Search | Korea Science

Jung, Hyun-Mi;Son, Seung-Wan;Kim, Kwang-Seok;Lee, Gang-Soo
- Journal of Digital Convergence
- /
- v.11 no.12
- /
- pp.381-386
- /
- 2013
As the new variation malicious codes of android platform are drastically increasing, the preparation plan and response is needed. We proposed a high-interaction client honeypot that applied to the android platform. We designed flow for the system. Application plan and the function was analyze. Each detail module was optimized in the Android platform. The system is equipped with the advantage of the high-interaction client honeypot of PC environment. Because the management and storage server was separated it is more flexible and expanded.
https://doi.org/10.14400/JDPM.2013.11.12.381 인용 PDF

Ko, Jong-Bin;Lee, Sang-Ha;Shon, Tae-Shik
- Journal of Advanced Navigation Technology
- /
- v.17 no.5
- /
- pp.545-551
- /
- 2013
Packed technique makes difficult to respond quickly because the malicious-code is reduced size that easy to diffusion and changed code that make spend longer time for analysis. In this paper, we analysed the packing tool softwares and we proposed construction and detection methods of the packed technique for easy to analysis of the packed malicious code based on variation of entropy value.
https://doi.org/10.12673/jkoni.2013.17.5.545 인용 PDF KSCI

Lee, Young-Hoon;Chung, Man-Hyun;Jeong, Hyun-Cheol;Shon, Tae-Shik;Moon, Jong-Su
- Journal of the Korea Institute of Information Security & Cryptology
- /
- v.22 no.2
- /
- pp.179-188
- /
- 2012
Packing techniques, one of malicious code detection and analysis avoidance techniques, change code to reduce size and make analysts confused. Therefore, malwares have more time to spread out and it takes longer time to analyze them. Thus, these kind of unpacking techniques have been studied to deal with packed malicious code lately. Packed programs are unpacked during execution. When it is unpacked, the data inside of the packed program are changed. Because of these changes, the entropy value of packed program is changed. After unpacking, there will be no data changes; thus, the entropy value is not changed anymore. Therefore, packed programs could be unpacked finding the unpacking point using this characteristic regardless of packing algorithms. This paper suggests the generic unpacking mechanism using the method estimating the unpacking point through the variation of entropy values.
https://doi.org/10.13089/JKIISC.2012.22.2.179 인용 PDF KSCI HTML