Presentation | 2009-11-13 Similarity Scoring Method of Runtime Packed Malware and Its Evaluation Tatsunori Orii, Katsunari Yoshioka, Junji Shikata, Tsutomu Matsumoto, Hyung Chan Kim, Daisuke Inoue, Koji Nakao, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | A great number of malware have been generated and released over the Internet because of the underground distribution of source codes and automated malware generation tools. Moreover, malware authors tend to generate variants of the same or similar malicious codes to evade detection by altering source codes, recompiling them with different options, and packing them using different versions of runtime packers. Among them, runtime packers are troublesome as malware authors can easily generate a number of variants with them, which slows down an effective in-depth analysis. In this paper, we propose a similarity scoring method that aims particularly at an identification of malware variants multiplied by runtime packers. For evaluation, we actually generated variants of several sample binaries by utilizing 19 packers and confirmed that the proposed method can identify variants generated by most of the packers. Moreover, using the proposed method, we found out that there were a considerable number of variants generated by packers among malware samples captured in the wild by low interaction honeypot Nepenthes. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Clustering / Packing |
Paper # | ICSS2009-55 |
Date of Issue |
Conference Information | |
Committee | ICSS |
---|---|
Conference Date | 2009/11/6(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information and Communication System Security (ICSS) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Similarity Scoring Method of Runtime Packed Malware and Its Evaluation |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Clustering |
Keyword(3) | Packing |
1st Author's Name | Tatsunori Orii |
1st Author's Affiliation | Yokohama National University() |
2nd Author's Name | Katsunari Yoshioka |
2nd Author's Affiliation | Yokohama National University |
3rd Author's Name | Junji Shikata |
3rd Author's Affiliation | Yokohama National University |
4th Author's Name | Tsutomu Matsumoto |
4th Author's Affiliation | Yokohama National University |
5th Author's Name | Hyung Chan Kim |
5th Author's Affiliation | National Institute of Information and Communications Technology |
6th Author's Name | Daisuke Inoue |
6th Author's Affiliation | National Institute of Information and Communications Technology |
7th Author's Name | Koji Nakao |
7th Author's Affiliation | National Institute of Information and Communications Technology |
Date | 2009-11-13 |
Paper # | ICSS2009-55 |
Volume (vol) | vol.109 |
Number (no) | 285 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |