Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
Endpoint¿¡ Àû¿ë °¡´ÉÇÑ Á¤Àû feature ±â¹Ý °í¼ÓÀÇ »çÀ̹ö ħÅõ°ø°Ý ºÐ¼®±â¼ú ¿¬±¸ |
| ¿µ¹®Á¦¸ñ(English Title) |
Study on High-speed Cyber Penetration Attack Analysis Technology based on Static Feature Base Applicable to Endpoints |
| ÀúÀÚ(Author) |
ȲÁØÈ£
Ȳ¼±ºó
±è¼öÁ¤
ÀÌÅÂÁø
Jun-ho Hwang
Seon-bin Hwang
Su-jeong Kim
Tae-jin Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 19 NO. 05 PP. 0021 ~ 0031 (2018. 10) |
Çѱ۳»¿ë
(Korean Abstract) |
»çÀ̹ö ħÇØ°ø°ÝÀº »çÀ̹ö °ø°£¿¡¼¸¸ ÇÇÇظ¦ ÀÔÈ÷´Â °ÍÀÌ ¾Æ´Ï¶ó Àü±â¡¤°¡½º¡¤¼öµµ¡¤¿øÀÚ·Â µî ÀÎÇÁ¶ó ½Ã¼³ Àüü¸¦ °ø°ÝÇÒ ¼ö Àֱ⿡ ±¹¹ÎÀÇ »ýÈ°Àü¹Ý¿¡ ¾öû³ ÇÇÇظ¦ ÁÙ ¼ö ÀÖ´Ù. ¶ÇÇÑ, »çÀ̹ö°ø°£Àº ÀÌ¹Ì Á¦5ÀÇ ÀüÀåÀ¸·Î ±ÔÁ¤µÇ¾î ÀÖ´Â µî Àü·«Àû ´ëÀÀÀÌ ¸Å¿ì Áß¿äÇÏ´Ù. ÃÖ±ÙÀÇ »çÀ̹ö °ø°ÝÀº ´ëºÎºÐ ¾Ç¼ºÄڵ带 ÅëÇØ ¹ß»ýÇÏ°í ÀÖÀ¸¸ç, ±× ¼ýÀÚ´Â ÀÏÆò±Õ 160¸¸°³¸¦ ³Ñ¾î¼°í Àֱ⠶§¹®¿¡ ´ë·®ÀÇ ¾Ç¼ºÄڵ忡 ´ëÀÀÇϱâ À§ÇÑ ÀÚµ¿ÈµÈ ºÐ¼®±â¼úÀº ¸Å¿ì Áß¿äÇÑ Àǹ̸¦ °¡Áö°í ÀÖ´Ù. ÀÌ¿¡ ÀÚµ¿À¸·Î ºÐ¼® °¡´ÉÇÑ ±â¼úÀÌ ´Ù¾çÇÏ°Ô ¿¬±¸µÇ¾î ¿ÔÀ¸³ª ±âÁ¸ ¾Ç¼ºÄÚµå Á¤Àû ºÐ¼®±â¼úÀº ¾Ç¼ºÄÚµå ¾ÏÈ£È¿Í ³µ¶È, ÆÐÅ· µî¿¡ ´ëÀÀÇϴµ¥ ¾î·Á¿òÀÌ ÀÖ°í µ¿Àû ºÐ¼®±â¼úÀº µ¿Àû ºÐ¼®ÀÇ ¼º´É¿ä°Ç »Ó ¾Æ´Ï¶ó logic bomb µîÀ» Æ÷ÇÔÇÑ °¡»óȯ°æ ȸÇDZâ¼ú µîÀ» ´ëÀÀÇϴµ¥ ÇÑ°è°¡ ÀÖ´Ù. º» ³í¹®¿¡¼´Â »ó¿ë ȯ°æÀÇ Endpoint¿¡ Àû¿ë °¡´ÉÇÑ ¼öÁØÀÇ °¡º±°í °í¼ÓÀÇ ºÐ¼®¼º´ÉÀ» À¯ÁöÇÏ¸é¼ ±âÁ¸ ºÐ¼®±â¼úÀÇ Å½Áö¼º´É ´ÜÁ¡À» °³¼±ÇÑ ¸Ó½Å·¯´× ±â¹Ý ¾Ç¼ºÄÚµå ºÐ¼®±â¼úÀ» Á¦¾ÈÇÑ´Ù. º» ¿¬±¸ °á°ú¹°Àº »ó¿ë ȯ°æÀÇ 71,000°³ Á¤»óÆÄÀÏ°ú ¾Ç¼ºÄڵ带 ´ë»óÀ¸·Î 99.13%ÀÇ accuracy, 99.26%ÀÇ precision, 99.09%ÀÇ recall ºÐ¼® ¼º´É°ú, PC ȯ°æ¿¡¼ÀÇ ºÐ¼®½Ã°£µµ ÃÊ´ç 5°³ ÀÌ»ó ºÐ¼® °¡´ÉÇÑ °ÍÀ¸·Î ÃøÁ¤ µÇ¾ú°í Endpoint ȯ°æ¿¡¼ µ¶¸³ÀûÀ¸·Îµµ ¿î¿µ °¡´ÉÇÏ¸ç ±âÁ¸ÀÇ ¾ÈƼ¹ÙÀÌ·¯½º ±â¼ú ¹× Á¤Àû, µ¿Àû ºÐ¼® ±â¼ú°ú ¿¬°èÇÏ¿© µ¿ÀÛ ½Ã¿¡ »óÈ£ º¸¿ÏÀûÀÎ ÇüÅ·Πµ¿ÀÛÇÒ °ÍÀ¸·Î ÆǴܵȴÙ. ¶ÇÇÑ, ¾Ç¼ºÄÚµå º¯Á¾ ºÐ¼® ¹× Ãֱ٠ȵΠµÇ°í ÀÖ´Â EDR ±â¼úÀÇ Çٽɿä¼Ò·Î È°¿ë °¡´ÉÇÒ °ÍÀ¸·Î ±â´ëµÈ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.
|
| Å°¿öµå(Keyword) |
¾Ç¼ºÄÚµå
Á¤ÀûºÐ¼®
±â°èÇнÀ
Malware
Static analysis
Deep neural network
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
