Efficient Automatic Original Entry Point Detection
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Gyeong-Min | - |
dc.contributor.author | Park, Juhyun | - |
dc.contributor.author | Jang, Yun-Hwan | - |
dc.contributor.author | Park, Yongsu | - |
dc.date.accessioned | 2022-07-09T12:21:38Z | - |
dc.date.available | 2022-07-09T12:21:38Z | - |
dc.date.created | 2021-05-12 | - |
dc.date.issued | 2019-07 | - |
dc.identifier.issn | 1016-2364 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/147473 | - |
dc.description.abstract | Malware authors employ sophisticated anti-reverse engineering techniques such as packing, encryption, polymorphism, etc. For a packed file, when launched, the packed executable will reconstruct the code of the original program. The OEP (Original Entry Point) is the address indicating the beginning point of the original code. Previous work or conventional unpacking tools provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In this paper, we present an efficient OEP detection scheme for x86 Windows environments. This scheme is designed to find exact one OEP by using three methods. First, we enhanced Isawa et al.'s work by examining branch instructions. Our second method is to track the system parameters relevant to the main function in stack memory to refine OEP candidates. Our third method is that we track the startup function calls to find the installation routine for exception handling. To evaluate feasibility, we implemented our algorithm and then conducted experiments on 16 commercial representative packers and 6 previous unpacking tools/schemes. Experimental results show that even though our scheme produces a single OEP candidate for each packed file, accuracy is the highest (up to 14 times higher than the previous work). | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | INST INFORMATION SCIENCE | - |
dc.title | Efficient Automatic Original Entry Point Detection | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Park, Yongsu | - |
dc.identifier.doi | 10.6688/JISE.201907_35(4).0011 | - |
dc.identifier.scopusid | 2-s2.0-85072384683 | - |
dc.identifier.wosid | 000476582500012 | - |
dc.identifier.bibliographicCitation | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, v.35, no.4, pp.887 - 902 | - |
dc.relation.isPartOf | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | - |
dc.citation.title | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING | - |
dc.citation.volume | 35 | - |
dc.citation.number | 4 | - |
dc.citation.startPage | 887 | - |
dc.citation.endPage | 902 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.subject.keywordPlus | Cryptography | - |
dc.subject.keywordPlus | Malware | - |
dc.subject.keywordPlus | Reverse engineering | - |
dc.subject.keywordPlus | Security of data | - |
dc.subject.keywordPlus | Anti-reverse engineerings | - |
dc.subject.keywordPlus | Branch instructions | - |
dc.subject.keywordPlus | Code obfuscation | - |
dc.subject.keywordPlus | Detection scheme | - |
dc.subject.keywordPlus | Exception handling | - |
dc.subject.keywordPlus | Malicious-code analysis | - |
dc.subject.keywordPlus | Program analysis | - |
dc.subject.keywordPlus | Windows environment | - |
dc.subject.keywordPlus | Codes (symbols) | - |
dc.subject.keywordAuthor | anti-reverse engineering | - |
dc.subject.keywordAuthor | malicious code analysis | - |
dc.subject.keywordAuthor | code obfuscation | - |
dc.subject.keywordAuthor | program analysis | - |
dc.subject.keywordAuthor | computer security | - |
dc.identifier.url | https://www.airitilibrary.com/Publication/alDetailedMesh?DocID=10162364-201907-201906210002-201906210002-887-902 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1365
COPYRIGHT © 2021 HANYANG UNIVERSITY.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.