A Novel Process Design for Analyzing Malicious Codes That Bypass Analysis Techniques (분석기법을 우회하는 악성코드를 분석하기 위한 프로세스 설계)

Kyungroul Lee (이경률); Lee,Sun-Young (이선영); Kang-bin Yim (임강빈)

doi:10.22693/NIAIP.2017.24.4.068

A Novel Process Design for Analyzing Malicious Codes That Bypass Analysis Techniques

Informatization Policy
Abbr : 정보화정책
2017, 24(4), pp.68~78
DOI : 10.22693/NIAIP.2017.24.4.068
Publisher : NIA
Research Area : Social Science > Public Policy
Received : November 9, 2017
Accepted : December 8, 2017

Kyungroul Lee ¹, Lee,Sun-Young ¹, Kang-bin Yim ¹

¹순천향대학교

Accredited

ABSTRACT

Malicious codes are currently becoming more complex and diversified, causing various problems spanning from simple information exposure to financial or psychologically critical damages. Even though many researches have studied using reverse engineering to detect these malicious codes, malicious code developers also utilize bypassing techniques against the code analysis to cause obscurity in code understanding. Furthermore, rootkit techniques are evolving to utilize such bypassing techniques, making it even more difficult to detect infection. Therefore, in this paper, we design the analysis process as a more agile countermeasure to malicious codes that bypass analysis techniques. The proposed analysis process is expected to be able to detect these malicious codes more efficiently.

KEYWORDS

reverse engineering, analysis process, malicious code, self-protection technique, packing technique

Citation status

* References for papers published after 2023 are currently being built.

[report] 국가보안기술연구소 / 2005 / 코드 난독화를 이용한 악성코드 분석 기법에 관한 연구 / 국가보안기술연구소

[journal] 김정일 / 2011 / A strategy for effectively applying a control flow obfuscation to programs / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 16(6) : 41~50

[journal] 김지연 / 2009 / A study of Modeling and Simulation for Analyzing DDoS Attack Damage Scale and Defence Mechanism Expense / 한국시뮬레이션학회 논문지 / 한국시뮬레이션학회 18(4) : 39~47

[journal] 석재혁 / 2013 / Analysis of Virtualization Obfuscated Executable Files and Implementation of Automatic Analysis Tool / 정보보호학회논문지 / 한국정보보호학회 23(4) : 709~720

[web] 안철수연구소 / 2010 / 해커스 드림 2010 / http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?cmd=print&seq=17027&menu_dist=1

[web] 안철수연구소 / 2017 / 월간보안보고서 / http://www.ahnlab.com/kr/site/securityinfo/asec/asecReportView.do?groupCode=VNI001

[journal] 이경률 / 2012 / A New Analysis Method for Packed Malicious Codes / 한국항행학회논문지 / 한국항행학회 16(3) : 488~494

[journal] 이경률 / 2017 / Analysis and Classification of Security Threats based on the Internet Banking Service / 정보화정책 / 한국정보화진흥원 24(2) : 20~42

[journal] 이동휘 / 2005 / A Study about Early Detection Techniques of Cyber Threats Based Honey-Net / 융합보안 논문지 / 한국융합보안학회 5(4) : 67~72

[journal] 이승원 / 2010 / 리버싱 관점에서 애플리케이션의 기능추가 방법 : DLL Loading by PE Patch / 마이크로소프트웨어 319 : 204~211

[journal] 이승원 / 2010 / 리버싱 관점에서 애플리케이션의 기능 추가방법, 2 : Inline Code Patch / 마이크로소프트웨어 320 : 200~205

[journal] 이승원 / 2010 / 리버싱 관점에서 애플리케이션의 기능 추가방법, 3 : DLL Injection / 마이크로소프트웨어 321 : 200~207

[journal] 이재휘 / 2017 / A Study on API Wrapping in Themida and Unpacking Technique / 정보보호학회논문지 / 한국정보보호학회 27(1) : 67~77

[journal] 이찬희 / 2013 / A Method to Protect Android Applications against Reverse Engineering / 보안공학연구논문지 / 보안공학연구지원센터 10(1) : 41~50

[journal] 이태현 / 2016 / The Analysis of Information Security Awareness Using A Text Mining Approach / 정보화정책 / 한국정보화진흥원 23(4) : 76~94

[journal] Yuxue Piao / 2013 / Structural and Functional Analyses of ProGuard Obfuscation Tool / 한국통신학회논문지B / 한국통신학회 38(8) : 654~662

[report] 한국인터넷진흥원 / 2009 / 악성코드 유형에 따른 자동화분석 방법론 연구 / 한국인터넷진흥원

[report] 한국인터넷진흥원 / 2010 / 분석기법 우회 악성코드 분석방법연구 / 한국인터넷진흥원

[journal] 홍수화 / 2016 / The design and implementation of pin plugin tool to bypass anti-debugging techniques / 인터넷정보학회논문지 / 한국인터넷정보학회 17(5) : 33~42

[confproc] Bayer, U. / 2009 / A View on Current Malware Behaviors / Usenix Workshop on Large-scale Exploits and Emergent Threats(LEET)

[web] Balakrishnan, A. / 2005 / Code Obfuscation Literature Survey / http://pages.cs.wisc.edu/~arinib/writeup.pdf

[web] CodeEngn / 2017 / CodeEngn Conference / http://www.codeengn.com

[confproc] Gregio, A. R. A. / 2011 / Behavioral analysis of malicious code through network traffic and system call monitoring / Proceedings of the SPIE

[book] Hoglund, G. / 2005 / Rootkits : Subverting the Windows Kernel / Addison-Wesley Professional

[journal] Kim, S. / 2012 / A Brief Survey on Rootkit Techniques in Malicious Codes / The journal of Internet Services and Information Security 2(3/4) : 134~147

[confproc] Lee, K. / 2010 / A Hint to the Analysis of the Packed Malicious Codes / Proceedings of the WISA

[book] Russinovich, M. / 2009 / Windows Internals / Microsoft

[journal] Woei-Jiunn T. / 2009 / A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation / The journal of Lecture notes in computer science 5574 : 202~213

[web] Yason, M. / 2007 / The Art of Unpacking / https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf

[confproc] You, I. / 2010 / Malware Obfuscation Techniques: A Brief Survey / International Conference on Broadband Wireless Computing, Communication and Applications : 297~300

[journal] Yu, S. / 2011 / Traceback of DDoS Attacks Using Entropy Variations / IEEE transactions on parallel and distributed systems; a publication of the IEEE Computer Society 22(3) : 412~425

KJCKorea
Journal Central

Informatization Policy 2023 KCI Impact Factor : 4.08

A Novel Process Design for Analyzing Malicious Codes That Bypass Analysis Techniques

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Informatization Policy 2023 KCI Impact Factor : 4.08

A Novel Process Design for Analyzing Malicious Codes That Bypass Analysis Techniques

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (31) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.