Presentation | 2011-03-25 Automatic Unpacking Based on Entropy of Memory-Access Values Eitaro SHIOJI, Yuhei KAWAKOYA, Makoto IWAMURA, Mitsutaka ITOH, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Malware executables are often obfuscated with encryption or compression using a technique known as packing, thus performing static analysis on such executables requires a preprocessing called unpacking. In this paper, we propose an automatic unpacking method that infers the behaviour of a packed program by analyzing the temporal change in the entropy values of buffers filled with values actually read or written to memory by the program. We also show the effectiveness of our method through experiments. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Unpacking / Dynamic Analysis / Entropy |
Paper # | ICSS2010-63 |
Date of Issue |
Conference Information | |
Committee | ICSS |
---|---|
Conference Date | 2011/3/18(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information and Communication System Security (ICSS) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Automatic Unpacking Based on Entropy of Memory-Access Values |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Unpacking |
Keyword(3) | Dynamic Analysis |
Keyword(4) | Entropy |
1st Author's Name | Eitaro SHIOJI |
1st Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation() |
2nd Author's Name | Yuhei KAWAKOYA |
2nd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
3rd Author's Name | Makoto IWAMURA |
3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
4th Author's Name | Mitsutaka ITOH |
4th Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
Date | 2011-03-25 |
Paper # | ICSS2010-63 |
Volume (vol) | vol.110 |
Number (no) | 475 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |