earticle

논문검색

The User Action Event Generator Design for Leading Malicious Behaviors from Malware in Sandbox

초록

영어

The number of malwares has been consistently growing for several years and the working platform of them was diversified. To analyze these malwares, an analyst uses automated investigation tools as sandbox. However, current malwares apply the various techniques to avoid the detection of the sandbox. Especially, it is hard to be analyzed when the malicious behavior is triggered by user events. In this paper, we propose methods to enter malicious behavior routine in the sample malware codes, which is happened during the virtual execution in the sandbox in order to perform the analysis of malware. We design the methods as the user action event generator using fuzzing. The malicious behaviors triggered by the generator are exported to the sandbox report as API list. We show the result of the event generator.

목차

Abstract
 1. Introduction
 2. Malware Analyzing Techniques
  2.1. Analysis Method of Malware
  2.2. Automated Malware Analysis Tool
  2.3. Limit of Malware Analysis Tools
 3. Evasion Method of Sandbox-based Analysis Tools
  3.1. Malicious Activities Triggered by Specific User Inputs
  3.2. Malicious Activities Triggered by Time Constraints
  3.3. Malicious Activities Disabled by Detecting Virtual Execution
 4. Improvement on the Sandbox-based Malicious Code Analyzing Tools
  4.1. Improved Architecture of Sandbox-based Tool
  4.2. UAEG
  4.3. Using of Concolic Testing
  4.4. Sandbox-based Analyzing Tool with UAEG
  4.5. Result of Applying UAEG
 5. Conclusion
 Acknowledgment
 References

저자정보

  • Jung-Uk Joo Mokpo National University, Republic of Korea
  • Incheol Shin Mokpo National University, Republic of Korea
  • Tong-Wook Hwang Korea Information Security Agency, Republic of Korea
  • Minsoo Kim Mokpo National University, Republic of Korea

참고문헌

자료제공 : 네이버학술정보

    함께 이용한 논문

      ※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.

      0개의 논문이 장바구니에 담겼습니다.