원문정보
초록
영어
Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.
목차
1. Introduction
2. Server-Side Polymorphic Mobile Malware
2.1 Detailed Mechanism of Server-Side Polymorphic Mobile Malware
3. Difficulty on Detecting SSP Mobile Malware
3.1 Complicated Transaction of Server-Side Polymorphic Mobile Malware
3.2 Difficulty on Transaction Aggregation from Suspicious SSP Mobile Malware
4. Implementation of Simulated Dynamic C&C Server
4.1 Fake C&C Server for Detecting Server-Side Polymorphic Mobile Malware
4.2 Implementation of Simulated Dynamic C&C Server
5. Evidence Aggregation for Detect SSP Malware with Simulated C&C Server
5.1 Dynamic SSP Malware Reproduce with Simulated C&C Server
5.2 Evidence Aggregation on Dynamic SSP Malware with Simulated C&C Server
6. Conclusions
Acknowledgements
References