A Detecting Method of Polymorphic Virus Using Advanced Virtual Emulator

Doo Hyun Kim; Dong Hyun Baek; Pan Koo Kim

A Detecting Method of Polymorphic Virus Using Advanced Virtual Emulator

Doo Hyun Kim

Dong Hyun Baek

Pan Koo Kim

The KIPS Transactions:PartC, Vol. 9, No. 2, pp. 149-156, Apr. 2002

10.3745/KIPSTC.2002.9.2.149, PDF Download:

Abstract

Current vaccine program which scans virus code patterns has a difficult to detect the encrypted viruses or polymorphic viruses. The decryption part of polymorphic virus appears to be different every time it replicates. We must monitor the behavior of the decryption code which decrypts the body of the virus in order to detect these kinds of viruses. Specially, it is not easy for the existing methods to detect the virus if the virus writer has modified the loop count of execution intentionally. In this paper, we propose an advanced emulator using a new algorithm so as to detect various kinds of polymorphic viruses. As a result of experiment using advanced emulator, we found that our proposed method has improved the virus detecting rate about 2%. In addition, our proposed system has a merit that it runs on not only MS-Windows but also Linux, and Unix-like platform.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

D. H. Kim, D. H. Baek, P. K. Kim, "A Detecting Method of Polymorphic Virus Using Advanced Virtual Emulator," The KIPS Transactions:PartC, vol. 9, no. 2, pp. 149-156, 2002. DOI: 10.3745/KIPSTC.2002.9.2.149.

[ACM Style]

Doo Hyun Kim, Dong Hyun Baek, and Pan Koo Kim. 2002. A Detecting Method of Polymorphic Virus Using Advanced Virtual Emulator. The KIPS Transactions:PartC, 9, 2, (2002), 149-156. DOI: 10.3745/KIPSTC.2002.9.2.149.