基于激活证据聚合的Android规避服务器端多态移动恶意软件仿真动态C&C服务器

Hanseong Lee, Hyung-Woo Lee
{"title":"基于激活证据聚合的Android规避服务器端多态移动恶意软件仿真动态C&C服务器","authors":"Hanseong Lee, Hyung-Woo Lee","doi":"10.7236/IJASC.2017.6.1.1","DOIUrl":null,"url":null,"abstract":"Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.","PeriodicalId":297506,"journal":{"name":"The International Journal of Advanced Smart Convergence","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android\",\"authors\":\"Hanseong Lee, Hyung-Woo Lee\",\"doi\":\"10.7236/IJASC.2017.6.1.1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.\",\"PeriodicalId\":297506,\"journal\":{\"name\":\"The International Journal of Advanced Smart Convergence\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The International Journal of Advanced Smart Convergence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.7236/IJASC.2017.6.1.1\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Journal of Advanced Smart Convergence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7236/IJASC.2017.6.1.1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

各种类型的恶意代码,如规避服务器端多态被开发并在第三方开放市场上分发。可疑的新型多态恶意软件具有动态主动改变和变形其内部数据的能力。因此,由于其C&C服务器被关闭或远程控制C&C服务器的IP地址被不定期更改,因此很难将此类可疑交易作为服务器端多态移动恶意软件的证据进行检测。因此,我们实现了模拟C&C服务器来完美地聚合来自各种服务器端多态移动恶意软件的激活事件。利用本文提出的模拟命令与控制服务器,可以对隐蔽的服务器端多态恶意代码进行完整的证明和更清晰的分类。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android
Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信