강준혁, 이동훈, 최원석, 진홍주, 이지원,

Vol. 35, No. 3, pp. 563-572, 6월. 2025
10.13089/JKIISC.2025.35.3.563, Full Text:
Keywords: Software Obfuscation, Anti-analysis, AI Security, Deep Learning, Classification
Abstract

Malware attacks targeting the Windows OS account for 98.7 percent of all malware attacks across operating systems, making it a primary target. To evade security programs and hinder reverse engineering efforts, malware is often distributed with various anti-analysis techniques, among which obfuscation is one of the most prominent. Analyzing obfuscated malware consumes significant time and resources for security analysts, and since analysis strategies vary depending on the applied obfuscation techniques, identifying these techniques is crucial for efficient analysis. However, existing research either overlooks obfuscated malware or focuses primarily on the Android OS, resulting in a lack of studies that classify obfuscation techniques applied to Windows malware. This paper proposes a framework that effectively classifies binary obfuscation techniques applied to Windows PE binaries using 3D Markov Images and a convolutional neural network model. The proposed framework targets PE binaries obfuscated with VMProtect, a widely used commercial obfuscation tool, and successfully classifies five types of binary obfuscation techniques with a high accuracy of 99.8 percent and an average inference time of 0.3 seconds, demonstrating its efficiency.

Statistics
Cite this article