ScholarWorks@Hanyang University

Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Efficient Automatic Original Entry Point Detection

Full metadata record
DC Field Value Language
dc.contributor.authorKim, Gyeong-Min-
dc.contributor.authorPark, Juhyun-
dc.contributor.authorJang, Yun-Hwan-
dc.contributor.authorPark, Yongsu-
dc.date.accessioned2022-07-09T12:21:38Z-
dc.date.available2022-07-09T12:21:38Z-
dc.date.created2021-05-12-
dc.date.issued2019-07-
dc.identifier.issn1016-2364-
dc.identifier.urihttps://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147473-
dc.description.abstractMalware authors employ sophisticated anti-reverse engineering techniques such as packing, encryption, polymorphism, etc. For a packed file, when launched, the packed executable will reconstruct the code of the original program. The OEP (Original Entry Point) is the address indicating the beginning point of the original code. Previous work or conventional unpacking tools provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In this paper, we present an efficient OEP detection scheme for x86 Windows environments. This scheme is designed to find exact one OEP by using three methods. First, we enhanced Isawa et al.'s work by examining branch instructions. Our second method is to track the system parameters relevant to the main function in stack memory to refine OEP candidates. Our third method is that we track the startup function calls to find the installation routine for exception handling. To evaluate feasibility, we implemented our algorithm and then conducted experiments on 16 commercial representative packers and 6 previous unpacking tools/schemes. Experimental results show that even though our scheme produces a single OEP candidate for each packed file, accuracy is the highest (up to 14 times higher than the previous work).-
dc.language영어-
dc.language.isoen-
dc.publisherINST INFORMATION SCIENCE-
dc.titleEfficient Automatic Original Entry Point Detection-
dc.typeArticle-
dc.contributor.affiliatedAuthorPark, Yongsu-
dc.identifier.doi10.6688/JISE.201907_35(4).0011-
dc.identifier.scopusid2-s2.0-85072384683-
dc.identifier.wosid000476582500012-
dc.identifier.bibliographicCitationJOURNAL OF INFORMATION SCIENCE AND ENGINEERING, v.35, no.4, pp.887 - 902-
dc.relation.isPartOfJOURNAL OF INFORMATION SCIENCE AND ENGINEERING-
dc.citation.titleJOURNAL OF INFORMATION SCIENCE AND ENGINEERING-
dc.citation.volume35-
dc.citation.number4-
dc.citation.startPage887-
dc.citation.endPage902-
dc.type.rimsART-
dc.type.docTypeArticle-
dc.description.journalClass1-
dc.description.isOpenAccessN-
dc.description.journalRegisteredClassscopus-
dc.relation.journalResearchAreaComputer Science-
dc.relation.journalWebOfScienceCategoryComputer Science, Information Systems-
dc.subject.keywordPlusCryptography-
dc.subject.keywordPlusMalware-
dc.subject.keywordPlusReverse engineering-
dc.subject.keywordPlusSecurity of data-
dc.subject.keywordPlusAnti-reverse engineerings-
dc.subject.keywordPlusBranch instructions-
dc.subject.keywordPlusCode obfuscation-
dc.subject.keywordPlusDetection scheme-
dc.subject.keywordPlusException handling-
dc.subject.keywordPlusMalicious-code analysis-
dc.subject.keywordPlusProgram analysis-
dc.subject.keywordPlusWindows environment-
dc.subject.keywordPlusCodes (symbols)-
dc.subject.keywordAuthoranti-reverse engineering-
dc.subject.keywordAuthormalicious code analysis-
dc.subject.keywordAuthorcode obfuscation-
dc.subject.keywordAuthorprogram analysis-
dc.subject.keywordAuthorcomputer security-
dc.identifier.urlhttps://www.airitilibrary.com/Publication/alDetailedMesh?DocID=10162364-201907-201906210002-201906210002-887-902-
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles
Show simple item record

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Park, Yong su photo

Park, Yong su
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

STATISTICS
Total View :6,001,741
Today View :28,096

RSS_1.0 RSS_2.0 ATOM_1.0

CONTACT US

222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1365

COPYRIGHT © 2021 HANYANG UNIVERSITY.

Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.

BROWSE

한국어