GoAsap: 정적분석 관점에서 바라보는 Golang 신버전 탐지ㆍ분석시스템 제안

Vol. 34, No. 4, pp. 707-724, 8월. 2024
10.13089/JKIISC.2024.34.4.707, Full Text:
Keywords: Golang, Static Detection, Static Analysis, Malware
Abstract

Recently, Golang has been gaining attention in programming language rankings each year due to its cross-compilation capabilities and high code productivity. However, malware developers have also been increasingly using it to distribute malware such as ransomware and backdoors. Interestingly, Golang, being an open-source language, frequently changes the important values and configuration order of a crucial structure called Pclntab, which includes essential values for recovering deleted symbols whenever a new version is released. While frequent structural changes may not be an issue from a developer's perspective aiming for better code readability and productivity, it poses challenges in cybersecurity, as new versions with modified structures can be exploited in malware development. Therefore, this paper proposes GoAsap, a detection and analysis system for Golang executables targeting the new versions, and validates the performance of the proposed system by comparing and evaluating it against six existing binary analysis tools.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
강형민 and 원유재, "GoAsap: 정적분석 관점에서 바라보는 Golang 신버전 탐지ㆍ분석시스템 제안," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 4, pp. 707-724, 2024. DOI: 10.13089/JKIISC.2024.34.4.707.

[ACM Style]
강형민 and 원유재. 2024. GoAsap: 정적분석 관점에서 바라보는 Golang 신버전 탐지ㆍ분석시스템 제안. Journal of The Korea Institute of Information Security and Cryptology, 34, 4, (2024), 707-724. DOI: 10.13089/JKIISC.2024.34.4.707.