Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.2.377

Efficient Exploring Multiple Execution Path for Dynamic Malware Analysis  

Hwang, Ho (Korea University of Science and Technology(UST))
Moon, Daesung (Korea University of Science and Technology(UST))
Kim, Ikkun (Electronics and Communications Research Institute(ETRI) Network Security Research Team)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.2, 2016 , pp. 377-386 More about this Journal
Abstract
As the number of malware has been increased, it is necessary to analyze malware rapidly against cyber attack. Additionally, Dynamic malware analysis has been widely studied to overcome the limitation of static analysis such as packing and obfuscation, but still has a problem of exploring multiple execution path. Previous works for exploring multiple execution path have several problems that it requires much time to analyze and resource for preparing analysis environment. In this paper, we proposed efficient exploring approach for multiple execution path in a single analysis environment by pipelining processes and showed the improvement of speed by 29% in 2-core and 70% in 4-core through experiment.
Keywords
Malware; Dynamic Malware Analysis; Multiple Execution;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 E. Skoudis, L. Zeltser, Malware: fighting malicious code, Prentice Hall, Nov. 2003
2 ASEC, "Asec report", vol. 70, Oct. 2015
3 Boo-Joong Kang, Kyoung-Soo Han, Eul-Gyu Im, "Malicious code trends and detection technologies," communication of the korea I SCIENCE SOCIETY, 30(1), pp. 44-53, Jan. 2012
4 NSHC, "3.20 South korea cyber attack, red alert research report", Mar. 2013
5 R. Lyda and J. Hamrock, "Using entropy analysis to find encrypted and packed malware," IEEE Security & Privacy, vol. 5, no. 2, pp. 40-45, Apr. 2007
6 C. Willems,T Holz & F. Freiling, "Toward automated dynamic malware analysis using cwsandbox," IEEE Symposium on Security & Privacy, vol. 5, no.2, pp 32-39, Mar. 2007
7 K. Rieck, T. Holz, C. Willems, P. Düssel & P. Laskov, "Learning and classification of malware behavior", In Detection of Intrusions and Malware and Vulnerability Assessment, pp. 108-125, Jul. 2008
8 D. Kirat, G Vigna and C Kruegel."Barecloud: bare-metal analysis-based evasive malware detection", In Proceedings of the 23rd USENIX Security Symposium, pp. 287-301, Aug. 2014
9 M. Lindorfer, C Kolbitsch and P.M. Comparetti. "Detecting environment-sensitive malware," In Recent Advances in Intrusion Detection, pp. 338-357, Sep. 2011
10 A. Moser, C. Kruegel and E Kirda, "Exploring multiple execution paths for malware analysis", In Security and Privacy IEEE Symposium, pp. 231-245, May. 2007.
11 F. Peng, Z. Deng, X. Zhang, D. Xu, Z. Lin, Z and Z. Su, "X-force: Force-executing binary programs for security applications", In Proceedings of the 2014 USENIX Security Symposium, pp.829-844, Aug. 2014
12 Byeong-ho Kang, Eul-Gyu Im. "Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution," Journal of THe Korea Institute of information Secuirty & Cryptology, 24(3), pp. 437-444, Jun. 2014   DOI
13 Z. Xu, J. Zhang, G. Gu and Z. Lin "Goldeneye: efficiently and effectively unveiling malware's targeted environment" In Research in Attacks, Intrusions and Defenses , LNCS 8688, pp. 22-45, Sep. 2014
14 D. Geer, Chip makers turn to multicore processors. Computer, vo. 38, no. 5, pp. 11-13. May. 2005   DOI
15 Sudeep Singh, "Breaking the Sandbox", Sep. 2014.
16 R. Pechoux and T. D. Tam, "A Categorical Treatment of Malicious Behavioral Obfuscation," In Theory and Applications of Models of Computation, LNCS 8402, pp. 280-299, Apr. 2014
17 D. Brumley,C. Hartwig,Z. Liang,J. Newsome,D. Song and H. Yin. "Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis," Technical Report CMU-CS-07-105, Carnegie Mellon University School of Computer Science, Jan. 2007