Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
API Á¤º¸¿Í ±â°èÇнÀÀ» ÅëÇÑ À©µµ¿ì ½ÇÇàÆÄÀÏ ºÐ·ù |
| ¿µ¹®Á¦¸ñ(English Title) |
Classifying Windows Executables using API-based Information and Machine Learning |
| ÀúÀÚ(Author) |
Á¶´ëÈñ
ÀÓ°æȯ
Á¶¼ºÁ¦
ÇÑ»óö
Ȳ¿µ¼·
DaeHee Cho
Kyeonghwan Lim
Seong-je Cho
Sangchul Han
Young-sup Hwang
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 43 NO. 12 PP. 1325 ~ 1333 (2016. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
¼ÒÇÁÆ®¿þ¾î ºÐ·ù ±â¹ýÀº ÀúÀÛ±Ç Ä§ÇØ Å½Áö, ¾Ç¼ºÄÚµåÀÇ ºÐ·ù, ¼ÒÇÁÆ®¿þ¾î º¸°ü¼ÒÀÇ ¼ÒÇÁÆ®¿þ¾î ÀÚµ¿ºÐ·ù µî¿¡ È°¿ëÇÒ ¼ö ÀÖÀ¸¸ç, ºÒ¹ý ¼ÒÇÁÆ®¿þ¾îÀÇ Àü¼ÛÀ» Â÷´ÜÇϱâ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î ÇÊÅ͸µ ½Ã½ºÅÛ¿¡µµ È°¿ëÇÒ ¼ö ÀÖ´Ù. ¼ÒÇÁÆ®¿þ¾î ÇÊÅ͸µ ½Ã½ºÅÛ¿¡¼ À¯»çµµ ÃøÁ¤À» ÅëÇØ ºÒ¹ý ¼ÒÇÁÆ®¿þ¾î¸¦ ½Äº°ÇÒ °æ¿ì, ¼ÒÇÁÆ®¿þ¾î ºÐ·ù¸¦ È°¿ëÇÏ¿© Ž»ö¹üÀ§¸¦ Ãà¼ÒÇϸé Æò±Õ ºñ±³ Ƚ¼ö¸¦ ÁÙÀÏ ¼ö ÀÖ´Ù. º» ³í¹®Àº API È£ÃâÁ¤º¸¿Í ±â°èÇнÀÀ» ÅëÇÑ À©µµ¿ìÁî ½ÇÇà ÆÄÀϺзù¸¦ ¿¬±¸ÇÑ´Ù. ´Ù¾çÇÑ API È£Ãâ Á¤º¸ Á¤Á¦¹æ½Ä°ú ±â°èÇнÀ ¾Ë°í¸®ÁòÀ» Àû¿ëÇÏ¿© ½ÇÇà ÆÄÀÏ ºÐ·ù ¼º´ÉÀ» Æò°¡ÇÑ´Ù. ½ÇÇè°á°ú, PolyKernelÀ» »ç¿ëÇÑ SVM (Support Vector Machine)ÀÌ °¡Àå ³ôÀº ¼º°ø·üÀ» º¸¿´´Ù. API È£Ãâ Á¤º¸´Â ¹ÙÀ̳ʸ® ½ÇÇàÆÄÀÏ¿¡¼ ÃßÃâÇÒ ¼ö ÀÖ´Â Á¤º¸À̸ç, ±â°è ÇнÀÀ» Àû¿ëÇÏ¿© º¯Á¶ ÇÁ·Î±×·¥À» ½Äº°ÇÏ°í ½ÇÇàÆÄÀÏÀÇ ºü¸¥ ºÐ·ù°¡ °¡´ÉÇÏ´Ù. ±×·¯¹Ç·Î API È£ÃâÁ¤º¸¿Í ±â°èÇнÀ¿¡ ±â¹ÝÇÑ ¼ÒÇÁÆ®¿þ¾î ºÐ·ù´Â ¼ÒÇÁÆ®¿þ¾î ÇÊÅ͸µ ½Ã½ºÅÛ¿¡ È°¿ëÇϱ⿡ Àû´çÇÏ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Software classification has several applications such as copyright infringement detection, malware classification, and software automatic categorization in software repositories. It can be also employed by software filtering systems to prevent the transmission of illegal software. If illegal software is identified by measuring software similarity in software filtering systems, the average number of comparisons can be reduced by shrinking the search space. In this study, we focused on the classification of Windows executables using API call information and machine learning. We evaluated the classification performance of machine learning-based classifier according to the refinement method for API information and machine learning algorithm. The results showed that the classification success rate of SVM (Support Vector Machine) with PolyKernel was higher than other algorithms. Since the API call information can be extracted from binary executables and machine learning-based classifier can identify tampered executables, API call information and machine learning-based software classifiers are suitable for software filtering systems.
|
| Å°¿öµå(Keyword) |
¼ÒÇÁÆ®¿þ¾îºÐ·ù
¼ÒÇÁÆ®¿þ¾îÇÊÅ͸µ
API Á¤º¸
±â°èÇнÀ
software classification
software filtering
API information
machine learning
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
