JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Automatic Binary Execution Environment based on Real-machines for Intelligent Malware Analysis
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Automatic Binary Execution Environment based on Real-machines for Intelligent Malware Analysis
Cho, Homook; Yoon, KwanSik; Choi, Sangyong; Kim, Yong-Min;
 
 Abstract
There exist many threats in cyber space, however current anti-virus software and other existing solutions do not effectively respond to malware that has become more complex and sophisticated. It was shown experimentally that it is possible for the proposed approach to provide an automatic execution environment for the detection of malicious behavior of active malware, comparing the virtual-machine environment with the real-machine environment based on user interaction. Moreover, the results show that it is possible to provide a dynamic analysis environment in order to analyze the intelligent malware effectively, through the comparison of malicious behavior activity in an automatic binary execution environment based on real-machines and the malicious behavior activity in a virtual-machine environment.
 Keywords
malware;binary user interaction;dynamic analysis;real-machines;anti-VM;
 Language
Korean
 Cited by
 References
1.
Louis Marinos(2015, Jan 27). ENISA Threat Landscape 2014(Overview of current and emerging cyber-threats) [Online]. Available: http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-threat-landscape/enisa-threat-landscape-2014(download 2015, Sep. 9)

2.
M. Sharif, A. Lanzi, J. Giffin, W. Lee, "Automatic Reverse Engineering of Malware Emulators," 2009 30th IEEE Symposium on Security and Privacy, pp. 94-109, May. 2009.

3.
Egele, Manuel, et al., "A survey on automated dynamic malware-analysis techniques and tools," ACM Computing Surveys (CSUR) 44.2 (2012): 6.

4.
Zovi, D. D. 2006. Hardware Virtualization Based Rootkits. in Black Hat Briefings and Training USA 2006.

5.
G. Jeong, E. Choo, J.Lee, M. Bat-Erdene, H. Lee, "Generic unpacking using entropy analysis," IEEE MALWARE, pp. 98-105, Oct. 2010.

6.
R. Lyda and J. Hamrock, "Using entropy analysis to find encrypted and packed malware," IEEE Security & Privacy, Vol. 5, No. 2, pp. 40-45, Mar. 2007.

7.
A. Moser, C. Krügel, and E. Kirda, "Exploring multiple execution paths for malware analysis," IEEE Security and Privacy, pp. 231-245, May. 2007.

8.
Nwokedi Idika and Aditya P. Mathur, "A Survey of Malware Detection Techniques," Department of Computer Science, Purdue University, Feb. 2007.

9.
S. Momina Tabish, M. Zubair Shafiq, and Muddassar Farooq, "Malware Detection using Statistical Analysis of Byte-Level File Content," the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, Jun. 2009.

10.
Paul Royal, Mitch Halpin, David Dagon, Robert Edmonds, and Wenke Lee, "PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware," IEEE, ACSAC'06, pp. 289-300, Dec. 2006.

11.
Vinod P. Nair et al., "MEDUSA: MEtamorphic malware Dynamic analysis Using Signature from API," Proc. of the 3rd International Conference on Security of Information and Networks, pp. 263-269, 2010.

12.
V. Thomas and P Ramagopal, "The rise of autorunbased malware," McAfee, 2009.

13.
KIRDA, E., KRUEGEL, C., BANKS, G., VIGNA, G., and KEMMERER, R., "Behavior-based Spyware Detection," 15th Usenix Security Symposium, 2006.

14.
Raffetseder, T., Krugel, C., and Kirda, E., "Detecting system emulators," 10th International Conference on Information Security (ISC), pp. 1-18, 2007.

15.
Li Sun, Ebringer, T., Boztas, S., "An automatic anti-anti-VMware technique applicable for multistage packed malware," 2008 3rd International Conference on Malicious and Unwanted Software (IEEE), 17-23, 2008.

16.
Graziano, Mariano, et al., "Needles in a haystack: mining information from public dynamic analysis sandboxes for malware intelligence," Proc. of the 24th USENIX Conference on Security Symposium, USENIX Association, 2015.

17.
GHEORGHE, Laura., "Practical Malware Analysis based on Sandboxing," Networking in Education and Research, Joint Event 13th RoEduNet & 8th RENAM Conference, 2014.

18.
[Online]. Available: https://msdn.microsoft.com/library

19.
[Online]. Available: http://malshare.com/

20.
[Online]. Available: http://malc0de.com/database/

21.
[Online]. Available: http://www.vxvault.net/ViriList.php