TY  - JOUR
T1  - A Study on Two-dimensional Array-based Technology to Identify Obfuscatied Malware
AU  - Hwang, Seonbin 
AU  - Kim, Hogyeong 
AU  - Hwang, Junho 
AU  - Lee, Taejin 
JO  - Journal of KIISE, JOK
PY  - 2018
DA  - 2018/1/14
DO  - 10.5626/JOK.2018.45.8.769
KW  - static analysis
KW  - string
KW  - symbol
KW  - entropy
KW  - machine learnings
AB  - More than 1.6 milion types of malware are emerging on average per day, and most cyber attackes are generated by malware. Moreover, malware obfuscation techniques are becoming more intelligent through packing or encryption to prevent reverse engineering analysis. In the case of static analysis, there is a limit to the analysis when the analytical file becomes obfuscated, and a countermeasure is needed. In this paper, we propose an approach based on String, Symbol, and Entropy as a way to identify malware even during obfuscation. Two-dimensional arrays were applied for fixed feature-set processing as well as non-fixed feature-set processing, and 15,000 malware/benign samples were tested using the Deep Neural Network. This study is expected to operate in a complementary manner in conjunction with various malicious code detection methods in the future, and it is expected that it can be utilized in the analysis of obfuscated malware variants.