014.