Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
ÇѱÛÁ¦¸ñ(Korean Title) |
V-±×·¥: ¸í·É¾î ±âº» ºí·Ï°ú µö·¯´× ±â¹ÝÀÇ ¾Ç¼ºÄÚµå ŽÁö |
¿µ¹®Á¦¸ñ(English Title) |
V-gram: Malware Detection Using Opcode Basic Blocks and Deep Learning |
ÀúÀÚ(Author) |
Á¤¼º¹Î
±èÇö¼®
±è¿µÀç
À±¸í±Ù
Seongmin Jeong
Hyeonseok Kim
Youngjae Kim
Myungkeun Yoon
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 46 NO. 07 PP. 0599 ~ 0605 (2019. 07) |
Çѱ۳»¿ë (Korean Abstract) |
¾Ç¼ºÄڵ尡 ±ÞÁõÇÏ¿© ±â°è ÇнÀ ±â¹ÝÀÇ ÀÚµ¿ ŽÁö ¿¬±¸°¡ Áß¿äÇØÁö°í ÀÖ´Ù. ¾Ç¼ºÄÚµå ½ÇÇàÆÄÀϷκÎÅÍ ÃßÃâµÇ´Â opcode ½ÃÄö½º´Â ¾Ç¼ºÄÚµå ŽÁö¿¡ ÁÁÀº Ư¡À̱⠶§¹®¿¡ ¹ÙÀÌÆ® ±â¹ÝÀÇ n-±×·¥ ó¸® ±â¹ýÀ» °ÅÃÄ ±â°è ÇнÀÀÇ ÀÔ·Â µ¥ÀÌÅͷμ Æø³Ð°Ô »ç¿ëµÇ°í ÀÖ´Ù. º» ³í¹®¿¡¼´Â ó¸® ¼Óµµ¿Í ÀúÀå °ø°£ Ãø¸é¿¡¼ ±âÁ¸ n-±×·¥ ¹æ½ÄÀ» Å©°Ô Çâ»ó½ÃÅ°´Â ±âº» ºí·Ï ´ÜÀ§ÀÇ µö·¯´× ÀÔ·Â µ¥ÀÌÅÍ °¡°ø ±â¹ýÀÎ V-±×·¥À» »õ·Ó°Ô Á¦¾ÈÇÑ´Ù. V-±×·¥Àº opcode ½ÃÄö½º·ÎºÎÅÍ ÀÇ¹Ì ¾ø´Â ÀÔ·Â µ¥ÀÌÅÍÀÇ ºÒÇÊ¿äÇÑ »ý¼ºÀ» ¸·À» ¼ö ÀÖ´Ù. º» ³í¹®¿¡¼´Â 64,000°³ ÀÌ»óÀÇ ½ÇÁ¦ Á¤»ó ¹× ¾Ç¼ºÄÚµå ÆÄÀÏÀ» ¼öÁýÇÏ¿© ÁøÇàÇÑ ½ÇÇèÀ» ÅëÇؼ, V-±×·¥ÀÌ Ã³¸® ¼Óµµ¿Í ÀúÀå °ø°£, ±×¸®°í ŽÁö Á¤È®µµ Ãø¸é¿¡¼ ¸ðµÎ ±âÁ¸ÀÇ n-±×·¥ ±â¹ýº¸´Ù ¿ì¼öÇÏ´Ù´Â °ÍÀ» °ËÁõÇÏ¿´´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
With the rapid increase in number of malwares, automatic detection based on machine learning becomes more important. Since the opcode sequence extracted from a malicious executable file is useful feature for malware detection, it is widely used as input data for machine learning through byte-based n-gram processing techniques. This study proposed a V-gram, a new data preprocessing technique for deep learning, which improves existing n-gram methods in terms of processing speed and storage space. V-gram can prevent unnecessary generation of meaningless input data from opcode sequences. It was verified that the V-gram is superior to the conventional n-gram method in terms of processing speed, storage space, and detection accuracy, through experiments conducted by collecting more than 64,000 normal and malicious code files. Keywords: malware detection, static analysis, disassemble, n-gram, feature hashing
|
Å°¿öµå(Keyword) |
¾Ç¼ºÄÚµå ŽÁö
Á¤Àû ºÐ¼®
µð½º¾î¼Àºí
n-±×·¥
ÇÇÃÄ ÇؽÌ
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|