ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Optimal Position Searching for Automated Malware Signature Generation
Cited 0 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
최양서, 오진태, 이정근, 류재철
발행일
200905
출처
International Symposium on Consumer Electronics (ISCE) 2009, pp.561-564
DOI
https://dx.doi.org/10.1109/ISCE.2009.5156878
협약과제
09MS5300, 분산서비스거부(DDoS) 공격 대응 기술개발, 장종수
초록
When a new malware is found, anti-virus companies generate a signature for the malware. However, the malware analysis and signature generation are a time consuming process, because malwares utilize the sophisticated anti-reversing and obfuscation techniques. Therefore, it is very difficult to generate the signatures quickly enough to protect the malwares at the beginning of their propagations. In order to overcome this situation, a simple signature should be extracted automatically as soon as possible before the fully examined signature is generated. For automatic signature generation, the signature extraction position in the malwares also could be decided automatically and the extracted signatures should have low false positives. However, the relavant researches on the optimal position for automatic malware signature extraction are not enough yet. In this paper, we have investigated a method of searching the optimal area in a PE file for an automated malware signature generation. We show the results and the extracted signature's performance from the selected area with the real malwares. The area searching is done with the entropy and variance values because they can be used as a measurement of the randomness and uncertainty for each byte stream in malwares. ©2009 IEEE.
키워드
Entropy, Malware, Position, Signature, Variance
KSP 제안 키워드
As Soon As Possible, False positive, Obfuscation techniques, Optimal position, Signature extraction, Simple signature, anti-virus, automatic signature generation, malware analysis