Malware detection method focusing on anti-debugging functions

Kota Yoshizaki, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

Original languageEnglish
Title of host publicationProceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages563-566
Number of pages4
ISBN (Print)9781479941520
DOIs
Publication statusPublished - Feb 27 2015
Event2nd International Symposium on Computing and Networking, CANDAR 2014 - Shizuoka, Japan
Duration: Dec 10 2014Dec 12 2014

Other

Other2nd International Symposium on Computing and Networking, CANDAR 2014
CountryJapan
CityShizuoka
Period12/10/1412/12/14

Fingerprint

Computer debugging
Electronic crime countermeasures
Malware
Application programs

Keywords

  • Anti-debugging
  • Malware detection
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Yoshizaki, K., & Yamauchi, T. (2015). Malware detection method focusing on anti-debugging functions. In Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014 (pp. 563-566). [7052247] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2014.36

Malware detection method focusing on anti-debugging functions. / Yoshizaki, Kota; Yamauchi, Toshihiro.

Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 563-566 7052247.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yoshizaki, K & Yamauchi, T 2015, Malware detection method focusing on anti-debugging functions. in Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014., 7052247, Institute of Electrical and Electronics Engineers Inc., pp. 563-566, 2nd International Symposium on Computing and Networking, CANDAR 2014, Shizuoka, Japan, 12/10/14. https://doi.org/10.1109/CANDAR.2014.36
Yoshizaki K, Yamauchi T. Malware detection method focusing on anti-debugging functions. In Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 563-566. 7052247 https://doi.org/10.1109/CANDAR.2014.36
Yoshizaki, Kota ; Yamauchi, Toshihiro. / Malware detection method focusing on anti-debugging functions. Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 563-566
@inproceedings{f3b1be5c01b7426c9b329d671fb00f54,
title = "Malware detection method focusing on anti-debugging functions",
abstract = "Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.",
keywords = "Anti-debugging, Malware detection, Security",
author = "Kota Yoshizaki and Toshihiro Yamauchi",
year = "2015",
month = "2",
day = "27",
doi = "10.1109/CANDAR.2014.36",
language = "English",
isbn = "9781479941520",
pages = "563--566",
booktitle = "Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Malware detection method focusing on anti-debugging functions

AU - Yoshizaki, Kota

AU - Yamauchi, Toshihiro

PY - 2015/2/27

Y1 - 2015/2/27

N2 - Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

AB - Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

KW - Anti-debugging

KW - Malware detection

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84925423413&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84925423413&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2014.36

DO - 10.1109/CANDAR.2014.36

M3 - Conference contribution

AN - SCOPUS:84925423413

SN - 9781479941520

SP - 563

EP - 566

BT - Proceedings - 2014 2nd International Symposium on Computing and Networking, CANDAR 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -