Malware detection method focusing on anti-debugging functions

Kota Yoshizaki; Toshihiro Yamauchi

doi:10.1109/CANDAR.2014.36

Malware detection method focusing on anti-debugging functions

Kota Yoshizaki, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

Original language	English
Title of host publication	Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	563-566
Number of pages	4
ISBN (Electronic)	9781479941520
DOIs	https://doi.org/10.1109/CANDAR.2014.36
Publication status	Published - Feb 27 2015
Event	2nd International Symposium on Computing and Networking, CANDAR 2014 - Shizuoka, Japan Duration: Dec 10 2014 → Dec 12 2014

Publication series

Name	Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014

Other

Other	2nd International Symposium on Computing and Networking, CANDAR 2014
Country/Territory	Japan
City	Shizuoka
Period	12/10/14 → 12/12/14

Keywords

Anti-debugging
Malware detection
Security

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/CANDAR.2014.36

Cite this

Yoshizaki, K., & Yamauchi, T. (2015). Malware detection method focusing on anti-debugging functions. In Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014 (pp. 563-566). [7052247] (Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2014.36

Malware detection method focusing on anti-debugging functions. / Yoshizaki, Kota; Yamauchi, Toshihiro.
Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 563-566 7052247 (Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yoshizaki, K & Yamauchi, T 2015, Malware detection method focusing on anti-debugging functions. in Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014., 7052247, Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014, Institute of Electrical and Electronics Engineers Inc., pp. 563-566, 2nd International Symposium on Computing and Networking, CANDAR 2014, Shizuoka, Japan, 12/10/14. https://doi.org/10.1109/CANDAR.2014.36

Yoshizaki K, Yamauchi T. Malware detection method focusing on anti-debugging functions. In Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 563-566. 7052247. (Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014). doi: 10.1109/CANDAR.2014.36

@inproceedings{f3b1be5c01b7426c9b329d671fb00f54,

title = "Malware detection method focusing on anti-debugging functions",

abstract = "Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.",

keywords = "Anti-debugging, Malware detection, Security",

author = "Kota Yoshizaki and Toshihiro Yamauchi",

year = "2015",

month = feb,

day = "27",

doi = "10.1109/CANDAR.2014.36",

language = "English",

series = "Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "563--566",

booktitle = "Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014",

note = "2nd International Symposium on Computing and Networking, CANDAR 2014 ; Conference date: 10-12-2014 Through 12-12-2014",

}

TY - GEN

T1 - Malware detection method focusing on anti-debugging functions

AU - Yoshizaki, Kota

AU - Yamauchi, Toshihiro

PY - 2015/2/27

Y1 - 2015/2/27

N2 - Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

AB - Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

KW - Anti-debugging

KW - Malware detection

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84925423413&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925423413&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2014.36

DO - 10.1109/CANDAR.2014.36

M3 - Conference contribution

AN - SCOPUS:84925423413

T3 - Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014

SP - 563

EP - 566

BT - Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2nd International Symposium on Computing and Networking, CANDAR 2014

Y2 - 10 December 2014 through 12 December 2014

ER -

Malware detection method focusing on anti-debugging functions

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this