Browse > Article

Detection Of Unknown Malicious Scripts using Code Insertion Technique  

이성욱 (아주대학교 컴퓨터공학과)
방효찬 (한국전자통신연구원 능동보안기술연구원)
홍만표 (아주대학교 정보및컴퓨터공학부)
Publication Information
Journal of KIISE:Information Networking / v.29, no.6, 2002 , pp. 663-673 More about this Journal
Abstract
Server-side anti-viruses are useful to protect their domains, because they can detect malicious codes at the gateway of their domains. In prevailing local network, all clients cannot be perfectly controlled by domain administrators, so server-side inspection, for example in e-mail server, is used as an efficient technique of detecting mobile malicious codes. However, current server-side anti-virus systems perform only signature-based detection for known malicious codes, simple filtering, and file name modification. One of the main reasons that they don't have detection features, for unknown malicious codes, is that activity monitoring technique is unavailable for server machines. In this paper, we propose a detection technique that is executed at the server, but it can monitor activities at the clients without any anti-virus features. we describe its implementation.
Keywords
computer virus; malicious code; script; code transformation; rule;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Vesselin Bontchev, 'Macro Virus Identification Problems,' 7th International Virus Bulletin Conference, 1997
2 Eugene H. Spafford, 'Computer Viruses as Artificial Life,' Journal of Artificial Life, MIT Press, 1994
3 배병우, 이성욱, 조은선, 홍만표, '정적 분석 기법을 이용한 악성 스크립트 탐지', 2001년 한국정보보호학회 종합학술발표회 논문집, Vol. 11, No.1, pp.91-95, 2001. 11   과학기술학회마을
4 차민석, '악성 스크립트의 종류와 역사', 안철수연구소, 2002
5 Frederick B. Cohen, 'Computer Viruses: Theory and Experiments,' Computers and Security 6, 1987, pp.22-35   DOI   ScienceOn
6 Frederick B. Cohen, 'A Short Course on Computer Viruses,' John Wiley & Sons, Inc, 1994
7 David M. Chess, Steve R. White, 'Undetectable Computer Viruses,' Virus Bulletin Conference, 2000. 9
8 Mark Kennedy, 'Script- Based Mobile Threats,' Symantec AntiVirus Research Center, 2000. 6
9 Baudouin Le Charlier, Morton Swimmer, Abdelaziz Mounji, 'Dynamic detection and classification of computer viruses using general behaviour patterns,' Fifth International Virus Bulletin Conference, Boston, September 20-22, 1995
10 Francisco Fernandez, 'Heuristic Engines,' 11th International Virus Bulletin Conference, 2001. 9
11 Microsoft, VBScript User's Guide, http://msdn.microsoft.com, Microsoft, 2001
12 Gabor Szappanos, 'VBA Emulator Engine Design,' Virus Bulletin Conference, 2001. 9
13 David Evans, Andrew Twyman, 'Flexible Policy-Directed Code Safely,' IEEE Security and Privacy, Oakland, CA, May 9-12, 1999   DOI