원문정보
초록
영어
The number of malwares has been consistently growing for several years and the working platform of them was diversified. To analyze these malwares, an analyst uses automated investigation tools as sandbox. However, current malwares apply the various techniques to avoid the detection of the sandbox. Especially, it is hard to be analyzed when the malicious behavior is triggered by user events. In this paper, we propose methods to enter malicious behavior routine in the sample malware codes, which is happened during the virtual execution in the sandbox in order to perform the analysis of malware. We design the methods as the user action event generator using fuzzing. The malicious behaviors triggered by the generator are exported to the sandbox report as API list. We show the result of the event generator.
목차
1. Introduction
2. Malware Analyzing Techniques
2.1. Analysis Method of Malware
2.2. Automated Malware Analysis Tool
2.3. Limit of Malware Analysis Tools
3. Evasion Method of Sandbox-based Analysis Tools
3.1. Malicious Activities Triggered by Specific User Inputs
3.2. Malicious Activities Triggered by Time Constraints
3.3. Malicious Activities Disabled by Detecting Virtual Execution
4. Improvement on the Sandbox-based Malicious Code Analyzing Tools
4.1. Improved Architecture of Sandbox-based Tool
4.2. UAEG
4.3. Using of Concolic Testing
4.4. Sandbox-based Analyzing Tool with UAEG
4.5. Result of Applying UAEG
5. Conclusion
Acknowledgment
References