112 0

Full metadata record

DC FieldValueLanguage
dc.contributor.author박용수-
dc.date.accessioned2021-10-26T07:37:58Z-
dc.date.available2021-10-26T07:37:58Z-
dc.date.issued2020-04-
dc.identifier.citationJOURNAL OF SUPERCOMPUTING, v. 77, no. 1, page. 471-497en_US
dc.identifier.issn0920-8542-
dc.identifier.issn1573-0484-
dc.identifier.urihttps://link.springer.com/article/10.1007%2Fs11227-020-03270-6-
dc.identifier.urihttps://repository.hanyang.ac.kr/handle/20.500.11754/165770-
dc.description.abstractMalware uses a variety of anti-reverse engineering techniques, which makes its analysis difficult. Dynamic analysis tools, e.g., debuggers, DBI (Dynamic Binary Instrumentation), and CPU emulators, do not provide both accuracy and convenience when analyzing complex malware, which utilizes diverse anti-reversing techniques. Debuggers are convenient, but are easily detected by anti-debugging techniques. DBI tools are better for bypassing anti-reversing techniques than debuggers, but cannot execute complex programs correctly. Emulators are not designed for precise malware analysis. To address the problem fundamentally, we developed a new approach completely different from the previous works. We present a new dynamic analysis scheme for malware, which includes automatic detection and evasion of various anti-reversing techniques. This approach combines a CPU simulator and actual code execution, i.e., machine instructions are simulated with the CPU simulator, whereas API functions are directly executed when they are called. In this method, the CPU simulator can precisely execute code without modifying the code chunks for trampolines. Moreover, our method takes advantage of the OS functionalities, including thread management or interrupt handling. We conducted experiments on 16 widely used protectors, which show that our method outperforms conventional tools: Pin, DynamoRIO, Apate, and OllyAdvanced. Our scheme can unpack 15 protectors and bypass the anti-debugging techniques associated with them.en_US
dc.description.sponsorshipThis research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2017R1D1A1B03029550).en_US
dc.language.isoenen_US
dc.publisherSPRINGERen_US
dc.subjectDynamic analysisen_US
dc.subjectAnti-reverse engineeringen_US
dc.subjectMalwareen_US
dc.subjectComputer securityen_US
dc.titleHybrid emulation for bypassing anti-reversing techniques and analyzing malwareen_US
dc.typeArticleen_US
dc.relation.no1-
dc.relation.volume77-
dc.identifier.doi10.1007/s11227-020-03270-6-
dc.relation.page1-27-
dc.relation.journalJOURNAL OF SUPERCOMPUTING-
dc.contributor.googleauthorChoi, Seokwoo-
dc.contributor.googleauthorChang, Taejoo-
dc.contributor.googleauthorYoon, Sung-woo-
dc.contributor.googleauthorPark, Yongsu-
dc.relation.code2020054460-
dc.sector.campusS-
dc.sector.daehakCOLLEGE OF ENGINEERING[S]-
dc.sector.departmentSCHOOL OF COMPUTER SCIENCE-
dc.identifier.pidyongsu-
dc.identifier.orcidhttps://orcid.org/0000-0002-7354-4434-
Appears in Collections:
COLLEGE OF ENGINEERING[S](공과대학) > COMPUTER SCIENCE(컴퓨터소프트웨어학부) > Articles
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML


qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

BROWSE