Cited 0 time in
Automatic hybrid analysis technique to improve botnet code coverage using fake server
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Bae, Seong Il | - |
| dc.contributor.author | Kim, Soo Han | - |
| dc.contributor.author | Im, Eul Gyu | - |
| dc.date.accessioned | 2022-07-09T09:25:48Z | - |
| dc.date.available | 2022-07-09T09:25:48Z | - |
| dc.date.created | 2021-05-11 | - |
| dc.date.issued | 2019-09 | - |
| dc.identifier.issn | 0000-0000 | - |
| dc.identifier.uri | https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147248 | - |
| dc.description.abstract | The number of newly found malware and malware variants keeps increasing every year, and malware can be analyzed through static analysis or dynamic analysis. Malware developers use various packing techniques to avoid or to hinder static analysis and dynamic analysis needs to be used to analyze packed malware. In addition, malware that uses network communications to perform malicious actions that makes more difficult to be analyzed. Malware often hides malicious behaviors which are only triggered when certain conditions are satisfied, and this trigger-based malware usually communicates with the C2(Command and Control) server. With the increasing number of daily submitted malware, various malware analysis tools have also been developed steadily. In this paper, we propose a HyImCoCo (Hybrid Improve Code Coverage) which is a detection tool of trigger-based behaviors by satisfying the triggering conditions using hybrid analysis. IDApython is utilized to extract network-based features, and network-related instructions are modified to connect to our fake server called BKserver. The server can support TCP, UDP, IRC and HTTP protocols which are commonly used protocols by malware. HyImCoCo includes five modules which is Find Path module, Patch module, BKserver module, and CFG(Control Flow Graph) module. Experiments have shown that the proposed method can improve code coverage. With this tool, HyImCoCo helps to analyze the branch after recv by attracting malicious code to BKserver. We argue that our proposed tool, HyImCoCo can contribute to reduce the overheads of dynamic analysis through triggering malicious hidden behaviors in malware and increase to code coverage this helps analyze various paths. | - |
| dc.language | 영어 | - |
| dc.language.iso | en | - |
| dc.publisher | Association for Computing Machinery, Inc | - |
| dc.title | Automatic hybrid analysis technique to improve botnet code coverage using fake server | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Im, Eul Gyu | - |
| dc.identifier.doi | 10.1145/3338840.3355670 | - |
| dc.identifier.scopusid | 2-s2.0-85077197974 | - |
| dc.identifier.bibliographicCitation | Proceedings of the 2019 Research in Adaptive and Convergent Systems, RACS 2019, pp.276 - 282 | - |
| dc.relation.isPartOf | Proceedings of the 2019 Research in Adaptive and Convergent Systems, RACS 2019 | - |
| dc.citation.title | Proceedings of the 2019 Research in Adaptive and Convergent Systems, RACS 2019 | - |
| dc.citation.startPage | 276 | - |
| dc.citation.endPage | 282 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Conference Paper | - |
| dc.description.journalClass | 1 | - |
| dc.description.isOpenAccess | N | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.subject.keywordPlus | Botnet | - |
| dc.subject.keywordPlus | Codes (symbols) | - |
| dc.subject.keywordPlus | Data flow analysis | - |
| dc.subject.keywordPlus | Flow graphs | - |
| dc.subject.keywordPlus | Reverse engineering | - |
| dc.subject.keywordPlus | Software testing | - |
| dc.subject.keywordPlus | Static analysis | - |
| dc.subject.keywordPlus | Code coverage | - |
| dc.subject.keywordPlus | Command and control | - |
| dc.subject.keywordPlus | Control flow graphs | - |
| dc.subject.keywordPlus | Malicious behavior | - |
| dc.subject.keywordPlus | Malicious codes | - |
| dc.subject.keywordPlus | Malware analysis | - |
| dc.subject.keywordPlus | Network communications | - |
| dc.subject.keywordPlus | Packing techniques | - |
| dc.subject.keywordPlus | Malware | - |
| dc.subject.keywordAuthor | Botnet | - |
| dc.subject.keywordAuthor | Code coverage | - |
| dc.subject.keywordAuthor | Command and control | - |
| dc.subject.keywordAuthor | Malware analysis | - |
| dc.subject.keywordAuthor | Reverse engineering | - |
| dc.identifier.url | https://dl.acm.org/doi/10.1145/3338840.3355670 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1366
COPYRIGHT © 2024 HANYANG UNIVERSITY.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
