Digital Library[ Search Result ]

Search : [ author: Junho Hwang ] (2)

Malware Variants Detection based on Dhash

Hongbi Kim, Hyunseok Shin, Junho Hwang, Taejin Lee

http://doi.org/10.5626/JOK.2019.46.11.1207

Malicious codes are becoming more intelligent due to the popularization of malware generation tools and obfuscation techniques, but existing malware detection techniques suffer from incomplete detection of malicious codes. Considering the facts that many newly emerging malicious codes are variants of existing malicious codes, and that they have binary data similar to those of the original malicious codes, a Dhash-based malware detection technique is presented here that classifies images based on the binary data in a file, along with a 10-gram algorithm that improves the long time taken by the analysis due to the full comparison of the Dhash algorithm. A comparison with the superior ssdep technique in variant malware detection shows that the Dhash algorithm can detect areas that ssdep does not detect, and the superiority of the proposed algorithm through the existing Dhash algorithm and the detection speed comparison experiment of the algorithms proposed in this paper. Future work will continue to develop variety of malware analysis technologies that are linked to other LSH-based detection techniques.

A Study on Two-dimensional Array-based Technology to Identify Obfuscatied Malware

Seonbin Hwang, Hogyeong Kim, Junho Hwang, Taejin Lee

http://doi.org/10.5626/JOK.2018.45.8.769

More than 1.6 milion types of malware are emerging on average per day, and most cyber attackes are generated by malware. Moreover, malware obfuscation techniques are becoming more intelligent through packing or encryption to prevent reverse engineering analysis. In the case of static analysis, there is a limit to the analysis when the analytical file becomes obfuscated, and a countermeasure is needed. In this paper, we propose an approach based on String, Symbol, and Entropy as a way to identify malware even during obfuscation. Two-dimensional arrays were applied for fixed feature-set processing as well as non-fixed feature-set processing, and 15,000 malware/benign samples were tested using the Deep Neural Network. This study is expected to operate in a complementary manner in conjunction with various malicious code detection methods in the future, and it is expected that it can be utilized in the analysis of obfuscated malware variants.


Search




Journal of KIISE

  • ISSN : 2383-630X(Print)
  • ISSN : 2383-6296(Electronic)
  • KCI Accredited Journal

Editorial Office

  • Tel. +82-2-588-9240
  • Fax. +82-2-521-1352
  • E-mail. chwoo@kiise.or.kr