Andy Blog (주위에 빛에되게 해 주세요)  
Front Page
Tag | Location | Guestbook | Admin   
 
Category :'VB2007'(1)
2007.07.28   Selected the paper titled "ANTI-MALWARE EXPERT SYSTEM"


Selected the paper titled "ANTI-MALWARE EXPERT SYSTEM"

< About VB(Virus Bulletin) Conference >
Over its 17-year history, the VB conference has become a major highlight of the anti-malware calendar, with many of its regular attendees citing it as the anti-malware event of the year. The VB conference provides a focus for the anti-malware industry, representing an opportunity for experts in the anti-malware arena to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

Split into two streams, the conference program caters for both technical and corporate audiences, covering a wide range of anti-malware and spam-related subjects. Delegates range from dedicated anti-malware researchers to security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide.

사용자 삽입 이미지

On Virus Bulletin 2007
http://www.virusbtn.com/conference/vb2007/programme/index

<Notice>
I'm very sorry that I could not be there, because of my work-line. but my author Mr hwang, would speak the paper. I hope to see the researchers next time.

<Our Paper>
Title :
ANTI-MALWARE EXPERT SYSTEM
Kyu-beom Hwang and Deok-young Jung AhnLab Inc.

Abstract
The EXPERT system is a useful approach for analyzing malware or other kinds of software. We designed an anti-malware expert system using our compiled research results.

AMES (AhnLab anti-Malware Expert System) consists of automatic static/dynamic analysis systems, classification technology of malware and non-malware, and environment analysis.
This system helps to minimize human error, or false positive detection.
Diverse approaches, like the technology of malware auto-analysis system and classification malware and static/dynamic analysis technology for malware, were tried by AV/AM researchers. Inference malware from function-signature and dectecting behavior patterns of malware are some of the purposes of AMES. If a sample is a malware, then AVES generates a detecting signature automatically.
Of course, it is difficult to predict all "malicious " codes automatically, but we get useful results using our malware knowledge database.
We think that the core technology is able to judge whether a code is a malware or not, and will be able classify them accordingly. In the traditional virus case, if a virus infected program 'A+V' consists of a safe program 'A' and virus function 'V', and almost all of the functions of 'A+V' are not virus functions, but all functions of 'A+V' are same as 'A', then our AMES will treat it as a virus.
The knowledge database has much information about analysts' studied information, extraction functions and behavioral information on collected virus and non-virus. To make a knowledge database, we have designed three categories. First is a function-based static analysis environment. The second category is a virtual machine based dynamic analysis system, while the last one is a human-based active analysis environment. We designed a generic unpacking method for runtime-packed samples on virtual machines and plug-in runtime debuggers.

The objective of AMES is to help analysts evaluate samples and judge malware as variant or non-malware.
AMES uses classification technology and function similarity in collaborative analysis technology.
We will make the system more concrete by using various dynamic analysis technology researches on a virtualization environment.

사용자 삽입 이미지

...
Full Paper : "


신고
Tag :


BLOG main image
 Notice
이 블로그에 대하여..
시즌#5 원칙
시즌 #5를 준비하며.. - 빛..
 Category
분류 전체보기 (119)
profile (2)
Season#1:Computer (21)
Season#2:Finacial (8)
Season#3: Enlightenm.. (16)
Season#5:충만한삶 (1)
Study (15)
Memories of leisure (22)
graffiti (31)
...Personal (0)
 TAGS
Book Paper KeyWest AVAR2007 Miami kernel MVP VB2007 MVP Global Summit SnowBoarding


 Calendar
«   2017/05   »
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
 Recent Entries
덕영씨를 사랑해 주.. (24)
먹는 즐거움 (47)
텔레비젼에 나오는.. (8)
드디어 집에 돌아왔.. (13)
[당분간 치료 기간동.. (9)
목욕법 - 저체온이..
늘 사람을 얻는 분 -..
면역 운동에 대한 좋..
시즌 #5를 준비하며... (3)
가장 간단한 봉사의.. (1)
10시간의 대수술과 2.. (5)
챙김을 받기 보다는..
남들에게 편안함을..
내 감정을 표현할줄..
2차 항암치료 (2)
욕심을 버려 무리하..
오늘에야 깨달은 인..
죽음은 언제나 바로..
남과의 거래에 있어..
건강이보배 : 하루 1..
 Recent Comments
귀한 깨우침을 선물..
pskpassion - 2012
지금 이 땅에 게시지..
passion - 2012
좋은 발자취보고 갑..
마틴한 - 2012
안철수교수님강의를..
라파엘로 - 2012
안철수 교수의 강연..
에밀 - 2012
 Recent Trackbacks
visite site
visite site
 Archive
2011/04
2011/02
2011/01
2010/11
2010/10
2010/09
2010/08
2010/07
2010/06
2010/05
2010/04
2010/03
2009/12
2009/10
2009/03
2009/02
2009/01
2008/09
2008/08
2008/06
 Link Site
AndyJung's Page
Linkedin - public profile.
Sleek.
 Visitor Statistics

Locations of visitors to this page
Total : 108,797
태터툴즈 배너
rss
 

티스토리 툴바