코드패치 및 하이브리드 분석 환경을 활용한 악성코드 데이터셋 추출 프레임워크 설계

Vol. 34, No. 3, pp. 403-416, 6월. 2024
10.13089/JKIISC.2024.34.3.403, Full Text:
Keywords: Malware, Hypervisor, Sandbox, Binanry Analysis, AI
Abstract

Malware is being commercialized and sold on the black market, primarily driven by financial incentives. With the increasing demand driven by these sales, the scope of attacks via malware has expanded. In response, there has been a surge in research efforts leveraging artificial intelligence for detection and classification. However, adversaries are integrating various anti-analysis techniques into their malware to thwart analytical efforts. In this study, we introduce the "Malware Analysis with Dynamic Extraction (MADE)" framework, a hybrid binary analysis tool devised to procure datasets from advanced malware incorporating Anti-Analysis techniques. The MADE framework has the proficiency to autonomously execute dynamic analysis on binaries, encompassing those laden with Anti-VM and Anti-Debugging defenses. Experimental results substantiate that the MADE framework can effectively circumvent over 90% of diverse malware implementations using Anti-Analysis techniques and can adeptly extract relevant datasets.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
최기상, 박기웅, 최상훈, "Framework Design for Malware Dataset Extraction Using Code Patches in a Hybrid Analysis Environment," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 3, pp. 403-416, 2024. DOI: 10.13089/JKIISC.2024.34.3.403.

[ACM Style]
최기상, 박기웅, and 최상훈. 2024. Framework Design for Malware Dataset Extraction Using Code Patches in a Hybrid Analysis Environment. Journal of The Korea Institute of Information Security and Cryptology, 34, 3, (2024), 403-416. DOI: 10.13089/JKIISC.2024.34.3.403.