• Title/Summary/Keyword: malware analysis

Search Result 262, Processing Time 0.023 seconds

A Study on Protection Model of Propagation through Smartphone Malware Analysis (스마트폰 악성코드 분석을 통한 확산 방지 모델에 관한 연구)

  • Lim, Su-Jin;Lee, Jung-Hyun;Kang, Hyung;Park, Won-Hyung;Kook, Kwang-Ho
    • Convergence Security Journal
    • /
    • v.10 no.1
    • /
    • pp.1-8
    • /
    • 2010
  • Recently, the number of internet users using smartphone is increasing worldwide, and the interest in the smartphone malware is increasing. Especially, since mobile malware are occurring to the smartphones using Symbian or Windows Mobiles in the abroad, it is necessary to have an action plan against these mal wares. This paper describes the possible security threat through the analysis of the mal wares occurred after 2004. Also we present a model for the future propagation prevention system which can cope with domestic smartphone mal wares.

Method of Signature Extraction and Selection for Ransomware Dynamic Analysis (랜섬웨어 동적 분석을 위한 시그니처 추출 및 선정 방법)

  • Lee, Gyu Bin;Oak, Jeong Yun;Im, Eul Gyu
    • KIISE Transactions on Computing Practices
    • /
    • v.24 no.2
    • /
    • pp.99-104
    • /
    • 2018
  • Recently, there are increasing damages by ransomware in the world. Ransomware is a malicious software that infects computer systems and restricts user's access to them by locking the system or encrypting user's files saved in the hard drive. Victims are forced to pay the 'ransom' to recover from the damage and regain access to their personal files. Strong countermeasure is needed due to the extremely vicious way of attack with enormous damage. Malware analysis method can be divided into two approaches: static analysis and dynamic analysis. Recent malwares are usually equipped with elaborate packing techniques which are main obstacles for static analysis of malware. Therefore, this paper suggests a dynamic analysis method to monitor activities of ransomware. The proposed method can analyze ransomwares more accurately. The suggested method is comprised of extracting signatures of benign program, malware, and ransomware, and selecting the most appropriate signatures for ransomware detection.

Analysis of Virtualization Obfuscated Executable Files and Implementation of Automatic Analysis Tool (가상화 난독화 기법이 적용된 실행 파일 분석 및 자동화 분석 도구 구현)

  • Suk, Jae Hyuk;Kim, Sunghoon;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.709-720
    • /
    • 2013
  • Virtualization obfuscation makes hard to analyze the code by applying virtualization to code section. Protected code by common used virtualization obfuscation technique has become known that it doesn't have restored point and also it is hard to analyze. However, it is abused to protect malware recently. So, It is been hard to analyze and take action for malware. Therefore, this paper's purpose is analyze and take action for protected malware by virtualization obfuscation technique through implement tool which can extract virtualization structure automatically and trace execution process. Hence, basic structure and operation process of virtualization obfuscation technique will be handled and analysis result of protected malware by virtualization obfuscation utilized Equation Reasoning System, one kind of program analysis. Also, we implement automatic analysis tool, extract virtualization structure from protected executable file by virtualization obfuscation technique and deduct program's execution sequence.

A Study on Tools for Android Malware Analysis

  • Almokhtar, Ali;Kwon, Dong-Hyun;Paek, Yun-Heung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2014.11a
    • /
    • pp.510-512
    • /
    • 2014
  • Malware Analysis tools are being main topic research for many mobile security companies, in this survey, we are trying to go through the most popular tools used to find out the malicious codes and suspected android programs through reverse engineering process. There are so many malware tools have been made and implemented and some of them are efficient enough and others are quite slow and consuming high processing, however we are going to compare briefly some of them.

API Grouping Based Flow Analysis and Frequency Analysis Technique for Android Malware Classification (안드로이드 악성코드 분류를 위한 Flow Analysis 기반의 API 그룹화 및 빈도 분석 기법)

  • Shim, Hyunseok;Park, Jungsoo;Doan, Thien-Phuc;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1235-1242
    • /
    • 2019
  • While several machine learning technique has been implemented for Android malware categorization, there is still difficulty in analyzing due to overfitting problem and including of un-executable code, etc. In this paper, we introduce our implemented tool to address these problems. Tool is consists of approximately 1,500 lines of Java code, and perform Flow analysis on set of APIs, or on control flow graph. Our tool groups all the API by its relationship and only perform analysis on actually executing code. Using our tool, we grouped 39032 APIs into 4972 groups, and 12123 groups with result of including class names. We collected 7,000 APKs from 7 families and evaluated our feature reduction technique, and we also reduced features again with selecting APIs that have frequency more than 20%. We finally reduced features to 263-numbers of feature for our collected APKs.

LSTM Android Malicious Behavior Analysis Based on Feature Weighting

  • Yang, Qing;Wang, Xiaoliang;Zheng, Jing;Ge, Wenqi;Bai, Ming;Jiang, Frank
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.6
    • /
    • pp.2188-2203
    • /
    • 2021
  • With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

GoAsap: A Proposal for a Golang New Version Detection and Analysis System from a Static Analysis Perspective (GoAsap: 정적분석 관점에서 바라보는 Golang 신버전 탐지·분석시스템 제안)

  • Hyeongmin Kang;Yoojae Won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.707-724
    • /
    • 2024
  • Recently, Golang has been gaining attention in programming language rankings each year due to its cross-compilation capabilities and high code productivity. However, malware developers have also been increasingly using it to distribute malware such as ransomware and backdoors. Interestingly, Golang, being an open-source language, frequently changes the important values and configuration order of a crucial structure called Pclntab, which includes essential values for recovering deleted symbols whenever a new version is released. While frequent structural changes may not be an issue from a developer's perspective aiming for better code readability and productivity, it poses challenges in cybersecurity, as new versions with modified structures can be exploited in malware development. Therefore, this paper proposes GoAsap, a detection and analysis system for Golang executables targeting the new versions, and validates the performance of the proposed system by comparing and evaluating it against six existing binary analysis tools.

PE Header Characteristics Analysis Technique for Malware Detection (악성프로그램 탐지를 위한 PE헤더 특성 분석 기술)

  • Choi, Yang-Seo;Kim, Ik-Kyun;Oh, Jin-Tae;Ryu, Jae-Cheol
    • Convergence Security Journal
    • /
    • v.8 no.2
    • /
    • pp.63-70
    • /
    • 2008
  • In order not to make the malwares be easily analyzed, the hackers apply various anti-reversing and obfuscation techniques to the malwares. However, as the more anti-revering techniques are applied to the malwares the more abnormal characteristics in the PE file's header which are not shown in the normal PE file, could be observed. In this letter, a new malware detection technique is proposed based on this observation. For the malware detection, we define the Characteristics Vector(CV) which can represent the characteristics of a PE file's header. In the learning phase, we calculate the average CV(ACV) of malwares(ACVM) and normal files(ACVN). To detect the malwares we calculate the 2 Weighted Euclidean Distances(WEDs) from a file's CV to ACVs and they are used to decide whether the file is a malware or not. The proposed technique is very fast and detection rate is fairly high, so it could be applied to the network based attack detection and prevention devices. Moreover, this technique is could be used to detect the unknown malwares because it does not utilize a signature but the malware's characteristics.

  • PDF

CNN-Based Malware Detection Using Opcode Frequency-Based Image (Opcode 빈도수 기반 악성코드 이미지를 활용한 CNN 기반 악성코드 탐지 기법)

  • Ko, Seok Min;Yang, JaeHyeok;Choi, WonJun;Kim, TaeGuen
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.933-943
    • /
    • 2022
  • As the Internet develops and the utilization rate of computers increases, the threats posed by malware keep increasing. This leads to the demand for a system to automatically analyzes a large amount of malware. In this paper, an automatic malware analysis technique using a deep learning algorithm is introduced. Our proposed method uses CNN (Convolutional Neural Network) to analyze the malicious features represented as images. To reflect semantic information of malware for detection, our method uses the opcode frequency data of binary for image generation, rather than using bytes of binary. As a result of the experiments using the datasets consisting of 20,000 samples, it was found that the proposed method can detect malicious codes with 91% accuracy.

Design Method of Things Malware Detection System(TMDS) (소규모 네트워크의 IoT 보안을 위한 저비용 악성코드 탐지 시스템 설계 방안 연구)

  • Sangyoon Shin;Dahee Lee;Sangjin Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.3
    • /
    • pp.459-469
    • /
    • 2023
  • The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.