Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
³µ¶ÈµÈ ¾Ç¼ºÄÚµå ÆǺ°À» À§ÇÑ 2Â÷¿ø ¹è¿ ±â¹ÝÀÇ ±â¼ú ¿¬±¸ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Study on Two-dimensional Array-based Technology to Identify Obfuscatied Malware |
| ÀúÀÚ(Author) |
Ȳ¼±ºó
±èÈ£°æ
ȲÁØÈ£
ÀÌÅÂÁø
Seonbin Hwang
Hogyeong Kim
Junho Hwang
Taejin Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 45 NO. 08 PP. 0769 ~ 0777 (2018. 08) |
Çѱ۳»¿ë
(Korean Abstract) |
ÀÏÆò±Õ 20¸¸°³ ÀÌ»óÀÇ ¾Ç¼ºÄڵ尡 ÃâÇöÇÏ°í ÀÖÀ¸¸ç, ´ëºÎºÐÀÇ Ä§ÇØ»ç°í´Â ¾Ç¼ºÄڵ带 ÀÌ¿ëÇÏ¿© ¹ß»ýÇÑ´Ù. ±×·±µ¥, °ø°ÝÀÚÀÇ ¾Ç¼ºÄÚµå Á¦ÀÛ±â¼úÀÌ Á¡Â÷ Áö´Éȵǰí ÀÖÀ¸¸ç ¿ª °øÇÐ ºÐ¼®À» ¹æÁöÇϱâ À§ÇØ ÆÐÅ·À̳ª ¾Ïȣȸ¦ ÇÏ¿© ¾Ç¼ºÄڵ带 Á¦ÀÛÇÑ´Ù. Á¤Àû ºÐ¼®ÀÇ °æ¿ì ºÐ¼® ÆÄÀÏÀÌ ³µ¶È°¡ µÇ¸é ºÐ¼®À» ÇÏ´Â µ¥ ÇÑ°è°¡ ÀÖÀ¸¸ç, ÀÌ¿¡ ´ëÀÀÇÒ ¼ö ÀÖ´Â ¹æ¾ÈÀÌ ÇÊ¿äÇÏ´Ù. º» ³í¹®¿¡¼´Â ³µ¶È ½Ã¿¡µµ ¾Ç¼ºÄڵ带 ÆǺ° ÇÒ ¼ö ÀÖ´Â ¹æ¾ÈÀ¸·Î ¹®ÀÚ¿, ½Éº¼, ¿£Æ®·ÎÇÇ ±â¹Ý Á¢±Ù ¹æ¹ýÀ» Á¦½ÃÇÏ¿´´Ù. ƯÈ÷, °íÁ¤µÈ feature-set »Ó ¾Æ´Ï¶ó, °íÁ¤µÇÁö ¾ÊÀº Feature-set 󸮸¦ À§ÇØ 2Â÷¿ø ¹è¿À» Àû¿ëÇÏ¿´À¸¸ç, 15,000°³ÀÇ ¾Ç¼º/Á¤»ó »ùÇÃÀ» DNN(Deep Neural Network)¸¦ ÅëÇØ °ËÁõÀ» ÁøÇàÇÏ¿´´Ù. º» ¿¬±¸´Â ÇâÈÄ ¿©·¯ ¾Ç¼ºÄÚµå ŽÁö±â¹ý°ú ¿¬°èµÇ¾î µ¿ÀÛ ½Ã º¸¿ÏÀûÀÎ ÇüÅ·Πµ¿ÀÛÇÒ °ÍÀ¸·Î ¿¹»óÇϸç, ³µ¶ÈµÈ ¾Ç¼ºÄÚµå º¯Á¾ ºÐ¼®¿¡¼ È°¿ë °¡´ÉÇÒ °ÍÀ¸·Î ±â´ëÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
More than 1.6 milion types of malware are emerging on average per day, and most cyber attackes are generated by malware. Moreover, malware obfuscation techniques are becoming more intelligent through packing or encryption to prevent reverse engineering analysis. In the case of static analysis, there is a limit to the analysis when the analytical file becomes obfuscated, and a countermeasure is needed. In this paper, we propose an approach based on String, Symbol, and Entropy as a way to identify malware even during obfuscation. Two-dimensional arrays were applied for fixed feature-set processing as well as non-fixed feature-set processing, and 15,000 malware/benign samples were tested using the Deep Neural Network. This study is expected to operate in a complementary manner in conjunction with various malicious code detection methods in the future, and it is expected that it can be utilized in the analysis of obfuscated malware variants.
|
| Å°¿öµå(Keyword) |
Á¤Àû ºÐ¼®
¹®ÀÚ¿
½Éº¼
¿£Æ®·ÎÇÇ
¸Ó½Å ·¯´×
static analysis
string
symbol
entropy
machine learnings
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
