Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾Ç¼ºÄÚµå ħÀÔŽÁö½Ã½ºÅÛ Å½Áö±ÔÄ¢ ÀÚµ¿»ý¼º ¹× °ËÁõ½Ã½ºÅÛ |
| ¿µ¹®Á¦¸ñ(English Title) |
Automatic Malware Detection Rule Generation and Verification System |
| ÀúÀÚ(Author) |
±è¼ºÈ£
À̼öö
Sungho Kim
Suchul Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 20 NO. 02 PP. 0009 ~ 0019 (2019. 04) |
Çѱ۳»¿ë
(Korean Abstract) |
ÀÎÅͳÝÀ» ÅëÇÑ ¼ºñ½º ¹× »ç¿ëÀÚ°¡ ±Þ°ÝÇÏ°Ô Áõ°¡ÇÏ°í ÀÖ´Ù. ÀÌ¿¡ µû¶ó »çÀ̹ö °ø°Ýµµ Áõ°¡ÇÏ°í ÀÖÀ¸¸ç, Á¤º¸ À¯Ãâ, ±ÝÀüÀû ÇÇÇصîÀÌ ¹ß»ýÇÏ°í ÀÖ´Ù. Á¤ºÎ, °ø°ø±â°ü, ȸ»ç µîÀº ÀÌ·¸°Ô ±Þ°ÝÇÑ »çÀ̹ö °ø°Ý Áß ¾Ë·ÁÁø ¾Ç¼ºÄڵ忡 ´ëÀÀÇϱâ À§ÇÏ¿© ½Ã±×´Ïó ±â¹ÝÀÇ Å½Áö±ÔÄ¢À» ÀÌ¿ëÇÑ º¸¾È ½Ã½ºÅÛÀ» »ç¿ëÇÏ°í ÀÖÁö¸¸, ½Ã±×´Ïó ±â¹ÝÀÇ Å½Áö±ÔÄ¢À» »ý¼ºÇÏ°í °ËÁõÇÏ´Â µ¥ ¿À·£ ½Ã°£ÀÌ °É¸°´Ù. ÀÌ·± ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇÏ¿© º» ³í¹®¿¡¼´Â ÀáÀç µð¸®Å¬·¹ ÇÒ´ç ¾Ë°í¸®ÁòÀ» ÅëÇÑ ½Ã±×´Ïó ÃßÃâ°ú Æ®·¡ÇÈ ºÐ¼® ±â¼ú µîÀ» ÀÌ¿ëÇÏ¿© ½Ã±×´Ïó ±â¹ÝÀÇ Å½Áö±ÔÄ¢ »ý¼º ¹× °ËÁõ ½Ã½ºÅÛÀ» Á¦¾ÈÇÏ°í °³¹ßÇÏ¿´´Ù. °³¹ßÇÑ ½Ã½ºÅÛÀ» ½ÇÇèÇÑ °á°ú, ±âÁ¸º¸´Ù ÈξÀ ½Å¼ÓÇÏ°í, Á¤È®ÇÏ°Ô Å½Áö±ÔÄ¢À» »ý¼ºÇÏ°í °ËÁõÇÏ¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Service and users over the Internet are increasing rapidly. Cyber attacks are also increasing. As a result, information leakage and financial damage are occurring. Government, public agencies, and companies are using security systems that use signature-based detection rules to respond to known malicious codes. However, it takes a long time to generate and validate signature-based detection rules. In this paper, we propose and develop signature based detection rule generation and verification systems using the signature extraction scheme developed based on the LDA(latent Dirichlet allocation) algorithm and the traffic analysis technique. Experimental results show that detection rules are generated and verified much more quickly than before.
|
| Å°¿öµå(Keyword) |
¾Ç¼ºÄÚµå
ŽÁö±ÔÄ¢
½º³ëÆ®
LDA
³×Æ®¿öÅ© À§Çù
Malware
Detection rule
Snort
LDA
network threat
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
