JIPS (Çѱ¹Á¤º¸Ã³¸®ÇÐȸ)
Current Result Document : 45 / 45
| ÇѱÛÁ¦¸ñ(Korean Title) |
Host-Based Malware Variants Detection Method Using Logs |
| ¿µ¹®Á¦¸ñ(English Title) |
Host-Based Malware Variants Detection Method Using Logs |
| ÀúÀÚ(Author) |
Woo-Jin Joe
Hyong-Shik Kim
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 17 NO. 04 PP. 0851 ~ 0865 (2021. 08) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company¡¯s analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants. |
| Å°¿öµå(Keyword) |
Big Data
Host-Based Detection
Log
Malware Variants
Sysmon
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
