• Title/Summary/Keyword: anti-VM

Search Result 21, Processing Time 0.024 seconds

Analysis of Anti-Reversing Functionalities of VMProtect and Bypass Method Using Pin (VMProtect의 역공학 방해 기능 분석 및 Pin을 이용한 우회 방안)

  • Park, Seongwoo;Park, Yongsu
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.10 no.11
    • /
    • pp.297-304
    • /
    • 2021
  • Commercial obfuscation tools (protectors) aim to create difficulties in analyzing the operation process of software by applying obfuscation techniques and Anti-reversing techniques that delay and interrupt the analysis of programs in software reverse engineering process. In particular, in case of virtualization detection and anti-debugging functions, the analysis tool exits the normal execution flow and terminates the program. In this paper, we analyze Anti-reversing techniques of executables with Debugger Detection and Viralization Tools Detection options through VMProtect 3.5.0, one of the commercial obfuscation tools (protector), and address bypass methods using Pin. In addition, we predicted the location of the applied obfuscation technique by finding out a specific program termination routine through API analysis since there is a problem that the program is terminated by the Anti-VM technology and the Anti-DBI technology and drew up the algorithm flowchart for bypassing the Anti-reversing techniques. Considering compatibility problems and changes in techniques from differences in versions of the software used in experiment, it was confirmed that the bypass was successful by writing the pin automation bypass code in the latest version of the software (VMProtect, Windows, Pin) and conducting the experiment. By improving the proposed analysis method, it is possible to analyze the Anti-reversing method of the obfuscation tool for which the method is not presented so far and find a bypass method.

A Study on Automatic Classification Technique of Malware Packing Type (악성코드 패킹유형 자동분류 기술 연구)

  • Kim, Su-jeong;Ha, Ji-hee;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.5
    • /
    • pp.1119-1127
    • /
    • 2018
  • Most of the cyber attacks are caused by malicious codes. The damage caused by cyber attacks are gradually expanded to IoT and CPS, which is not limited to cyberspace but a serious threat to real life. Accordingly, various malicious code analysis techniques have been appeared. Dynamic analysis have been widely used to easily identify the resulting malicious behavior, but are struggling with an increase in Anti-VM malware that is not working in VM environment detection. On the other hand, static analysis has difficulties in analysis due to various packing techniques. In this paper, we proposed malware classification techniques regardless of known packers or unknown packers through the proposed model. To do this, we designed a model of supervised learning and unsupervised learning for the features that can be used in the PE structure, and conducted the results verification through 98,000 samples. It is expected that accurate analysis will be possible through customized analysis technology for each class.

Biological Activity of Viola mandshurica Fermented with Bacillus methylotrophicus CBMB205 and Leuconostoc pseudomesenteroides NRIC1777 (미생물 분리주를 이용한 제비꽃 발효액의 생리활성 변화)

  • Lee, Ji-Young;Oh, Su-Bin;Choi, Nack-Shick;Park, Yong-Woon;Kang, Dae-Ook
    • Journal of Life Science
    • /
    • v.29 no.2
    • /
    • pp.239-247
    • /
    • 2019
  • The aim of this study was to improve the efficacy and functionality of Viola mandshurica (VM). A water suspension of VM power was fermented for 72 hr with Bacillus methylotrophicus CBMB205 (BM) and Leuconostoc pseudomesenteroides NRIC1777 (LP) isolated from kimchi. The antioxidant activity and reducing power of fermented VM, its total phenolic and flavonoid compounds, as well its inhibitory activity on ${\alpha}$-amylase, ${\alpha}$-glucosidase, and pancreatic lipase were determined and compared to those of non-fermented VM (NVM), a negative control. The total phenolic and flavonoid compounds of VM fermented with BM and LP were higher than those of NVM by 1.4, 1.17, and about 3 times. There was no difference in 2, 2'-diphenyl-1-picryl hydrazyl (DPPH) radical scavenging activity between fermented VM and NVM. However, there was a 2.1- and 1.6-fold increase in 2, 2'-azino-bis-(3-ethylbenzothzoline-6-sulfonic acid) (ABTS) radical scavenging activity in VM fermented with BM and LP, respectively. The reducing power of BM was 1.6 times as high as NVM, but no significant difference was found between LP and NVM. Fermented VM's inhibitory activity on ${\alpha}$-amylase, ${\alpha}$-glucosidase, and pancreatic lipase was much higher than that of NVM. Fermenting VM with BM was superior to fermenting it with LP, except flavonoid content. Taken together, VM fermented with BM could be used as a functional food and as an additive to cosmetics.

A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique (정적 분석 기반 기계학습 기법을 활용한 악성코드 식별 시스템 연구)

  • Kim, Su-jeong;Ha, Ji-hee;Oh, Soo-hyun;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.775-784
    • /
    • 2019
  • Malware infringement attacks are continuously increasing in various environments such as mobile, IOT, windows and mac due to the emergence of new and variant malware, and signature-based countermeasures have limitations in detection of malware. In addition, analytical performance is deteriorating due to obfuscation, packing, and anti-VM technique. In this paper, we propose a system that can detect malware based on machine learning by using similarity hashing-based pattern detection technique and static analysis after file classification according to packing. This enables more efficient detection because it utilizes both pattern-based detection, which is well-known malware detection, and machine learning-based detection technology, which is advantageous for detecting new and variant malware. The results of this study were obtained by detecting accuracy of 95.79% or more for benign sample files and malware sample files provided by the AI-based malware detection track of the Information Security R&D Data Challenge 2018 competition. In the future, it is expected that it will be possible to build a system that improves detection performance by applying a feature vector and a detection method to the characteristics of a packed file.

Analgesic and anti-inflammatory activity of a polyherbal formulation (PHFAROGH)

  • Mohan, M;Gulecha, VS;Aurangabadkar, VM;Balaraman, R;Austin, A;Thirugnanasampathan, S
    • Advances in Traditional Medicine
    • /
    • v.9 no.3
    • /
    • pp.232-237
    • /
    • 2009
  • The effect of arogh, a polyherbal formulation-PHF [each 3 g powder contained Nelumbo nucifera G. (0.24 g), Hemidesmus indicus R. (0.24 g), Zingiber officinale R. (0.24 g), Terminalia chebula R. (0.24 g), Quercus infectoria O. (0.12 g), Hibiscus rosa-sinensis L. (0.24 g), Rosa damascene M.(0.24 g), Eclipta alba H.(0.24 g), Glycyrrhiza glabra L. (0.24 g)] was investigated in various experimental models of pain and inflammation. Analgesic activity of PHF was studied in mice using acetic acid induced writhing, tail immersion and hot plate methods. Anti-inflammatory activity of PHF was studied in rats using carrageenan induced hind paw edema and formalin induced rat paw edema methods. PHF significantly (P < 0.05) reduced the number of writhings, increased latency to flick tail in tail immersion method and elevated the mean basal reaction time in hot plate method. PHF significantly (P < 0.05) inhibited carrageenan induced hind paw edema and formalin induced rat paw edema. The PHF was tested at dose of 30, 100, 300 and 500 mg/kg.

Taint Analysis based Malicious Code Detection Approach (Taint Analysis 기반 악성코드 탐지 방안)

  • Lee, Tai-Jin;Oh, Joo-Hyung;Jung, Hyun-Cheol
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2011.06d
    • /
    • pp.109-110
    • /
    • 2011
  • 악성코드는 루트킷, Anti-VM/디버깅, 실행압축 등 기술사용으로 점차 지능화된 형태로 발전하고 있다. 이에 대응하기 위해, user 및 kernel level에서의 다양한 행위 기반 분석기술이 연구되고 있으나, 이를 회피하는 악성코드가 지속적으로 출현하고 있다. 본 논문에서는 Taint Analysis 기반 악성코드 탐지방안을 제시한다. 본 대응기술은 공격자에 의해 회피하기 어렵고, 의심스러운 데이터 유형별 선별적 분석이 가능하여 행위 기반 대응기술의 한계를 보완할 수 있다.

Automatic Binary Execution Environment based on Real-machines for Intelligent Malware Analysis (지능형 악성코드 분석을 위한 리얼머신 기반의 바이너리 자동실행 환경)

  • Cho, Homook;Yoon, KwanSik;Choi, Sangyong;Kim, Yong-Min
    • KIISE Transactions on Computing Practices
    • /
    • v.22 no.3
    • /
    • pp.139-144
    • /
    • 2016
  • There exist many threats in cyber space, however current anti-virus software and other existing solutions do not effectively respond to malware that has become more complex and sophisticated. It was shown experimentally that it is possible for the proposed approach to provide an automatic execution environment for the detection of malicious behavior of active malware, comparing the virtual-machine environment with the real-machine environment based on user interaction. Moreover, the results show that it is possible to provide a dynamic analysis environment in order to analyze the intelligent malware effectively, through the comparison of malicious behavior activity in an automatic binary execution environment based on real-machines and the malicious behavior activity in a virtual-machine environment.

An Anti-Overload Model for OpenStack Based on an Effective Dynamic Migration

  • Ammar, Al-moalmi;Luo, Juan;Tang, Zhuo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.9
    • /
    • pp.4165-4187
    • /
    • 2016
  • As an emerging technology, cloud computing is a revolution in information technology that attracts significant attention from both public and private sectors. In this paper, we proposed a dynamic approach for live migration to obviate overloaded machines. This approach is applied on OpenStack, which rapidly grows in an open source cloud computing platform. We conducted a cost-aware dynamic live migration for virtual machines (VMs) at an appropriate time to obviate the violation of service level agreement (SLA) before it happens. We conducted a preemptive migration to offload physical machine (PM) before the overload situation depending on the predictive method. We have carried out a distributed model, a predictive method, and a dynamic threshold policy, which are efficient for the scalable environment as cloud computing. Experimental results have indicated that our model succeeded in avoiding the overload at a suitable time. The simulation results from our solution remarked the very efficient reduction of VM migrations and SLA violation, which could help cloud providers to deliver a good quality of service (QoS).

ILLEGITIMATE RECOMBINATION MEDIATED BY MAMMALIAN DNA TOPOISOMERASE II

  • BAE YOUNG-SEUK;IKEDA HIDEO
    • Proceedings of the Microbiological Society of Korea Conference
    • /
    • 1991.04a
    • /
    • pp.82-96
    • /
    • 1991
  • To understand the mechanism of illegitimate recombination in mammalian cells, we have examined the recombination role of DNA topoisomerase II (Topo II ). We found that purified calf thymus Topo II mediates recombination between two phage $\lambda$ DNA molecules in an in vitro system. The enzyme mainly produced a linear monomer recombinant DNA that can be packaged in vitro. Novobiocin and anti-calf thymus Topo II antibody inhibit this ATP-dependent recombination. The recombinant molecules contain duplications or deletion, and most crossovers take place between nonhomologous sequences of $\lambda$ DNA, as judged by the sequences of recombination junctions. In order to study the effects of Topo II on illegitimate recombination in mammalian cells, we have developed a new shuttle vector, pNKl, which contains three bacterial genes, amp(APR), galK and neo($Km^R$). Using this system, we have shown that a Topo II inhibitor, VM26, stimulated deletion formation in pNK1 DNA in monkey COS1 cells. Both in vitro and in vivo results suggest that Topo II participates in illegitimate recombination in mammalian cells.

  • PDF

Comparison of Discharge UV Intensity Due to AR Coating of Optic Lens on Polymer Insulator (광학렌즈 AR 코팅에 따른 폴리머애자에서의 방전 자외선 강도 비교)

  • Kim, Young-Seok;Shong, Kil-Mok;Bang, Sun-Bae;Kim, Chong-Min;Choi, Myeong-Il
    • Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
    • /
    • v.26 no.4
    • /
    • pp.35-40
    • /
    • 2012
  • In this study, the ultraviolet (UV) intensity of polymer insulator was measured using the Anti-Reflective (AR) coating lens on the occurrence of corona discharge. The UV intensity was compared before and after the AR coating. Under the 200-260[nm] of UV lens, the reflection rate before AR coating was 7.5~5.5[%] with 85-89[%] of transmission rate. After AR coating, however, the reflection rate decreased to 1.3~1.22[%] with improved transmission (97.4~97.6[%]). Then, the UV intensity by distance was measured in the polymer insulator. According to the measurement, the UV intensity increased 6.5 times at 37.5[%] of Vm/Vbd with 5[m] of distance. As distance increased, the growth rate declined. As high voltage increased, in addition, AR coating was less effective due to the count error caused by the UV sensor pulse signal overlap. Therefore, it appears that it would be more effective to detect corona discharge with 5[m] or less of distance at diagnosis of power facilities by AR coating and UV sensor sensitivity.