Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.11.131

Automatic malware variant generation framework using Disassembly and Code Modification  

Lee, Jong-Lark (Faculty of Cyber Security, Yeungnam University College)
Won, Il-Yong (Dept. of Cyber Hacknig Security, Seoul Hoseo Technical College)
Publication Information
Journal of the Korea Society of Computer and Information / v.25, no.11, 2020 , pp. 131-138 More about this Journal
Abstract
Malware is generally recognized as a computer program that penetrates another computer system and causes malicious behavior intended by the developer. In cyberspace, it is also used as a cyber weapon to attack adversary. The most important factor that a malware must have as a cyber weapon is that it must achieve its intended purpose before being detected by the other's detection system. It requires a lot of time and expertise to create a single malware to avoid the other's detection system. We propose the framework that automatically generates variant malware when a binary code type malware is input using the DCM technique. In this framework, the sample malware was automatically converted into variant malware, and it was confirmed that this variant malware was not detected in the signature-based malware detection system.
Keywords
Malware; Variant; Auto generation; DCM; Cyber weapon;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Tomasz Grysztar, "Flat Assembler Documentation and tutorials", https://flatassembler.net/docs.php
2 Riccardo Poli, William B. Langdon, Nicholas F.Mcphee, "A Field Guide to Genetic Programming, Jan. 2008, http://www.gp-field-guide.org.uk
3 Virustotal Service, https://www.virustotal.com
4 Hybrid-Analysis Service, https://www.hybrid-analysis.com
5 Sadia Noreen, Shafaq Murtaza, M.Zubair, Muddassar Farooq, "Evolvable Malware", Proceedings of the 11th Annual conference on Genetic and evolutionary computation, pp. 1569-1576, Jul. 2009, DOI:10.1145/1569901.1570111   DOI
6 Taeguen Kim, EulGyu Im, "Code reuse analysis method for detecting malicious code variants", Korea Institute of Information Security and Cryptology, Vol. 24, No 1. pp. 32-38, Feb. 2014, DOI:KIISC.2014.24.1.32
7 Sungbin park, Minsu Kim, Bongnam Noh, "Detection Method Using Common Features of Malware Variants Generated by Automated Tools", Journal of Korean institute of information technology Vol. 18 No.8, pp. 81-91, Sep .2020, DOI:10.30693/SMJ.2019.8.4.25   DOI
8 Andrea Cani, Carco Gaudesi, Ernesto Sanchez, "Towards automated malware creation:code generation and code integration", Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 157-160, March. 2014. DOI: 10.1145/2554850.2555157   DOI
9 Jusop Choi, Dongsoon Shin, Hyoungshick Kim, Jason Seotis, Jin B.Hong, "AMVG:Adative Malware Variant Generation Framework Using Machine Learning", 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing, DOI:10.1109/PRDC47002.2019.00055   DOI
10 Manuel Egele, Theodoor Scholte, Engin Kirda, Christopher Kruegel, "A Survey on Automated Dynamic Malware Analysis Techniques and Tools", ACM Computing Surveys, Vol.. 44, No. 2, pp. 1-42, Feb. 2012, DOI:10.1145/2089125.2089126   DOI
11 Ilsun You, Kangbin Yim, "Malware Obfuscation Techniques", 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, Nov. 2010, DOI:10.1109/BWCCA.2010.85   DOI