발간년도 : [2019]
논문정보 |
|
논문명(한글) |
[Vol.14, No.3] Malicious Code Neutralizing Method Using Image Format Transforming Based on Nonlinear Transfer Function |
|
논문투고자 |
Dong-Seob Jung, Sang-Joon Lee |
|
논문내용 |
Various bypass techniques have been developed to hide malicious code in image files among non-executable files. It is difficult to detect by reputation or signature-based antivirus methods when unknown malware is hidden. In this paper, we proposed a neutralizing method of hidden malicious code to analyze the structure of the original image file format and disable the malicious code through image data area conversion even if there is no prior information about the signatures or characteristics of malicious codes. The proposed method consists of image file extraction phase, file format analysis phase, file transformation phase, and management phase of transformation image file. In the image file transformation phase, header information transformation, specific string filtering transformation for additional information, and image pixel data transformation using nonlinear transfer function are performed. In order to prove the effectiveness of the proposed method, 10 malicious code - hidden image files among 48,220 of the latest malicious code (paid API) purchased from Virus Total Company were used in the experiment. After the file extraction phase, the format analysis phase, and the image file conversion phase for the neutralizing method, the experimental results show that the virus detection amount is reduced quantitatively and thus the effectiveness of the proposed method is verified. In addition, by using the non-linear transfer function, the converted image file was able to neutralize the malicious code while maintaining the same quality as the original image, which could not be distinguished by the naked eye. |
|
첨부논문 |
|
|
|
|
|