Malware Detection Via Hybrid Analysis for API Calls |
Kang, Tae-Woo
(Korea University)
Cho, Jae-Ik (Korea University) Chung, Man-Hyun (Korea University) Moon, Jong-Sub (Korea University) |
1 | 우종우, 하경휘, '시그너처 패턴기반의 악성코드 탐색도구의 개발', 한국 컴퓨터정보학회 논문지 10권 6호, December 2005 |
2 | Kimmo Kasslin, 'Kernel Malware:The Attack from Within', AVAR 2006, December 2006 |
3 | Ed Skoudis, Lenny Zeltser, 'Malware : Fighting Malicious Code', Upper saddle River, NJ, 2004 |
4 | Vinod Ganapathy, Sanjit A.Seshia, 'Automatic Discovery of API-Level Exploits', ICSE 05, 2005 |
5 | Kwak Taejin, 'Attack Native API (Looking around Native API)', Devguru, www.devguru.co.kr, 2004 |
6 | Campbell, C and Cristianini N,'Simple Learning Algorithms for Training Support Vector Machines', Technical Report, University of Bristol, 1998 |
7 | Ulrich Bayer, Andreas Moser, Christopher Kruegel, 'Dynamic analysis of Malicious code' J Comput Virol 2006, p. 67-77. May 2006 |
8 | Birdman, 'The Evolution of Windows Spyware Techniques', HIT2005, July 2005 |
9 | Roberto Battistoni, Emanuele Gabrielli, 'A Host Intrusion Prevention System for Windows Operating Systems', ESORICS 2004, p. 352-368, 2004 |
10 | Chih-Chung Chang and Chih-Jen Lin, 'LIBSVM : a library for support vector machines', 2001. Software available at www.csie.ntu.edu.tw/-cjlin/libsvm |
11 | Microsoft, 'Visual Studio, Microsoft Portable Executable and Common Object File Format Specification', www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx, 2006, Visited 2007 |
12 | C. Cortes and V.Vapnik, 'Support-Vector Networks, In Machine Learning', pp. 273-297, 1995 |
13 | 박남열, 김용민, 노봉남, '우회기법을 이용하는 악성코드 행위기반 탐지 방법', 정보보호학회 논문지 16권 3호, pp. 17-26, June 2006 과학기술학회마을 |
14 | Mark Russinovich, 'Inside Native API', www.sysinternals.com, 2004, Visited 2007 |
15 | A. Sung, J. Xu, P. Chavez, and S.Mukkamala, 'Static Analyzer for Vicious Executables(SAVE)', 20th Annual Computer Security Applications Conference, pp. 326-334, December 2004 |
16 | Bontchev, V. 'Macro Virus Identification Problems', Proceedings of the 7th international Virus, Bulletin Conference, p. 175-196, 1997 |
17 | Tomasz Nowak, 'Undocumented Functions for Microsoft Windows NT/2000', NTinternals.net, 2006, Visited 2007 |