| Presentation | 2022-11-21 Outsourcing Malware Dynamic Analysis without Disclosing File Contents Keisuke Hamajima, Daisuke Kotani, Yasuo Okabe, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Malware dynamic analysis requires specialized skills. If there are no security experts in the organization and it is difficult to analyze malware, one way to get the results of the analysis is to ask an analyst outside the organization to analyze a suspicious file. However, if the file to be analyzed contains confidential information, it is undesirable to disclose the confidential information to the analyst outside the organization. In this study, we propose a method to outsource dynamic analysis. Executing a file in the local environment and keeping the file secret from the analyst. During the analysis, information about API calls and the memory pointed to by the pointers as their argument is shared with the external environment. We evaluate the effectiveness and limitations of the proposed method for evasion techniques. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Malware / Dynamic Analysis / Evasion Technique / Privacy / Hooking API calls |
| Paper # | IA2022-44 |
| Date of Issue | 2022-11-14 (IA) |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2022/11/21(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Bandai Civic Hall (Niigata) |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Student Sessions, etc. (cosponsored by Committee on Internet Technology) |
| Chair | Tomoki Yoshihisa(Osaka Univ.) |
| Vice Chair | Yusuke Sakumoto(Kwansei Gakuin Univ.) / Yuichiro Hei(KDDI Research) / Hiroshi Yamamoto(Ritsumeikan Univ.) |
| Secretary | Yusuke Sakumoto(Osaka Univ.) / Yuichiro Hei(Kogakuin Univ.) / Hiroshi Yamamoto(Kyushu Inst. of Tech.) |
| Assistant | Daisuke Kotani(Kyoto Univ.) / Ryo Nakamura(Fukuoka Univ.) / Ryo Nakamura(Univ. of Tokyo) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Outsourcing Malware Dynamic Analysis without Disclosing File Contents |
| Sub Title (in English) | |
| Keyword(1) | Malware |
| Keyword(2) | Dynamic Analysis |
| Keyword(3) | Evasion Technique |
| Keyword(4) | Privacy |
| Keyword(5) | Hooking API calls |
| 1st Author's Name | Keisuke Hamajima |
| 1st Author's Affiliation | Kyoto University(Kyoto Univ.) |
| 2nd Author's Name | Daisuke Kotani |
| 2nd Author's Affiliation | Kyoto University(Kyoto Univ.) |
| 3rd Author's Name | Yasuo Okabe |
| 3rd Author's Affiliation | Kyoto University(Kyoto Univ.) |
| Date | 2022-11-21 |
| Paper # | IA2022-44 |
| Volume (vol) | vol.122 |
| Number (no) | IA-268 |
| Page | pp.pp.47-51(IA), |
| #Pages | 5 |
| Date of Issue | 2022-11-14 (IA) |