Static Analysis Method on Portable Executable Files for REMNUX based Malware Identification

2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST) Pub Date : 2019-10-01 DOI:10.1109/ICAwST.2019.8923331

Muhammad Salman, Diyanatul Husna, Nindya Viani

{"title":"Static Analysis Method on Portable Executable Files for REMNUX based Malware Identification","authors":"Muhammad Salman, Diyanatul Husna, Nindya Viani","doi":"10.1109/ICAwST.2019.8923331","DOIUrl":null,"url":null,"abstract":"Malware is one of the most dangerous threats in the digital world today and in the future. Today, technological developments do not only give benefits but also reap serious challenges. One of the threats is the breach of computer network security system. Malware can be inserted anywhere, especially on various types of files that can be downloaded from the internet. It is important to analyze malware for of its complex development. This research projects our work on testing and analyzing executable files by utilizing various tools on REMnux operating system. It is aimed to recognize whether a file is safe or contains malware. The results of this study indicated that REMnux can be an appropriate tool to check a file’s characteristics in the form of malware or not based on anomalous data check, metadata of file integrity, section entropy, and function that will be executed by that executable file. In addition, the results can also estimate the impact of malware performance if the file execution is not intentionally done by reverse engineering.","PeriodicalId":156538,"journal":{"name":"2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAwST.2019.8923331","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Malware is one of the most dangerous threats in the digital world today and in the future. Today, technological developments do not only give benefits but also reap serious challenges. One of the threats is the breach of computer network security system. Malware can be inserted anywhere, especially on various types of files that can be downloaded from the internet. It is important to analyze malware for of its complex development. This research projects our work on testing and analyzing executable files by utilizing various tools on REMnux operating system. It is aimed to recognize whether a file is safe or contains malware. The results of this study indicated that REMnux can be an appropriate tool to check a file’s characteristics in the form of malware or not based on anomalous data check, metadata of file integrity, section entropy, and function that will be executed by that executable file. In addition, the results can also estimate the impact of malware performance if the file execution is not intentionally done by reverse engineering.

查看原文本刊更多论文

基于 REMNUX 的便携式可执行文件静态分析方法，用于识别恶意软件

恶意软件是当今和未来数字世界中最危险的威胁之一。今天，技术发展不仅带来好处，也带来了严峻的挑战。计算机网络安全系统的破坏是威胁之一。恶意软件可以插入任何地方，特别是可以从互联网上下载的各种类型的文件。由于恶意软件的发展非常复杂，因此对其进行分析是非常重要的。本研究计划利用remux操作系统上的各种工具对可执行文件进行测试和分析。它的目的是识别文件是否安全或包含恶意软件。本研究结果表明，基于异常数据检查、文件完整性元数据、片段熵和该可执行文件将执行的功能，REMnux可以作为一种合适的工具来检查文件是否以恶意软件的形式存在。此外，如果不是通过逆向工程故意执行文件，结果还可以估计恶意软件性能的影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)

自引率

0.00%

发文量