Seonbin Hwang  Hogyeong Kim  Junho Hwang  Taejin Lee

10.5626/JOK.2018.45.8.769

Static Analysis String Symbol Entropy machine learnings

More than 1.6 milion types of malware are emerging on average per day, and most cyber attackes are generated by malware. Moreover, malware obfuscation techniques are becoming more intelligent through packing or encryption to prevent reverse engineering analysis. In the case of static analysis, there is a limit to the analysis when the analytical file becomes obfuscated, and a countermeasure is needed. In this paper, we propose an approach based on String, Symbol, and Entropy as a way to identify malware even during obfuscation. Two-dimensional arrays were applied for fixed feature-set processing as well as non-fixed feature-set processing, and 15,000 malware/benign samples were tested using the Deep Neural Network. This study is expected to operate in a complementary manner in conjunction with various malicious code detection methods in the future, and it is expected that it can be utilized in the analysis of obfuscated malware variants.