BROWSE
Detail
Conference Paper
Behavior-Based Tracer to Monitor Malicious Features of Unknown Executable File
Cited 1 time in 
Share 
Share
- Authors
- Dae Won Kim, Ik Kyun Kim, Jin Tae Oh, Jong Soo Jang
- Issue Date
- 2010-09
- Citation
- International Multi-Conference on Computing in the Global Information Technology (ICCGI) 2010, pp.152-156
- Language
- English
- Type
- Conference Paper
- Abstract
- In computing environments, the core of various security threats is malicious executable files. Conventional signature-based security systems are difficult to detect, at runtime, the unknowns among malicious executable files. For the reason, the static and dynamic analysis methods that the signatures are not required have been actively researched for runtime detection of the unknowns. In particular, the behavior-based dynamic analysis methods which monitor the action statuses, after the actual running of malicious executable file, have made a worthy contribution for the accuracy enhancement of analysis result. However, the analysis information which is offered by most behavior-based methods is not sufficient for applying the results to the methods which finally decide the malignancy of executable file because each behavior-based methods offer only the results of a few action or nonsequential analysis. In this paper, we classified the activities that may be occurred during the execution of malicious executable files and described the implementation of prototype program which can monitor the activities. Additionally, based on operation results of the prototype program, we discussed some important issues which are occurred due to the differences of real and virtual experimental environments. © 2010 IEEE.
- KSP Keywords
- Analysis method, Behavior based, Executable file, Malicious Features, Runtime detection, Security threats, Signature-based, Static and Dynamic analysis, accuracy enhancement, security system