Andy Blog (주위에 빛에되게 해 주세요)  
Front Page
Tag | Location | Guestbook | Admin   
Category :'VB2007'(1)
2007.07.28   Selected the paper titled "ANTI-MALWARE EXPERT SYSTEM"

Selected the paper titled "ANTI-MALWARE EXPERT SYSTEM"

< About VB(Virus Bulletin) Conference >
Over its 17-year history, the VB conference has become a major highlight of the anti-malware calendar, with many of its regular attendees citing it as the anti-malware event of the year. The VB conference provides a focus for the anti-malware industry, representing an opportunity for experts in the anti-malware arena to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

Split into two streams, the conference program caters for both technical and corporate audiences, covering a wide range of anti-malware and spam-related subjects. Delegates range from dedicated anti-malware researchers to security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide.

사용자 삽입 이미지

On Virus Bulletin 2007

I'm very sorry that I could not be there, because of my work-line. but my author Mr hwang, would speak the paper. I hope to see the researchers next time.

<Our Paper>
Title :
Kyu-beom Hwang and Deok-young Jung AhnLab Inc.

The EXPERT system is a useful approach for analyzing malware or other kinds of software. We designed an anti-malware expert system using our compiled research results.

AMES (AhnLab anti-Malware Expert System) consists of automatic static/dynamic analysis systems, classification technology of malware and non-malware, and environment analysis.
This system helps to minimize human error, or false positive detection.
Diverse approaches, like the technology of malware auto-analysis system and classification malware and static/dynamic analysis technology for malware, were tried by AV/AM researchers. Inference malware from function-signature and dectecting behavior patterns of malware are some of the purposes of AMES. If a sample is a malware, then AVES generates a detecting signature automatically.
Of course, it is difficult to predict all "malicious " codes automatically, but we get useful results using our malware knowledge database.
We think that the core technology is able to judge whether a code is a malware or not, and will be able classify them accordingly. In the traditional virus case, if a virus infected program 'A+V' consists of a safe program 'A' and virus function 'V', and almost all of the functions of 'A+V' are not virus functions, but all functions of 'A+V' are same as 'A', then our AMES will treat it as a virus.
The knowledge database has much information about analysts' studied information, extraction functions and behavioral information on collected virus and non-virus. To make a knowledge database, we have designed three categories. First is a function-based static analysis environment. The second category is a virtual machine based dynamic analysis system, while the last one is a human-based active analysis environment. We designed a generic unpacking method for runtime-packed samples on virtual machines and plug-in runtime debuggers.

The objective of AMES is to help analysts evaluate samples and judge malware as variant or non-malware.
AMES uses classification technology and function similarity in collaborative analysis technology.
We will make the system more concrete by using various dynamic analysis technology researches on a virtualization environment.

사용자 삽입 이미지

Full Paper : "

Tag :

name    password    homepage

BLOG main image
이 블로그에 대하여..
시즌#5 원칙
시즌 #5를 준비하며.. -⋯
분류 전체보기 (119)
profile (2)
Season#1:Computer (21)
Season#2:Finacial (8)
Season#3: Enlightenm.. (16)
Season#5:충만한삶 (1)
Study (15)
Memories of leisure (22)
graffiti (31)
...Personal (0)
MVP Paper KeyWest SnowBoarding kernel VB2007 MVP Global Summit Book Miami AVAR2007

«   2020/12   »
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
 Recent Entries
덕영씨를 사랑해 주⋯ (24)
먹는 즐거움 (47)
텔레비젼에 나오는⋯ (8)
드디어 집에 돌아왔⋯ (13)
[당분간 치료 기간⋯ (9)
목욕법 - 저체온이⋯
늘 사람을 얻는 분⋯
면역 운동에 대한⋯
시즌 #5를 준비하며⋯ (3)
가장 간단한 봉사의⋯ (1)
10시간의 대수술과⋯ (5)
챙김을 받기 보다는⋯
남들에게 편안함을⋯
내 감정을 표현할줄⋯
2차 항암치료 (2)
욕심을 버려 무리하⋯
오늘에야 깨달은 인⋯
죽음은 언제나 바로⋯
남과의 거래에 있어⋯
건강이보배 : 하루⋯
 Recent Comments
귀한 깨우침을 선물⋯
pskpassion - 2012
지금 이 땅에 게시⋯
passion - 2012
좋은 발자취보고 갑⋯
마틴한 - 2012
라파엘로 - 2012
안철수 교수의 강연⋯
에밀 - 2012
 Recent Trackbacks
visite site
visite site
 Link Site
AndyJung's Page
Linkedin - public profile.
 Visitor Statistics

Locations of visitors to this page
Total : 141,747
태터툴즈 배너