A static and dynamic visual debugger for malware analysis

Chan Lee Yee, Lee Ling Chuan, Mahamod Ismail, Nasharuddin Zainal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis progress. We reconstruct the targeted program's control flow and broke it into smaller regions. Fragment of malicious instructions can be easily determined via the control flow graph information.

Original languageEnglish
Title of host publicationAPCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation"
Pages765-769
Number of pages5
DOIs
Publication statusPublished - 2012
Event18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation", APCC 2012 - Jeju Island
Duration: 15 Oct 201217 Oct 2012

Other

Other18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation", APCC 2012
CityJeju Island
Period15/10/1217/10/12

Fingerprint

Flow graphs
Reverse engineering
Visualization
Computer viruses
Viruses
Flow control
Internet
Malware

Keywords

  • Dynamic Analysis
  • Static Analysis
  • Visualization Debugger

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Yee, C. L., Chuan, L. L., Ismail, M., & Zainal, N. (2012). A static and dynamic visual debugger for malware analysis. In APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation" (pp. 765-769). [6388211] https://doi.org/10.1109/APCC.2012.6388211

A static and dynamic visual debugger for malware analysis. / Yee, Chan Lee; Chuan, Lee Ling; Ismail, Mahamod; Zainal, Nasharuddin.

APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation". 2012. p. 765-769 6388211.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yee, CL, Chuan, LL, Ismail, M & Zainal, N 2012, A static and dynamic visual debugger for malware analysis. in APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation"., 6388211, pp. 765-769, 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation", APCC 2012, Jeju Island, 15/10/12. https://doi.org/10.1109/APCC.2012.6388211
Yee CL, Chuan LL, Ismail M, Zainal N. A static and dynamic visual debugger for malware analysis. In APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation". 2012. p. 765-769. 6388211 https://doi.org/10.1109/APCC.2012.6388211
Yee, Chan Lee ; Chuan, Lee Ling ; Ismail, Mahamod ; Zainal, Nasharuddin. / A static and dynamic visual debugger for malware analysis. APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation". 2012. pp. 765-769
@inproceedings{bcb2f873588a490bad46096103541370,
title = "A static and dynamic visual debugger for malware analysis",
abstract = "The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis progress. We reconstruct the targeted program's control flow and broke it into smaller regions. Fragment of malicious instructions can be easily determined via the control flow graph information.",
keywords = "Dynamic Analysis, Static Analysis, Visualization Debugger",
author = "Yee, {Chan Lee} and Chuan, {Lee Ling} and Mahamod Ismail and Nasharuddin Zainal",
year = "2012",
doi = "10.1109/APCC.2012.6388211",
language = "English",
pages = "765--769",
booktitle = "APCC 2012 - 18th Asia-Pacific Conference on Communications: {"}Green and Smart Communications for IT Innovation{"}",

}

TY - GEN

T1 - A static and dynamic visual debugger for malware analysis

AU - Yee, Chan Lee

AU - Chuan, Lee Ling

AU - Ismail, Mahamod

AU - Zainal, Nasharuddin

PY - 2012

Y1 - 2012

N2 - The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis progress. We reconstruct the targeted program's control flow and broke it into smaller regions. Fragment of malicious instructions can be easily determined via the control flow graph information.

AB - The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis progress. We reconstruct the targeted program's control flow and broke it into smaller regions. Fragment of malicious instructions can be easily determined via the control flow graph information.

KW - Dynamic Analysis

KW - Static Analysis

KW - Visualization Debugger

UR - http://www.scopus.com/inward/record.url?scp=84872570869&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872570869&partnerID=8YFLogxK

U2 - 10.1109/APCC.2012.6388211

DO - 10.1109/APCC.2012.6388211

M3 - Conference contribution

AN - SCOPUS:84872570869

SP - 765

EP - 769

BT - APCC 2012 - 18th Asia-Pacific Conference on Communications: "Green and Smart Communications for IT Innovation"

ER -