The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
최근 컴퓨터 바이러스 변종의 출현 빈도가 증가하고 있습니다. 일반적인 패턴 매칭 방식을 사용하는 바이러스 정보 업데이트는 바이러스별 특징적인 패턴을 추출하는 데 시간이 걸리기 때문에 점점 바이러스 발생 속도를 따라잡지 못하게 됩니다. 따라서 정적 코드 분석을 활용한 신속하고 자동적인 바이러스 탐지 알고리즘이 필요합니다. 그러나 최근의 컴퓨터 바이러스는 거의 대부분 압축되어 난독화되어 있습니다. 난독화된 컴퓨터 바이러스에서는 바이너리 코드의 특성을 판별하기가 어렵습니다. 따라서 본 논문에서는 압축 형식에 관계없이 압축된 컴퓨터 바이러스를 자동으로 언팩하는 방법을 제안한다. 제안하는 방법은 일반적인 압축 형식을 80%의 정확도로 언팩하며, 알려지지 않은 압축 형식도 언팩할 수 있습니다. 제안된 방법은 Paul Graham의 Bayesian Virus Filter 등 기존에 알려진 바이러스 탐지 시스템과 결합하여 알려지지 않은 바이러스에 대해 효과적이다.
바이러스, 난독 화하다, 압축, 포장 풀기, 베이지안 바이러스 필터
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Dengfeng ZHANG, Naoshi NAKAYA, Yuuji KOUI, Hitoaki YOSHIDA, "An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem" in IEICE TRANSACTIONS on Communications,
vol. E92-B, no. 4, pp. 1119-1127, April 2009, doi: 10.1587/transcom.E92.B.1119.
Abstract: Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E92.B.1119/_p
부
@ARTICLE{e92-b_4_1119,
author={Dengfeng ZHANG, Naoshi NAKAYA, Yuuji KOUI, Hitoaki YOSHIDA, },
journal={IEICE TRANSACTIONS on Communications},
title={An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem},
year={2009},
volume={E92-B},
number={4},
pages={1119-1127},
abstract={Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.},
keywords={},
doi={10.1587/transcom.E92.B.1119},
ISSN={1745-1345},
month={April},}
부
TY - JOUR
TI - An Automatic Unpacking Method for Computer Virus Effective in the Virus Filter Based on Paul Graham's Bayesian Theorem
T2 - IEICE TRANSACTIONS on Communications
SP - 1119
EP - 1127
AU - Dengfeng ZHANG
AU - Naoshi NAKAYA
AU - Yuuji KOUI
AU - Hitoaki YOSHIDA
PY - 2009
DO - 10.1587/transcom.E92.B.1119
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E92-B
IS - 4
JA - IEICE TRANSACTIONS on Communications
Y1 - April 2009
AB - Recently, the appearance frequency of computer virus variants has increased. Updates to virus information using the normal pattern matching method are increasingly unable to keep up with the speed at which viruses occur, since it takes time to extract the characteristic patterns for each virus. Therefore, a rapid, automatic virus detection algorithm using static code analysis is necessary. However, recent computer viruses are almost always compressed and obfuscated. It is difficult to determine the characteristics of the binary code from the obfuscated computer viruses. Therefore, this paper proposes a method that unpacks compressed computer viruses automatically independent of the compression format. The proposed method unpacks the common compression formats accurately 80% of the time, while unknown compression formats can also be unpacked. The proposed method is effective against unknown viruses by combining it with the existing known virus detection system like Paul Graham's Bayesian Virus Filter etc.
ER -