A Study on Unknown Malware Detection using Digital Forensic Techniques
|
|
Lee, Jaeho
(Center for Information Security Technologies(CIST), Korea University)
Lee, Sangjin (Center for Information Security Technologies(CIST), Korea University) |
| 1 | Act on the promotion of information and communications network utilization and protection of information, http://www.law.go.kr/LSW/LsInfoP.do?lsiSeq=87471#0000 |
| 2 | Karen Scarfone, Tim Grance, and Kelly Masone, "Computer security incident handling guide," NIST Special Publication, Mar. 2008. |
| 3 | Patrick Kral, "The incident handlers handbook," Dec. 2011. |
| 4 | Incident analysing process of KISA, https://www.kisa.or.kr/jsp/common/down.jsp?folder=uploadfile&filename=%EC%A0%9C2010-8%ED%98%B8 -%EC%B9%A8%ED%95%B4%EC%82%AC%EA%B3%A0_%EB%B6%84%EC%84%9D_%EC%A0%88%EC%B0%A8(%EB%82%B4%EC%A7%80)%EC%B5%9C%EC%A2%85(fin).pdf |
| 5 | Incident handling process, https://isc.sans.edu/forums/diary/Cyber+Security+Awareness+Month+-+Day+18+-+What+you+should+tell+your +boss+when+there+s+a+crisis+/9760 |
| 6 | TaeGuen Kim, In-Kyoung Kim, and Eul Gyu Im, "Malware detection method via major block comparison," Journal of Security Engineering, 9(5), Oct. 2012. |
| 7 | Steven Alexander, "Finding malware on compromised windows machines," Usenix, Apr. 2005. |
| 8 | Richard Nolan, Colin O'Sullivan, Jake Branson, and Cal Waits, "First responders guide to computer forensics," dtic.mil, Mar. 2005. |
| 9 | Martin Overton, "Malware forensics: detecting the unknown," 2008 Virus Bulletin conference, Oct. 2008. |
| 10 | Kyoung-Soo Han, In-Kyoung Kim, and Eul-Gyu Im, "Malware family classification method using API sequential characteristic," Journal of Security Engineering, 8(2), pp. 319-335, Apr. 2011. |
| 11 | Igor Santos, Yoseba K. Penya, Jaime Devesa, and Pablo G. Bringas, "N-grams-based file signatures for malware detection," ICEIS (2), 2009. |
| 12 | ClemensKolbitsch, PaoloMilaniCompare tti, ChristopherKruegel, EnginKirda, Xi aoyongZhou, and XiaoFengWang, "Effect ive and efficient malware detection at the end host," The 18th USENIX Security Symposium, 2009. |
| 13 | Min-ho Kim, Minsoo Kim, and Bong-nam Noh, "The framework for malware analysis using statistical information of registry," journal of korean institute of information technology, 10(9), pp. 97-104, Sept. 2012. |
| 14 | Harlan Carvey, Windows registry forensics: advanced digital forensic analysis of the windows registry, 2011. |
| 15 | Seong-Bin Park, Min-Soo Kim, and Bong-Nam Noh, "Detection method using common features of malware variants generated by automated tools," journal of korean institute of information technology, 10(9), pp. 67-75, Sept. 2012. |
| 16 | Yong-Wook Chung and Bong-Nam Noh, "Selecting features for measuring similarity between attack toolkits and polymorphic codes," Journal of Security Engineering, 9(1), Feb. 2012. |
| 17 | Harlan Carvey, Windows forensic analysis DVD toolkit, Second Edition, 2009. |
| 18 | Joachim Metz, "MSIE Cache File (index.dat) format specification: analysis of the index.dat file format," 2009. |
| 19 | Seungwon Han and Sangjin Lee, "Packed PE file detection for malware forensics," The KIPS Transactions : Part C, 16(5) pp. 555-562, Oct. 2009. 과학기술학회마을 DOI |
| 20 | Levenshtein Distance, http://en.wikipedia.org/wiki/Levenshtein_distance |
| 21 | AhnLab's ASEC Report. vol42, http://download.ahnlab.com/asecReport/ASEC_Report_Vol.42_Kor.pdf |
| 22 | Precision and recall, http://en.wikipedia.org/wiki/Precision_and_recall |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
