メモリアクセス値のエントロピーに基づく自動アンパッキング

Presentation	2011-03-25 Automatic Unpacking Based on Entropy of Memory-Access Values Eitaro SHIOJI, Yuhei KAWAKOYA, Makoto IWAMURA, Mitsutaka ITOH,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Malware executables are often obfuscated with encryption or compression using a technique known as packing, thus performing static analysis on such executables requires a preprocessing called unpacking. In this paper, we propose an automatic unpacking method that infers the behaviour of a packed program by analyzing the temporal change in the entropy values of buffers filled with values actually read or written to memory by the program. We also show the effectiveness of our method through experiments.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Malware / Unpacking / Dynamic Analysis / Entropy
Paper #	ICSS2010-63
Date of Issue

Paper Information
Registration To	Information and Communication System Security (ICSS)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Automatic Unpacking Based on Entropy of Memory-Access Values
Sub Title (in English)
Keyword(1)	Malware
Keyword(2)	Unpacking
Keyword(3)	Dynamic Analysis
Keyword(4)	Entropy
1st Author's Name	Eitaro SHIOJI
1st Author's Affiliation	NTT Information Sharing Platform Laboratories, NTT Corporation()
2nd Author's Name	Yuhei KAWAKOYA
2nd Author's Affiliation	NTT Information Sharing Platform Laboratories, NTT Corporation
3rd Author's Name	Makoto IWAMURA
3rd Author's Affiliation	NTT Information Sharing Platform Laboratories, NTT Corporation
4th Author's Name	Mitsutaka ITOH
4th Author's Affiliation	NTT Information Sharing Platform Laboratories, NTT Corporation
Date	2011-03-25
Paper #	ICSS2010-63
Volume (vol)	vol.110
Number (no)	475
Page	pp.pp.-
#Pages	6
Date of Issue