Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.721

A Tool for Signature-Based Identification of Safe Open-Source Functions Toward Efficient Malware Analysis  

Lee, Seoksu (Chungnam National University)
Yang, Jonghwan (Chungnam National University)
Jung, Woosik (Chungnam National University)
Kim, Yeongcheol (Chungnam National University)
Cho, Eun-Sun (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 721-729 More about this Journal
Abstract
In order to take rapid action against malware, efficiency in malware analysis is essential. For instance, it would be helpful to identify and eliminate open-source function bodies or other safe portions out of the target binary codes. In this paper, we propose an tool to create open source dynamic link library files in Windows environment, extract signature information by opensource and compiler version, and compare open source function information to find suspicious function. In addition, the tool can save the information used in the comparison to the DB and use it later, reducing the analysis time overhead.
Keywords
Open Source; Signature-based Analysis; Opensource Safety Identification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Xin Hu, Tzi-cker Chiudo, Kang G. Shin, "Large-Scale Malware Indexing Using Function-Call Graphs", ACM CCS 2009
2 Bindiff, https://www.zynamics.com/bindiff.html
3 IDA,https://www.hex-rays.com/products/ida
4 OpenSSL, https://www.openssl.org/
5 IDA F.L.I.R.T. Technology: In-Depth https://www.hex-rays.com/products/ida/tech/FLIRT/in_depth.shtml
6 Zlib, http://www.zlib.net/
7 Crypto++, https://www.cryptopp.com/
8 Zlib, https://ko.wikipedia.org/wiki/Zlib
9 Woo Hyun Ahn, Hyungsu Kim. "Attacking OpenSSL Shared Library Using Code Injection". Journal of KIISE : Computer System and Theory. 37(4), pp. 226-238, Aug. 2010
10 JeongHyeok Park, YongSuk Choi, JongMoo Choi, "Software Similarity Analysis via Stack Usage Pattern". Journal of KIISE : Computing Practices and Letters, 20(6), pp. 349-353, June. 2014
11 HyeyuKwon, "Strengthen the security of applications by using the open source security framework", Proc. of the KIISE Korea Computer Congress, pp. 1104-1106 June. 2016
12 Yeongcheol Kim, Eun-Sun Cho, "Similarity Analysis on Different Versions of Same Functions", Proc. of the KIISE Korea Computer Congress, pp. 760-762, Dec. 2016
13 Yongsuk Choi, Jongmoo Choi, "Binary based Software Similarity Analysis Tool". KIISE : Communioations of the Korean Institute of Information Scientistes and Engineers. 34(1), pp. 37-44, Jan. 2016
14 IDA api, https://www.hex-rays.com/products/ida/support/idapython_docs/
15 MongoDB, https://www.mongodb.com/