Malicious Code Neutralizing Method Using Image Format Transforming Based on Nonlinear Transfer Function (비선형 전달함수 기반의 이미지 포맷 변환을 이용한 악성코드 무력화 기법)

Dong-Seob Jung (정동섭); Lee Sang Joon (이상준)

doi:10.34163/jkits.2019.14.3.001

Malicious Code Neutralizing Method Using Image Format Transforming Based on Nonlinear Transfer Function

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2019, 14(3), pp.211-219
DOI : 10.34163/jkits.2019.14.3.001
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Received : March 15, 2019
Accepted : June 7, 2019
Published : June 30, 2019

Dong-Seob Jung ¹, Lee Sang Joon ²

¹㈜휴네시온
²전남대학교

Accredited

ABSTRACT

Various bypass techniques have been developed to hide malicious code in image files among non-executable files. It is difficult to detect by reputation or signature-based antivirus methods when unknown malware is hidden. In this paper, we proposed a neutralizing method of hidden malicious code to analyze the structure of the original image file format and disable the malicious code through image data area conversion even if there is no prior information about the signatures or characteristics of malicious codes. The proposed method consists of image file extraction phase, file format analysis phase, file transformation phase, and management phase of transformation image file. In the image file transformation phase, header information transformation, specific string filtering transformation for additional information, and image pixel data transformation using nonlinear transfer function are performed. In order to prove the effectiveness of the proposed method, 10 malicious code - hidden image files among 48,220 of the latest malicious code (paid API) purchased from Virus Total Company were used in the experiment. After the file extraction phase, the format analysis phase, and the image file conversion phase for the neutralizing method, the experimental results show that the virus detection amount is reduced quantitatively and thus the effectiveness of the proposed method is verified. In addition, by using the non-linear transfer function, the converted image file was able to neutralize the malicious code while maintaining the same quality as the original image, which could not be distinguished by the naked eye.

KEYWORDS

Neutralization, Malicious code images, Steganography, Antivirus, Image transform

Citation status

* References for papers published after 2023 are currently being built.

[web] / 2019 / Malware statistics / https://www.av-test.org/en/statistics/malware/html

[other] Financial services commission / 2013 / Financial information network separation guide / Financial supervisory service

[confproc] S. Shah / 2015 / Stegosploit: Hacking with pictures / Hack In The Box Security Conference

[confproc] D. S. Jung / 2016 / A study on the correspondence malicious traffic between the network data transfer systems in a network isolation environment / Winter Proceedings of Journal of Communications and Networks : 1152~1153

[confproc] I. H. Park / 2009 / A study on concealing malicious code using a image file : method and countermeasure / Proceedings of the Institute of Electronics Engineers of Korea : 235~236

[journal] 금영준 / 2012 / Hiding Shellcode in the 24Bit BMP Image / 정보보호학회논문지 / 한국정보보호학회 22(3) : 691~705

[journal] K. Cabaj / 2018 / The new threats of information hiding : the road ahead / IT Professional 20(3) : 31~39

[journal] G. suarez-Tangil / 2014 / Stegomalware: playing hide and seek with malicious components in smartphone Apps / Lecture Notes in Computer Science 8957 : 496~515

[journal] S. D. Cha / 1996 / A solution to the On-Line image downgrading problem / Journal of The Korea Institute of Information Security and Cryptology 6(2) : 23~32

[journal] 지선수 / 2009 / Locating and Searching Hidden Messages in Stego-Images / 한국산업정보학회논문지 / 한국산업정보학회 14(3) : 37~43

[journal] 이재훈 / 2018 / Image Steganography and Its Discrimination / 방송공학회 논문지 / 한국방송∙미디어공학회 23(4) : 462~473

[confproc] J. E. Wingate / 2007 / Defending against insider use of digital steganography / Proceedings of the Conference on Digital Forensics, Security and Law : 175~184

[journal] C. T. Do / 2017 / Game theory for cyber security and privacy / ACM Computing Surveys 50(20) : 1~37

[confproc] S. R. Wiseman / 2018 / Poison Pixels - combatting image steganography in cybercrime / RSA Conference 2018, HTA-W02

[web] / 2019 / VirusTotal / https://en.wikipedia.org/wiki/VirusTotal

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

Malicious Code Neutralizing Method Using Image Format Transforming Based on Nonlinear Transfer Function

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

Malicious Code Neutralizing Method Using Image Format Transforming Based on Nonlinear Transfer Function

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.