{"title":"基于激活证据聚合的Android规避服务器端多态移动恶意软件仿真动态C&C服务器","authors":"Hanseong Lee, Hyung-Woo Lee","doi":"10.7236/IJASC.2017.6.1.1","DOIUrl":null,"url":null,"abstract":"Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.","PeriodicalId":297506,"journal":{"name":"The International Journal of Advanced Smart Convergence","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android\",\"authors\":\"Hanseong Lee, Hyung-Woo Lee\",\"doi\":\"10.7236/IJASC.2017.6.1.1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.\",\"PeriodicalId\":297506,\"journal\":{\"name\":\"The International Journal of Advanced Smart Convergence\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The International Journal of Advanced Smart Convergence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.7236/IJASC.2017.6.1.1\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Journal of Advanced Smart Convergence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7236/IJASC.2017.6.1.1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android
Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.