Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
Dhash ±â¹Ý °í¼Ó ¾Ç¼ºÄÚµå º¯Á¾ ŽÁö±â¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
Malware Variants Detection based on Dhash |
| ÀúÀÚ(Author) |
±èÈ«ºñ
½ÅÇö¼®
ȲÁØÈ£
ÀÌÅÂÁø
Hongbi Kim
Hyunseok Shin
Junho Hwang
Taejin Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 46 NO. 11 PP. 1207 ~ 1214 (2019. 11) |
Çѱ۳»¿ë
(Korean Abstract) |
¾Ç¼ºÄÚµå »ý¼º µµ±¸¿Í ³µ¶È ±â¹ýÀÇ ´ëÁßÈ·Î ¾Ç¼ºÄÚµå´Â Áö´Éȵǰí ÀÖÁö¸¸ ±âÁ¸ÀÇ ¾Ç¼ºÄÚµå ŽÁö ±â¹ýÀº ¾Ç¼ºÄڵ忡 ´ëÇØ ¿Ïº®ÇÏÁö ¸øÇÑ Å½Áö¸¦ º¸¿©ÁÖ°í ÀÖ´Ù. ÀÌ¿¡ »õ·Ó°Ô µîÀåÇÏ´Â ¾Ç¼ºÄÚµå Áß ´Ù¼ö°¡ ±âÁ¸¿¡ ¹ß»ýÇß´ø ¾Ç¼ºÄÚµåÀÇ º¯Á¾À̶ó´Â °Í°ú º¯Á¾ ¾Ç¼ºÄÚµå´Â ¿øº» ¾Ç¼ºÄÚµå¿Í ºñ½ÁÇÑ ¹ÙÀ̳ʸ® µ¥ÀÌÅ͸¦ °®´Â Ư¡À» °í·ÁÇØ ÆÄÀÏÀÇ ¹ÙÀ̳ʸ® µ¥ÀÌÅ͸¦ ÅëÇØ À̹ÌÁö¸¦ ºÐ·ùÇÏ´Â Dhash ±â¹Ý ¾Ç¼ºÄÚµå ŽÁö ±â¹ýÀ» Á¦½ÃÇϸç, Dhash ¾Ë°í¸®ÁòÀÇ Àü¼öºñ±³·Î ÀÎÇÑ ´À¸° ºÐ¼® ½Ã°£À» °³¼±ÇÑ 10-gram ¾Ë°í¸®ÁòÀ» Á¦½ÃÇÑ´Ù. º¯Á¾ ¾Ç¼ºÄÚµå ŽÁö¿¡¼ ¿ì¼öÇÑ ssdeep ±â¹ý°úÀÇ ºñ±³¸¦ ÅëÇØ ssdeepÀÌ Å½ÁöÇÏÁö ¸øÇÏ´Â ¿µ¿ª¿¡ ´ëÇØ Dhash ¾Ë°í¸®ÁòÀÌ Å½ÁöÇßÀ½À» º¸À̸ç, ±âÁ¸ÀÇ Dhash ¾Ë°í¸®Áò°ú º» ³í¹®¿¡¼ Á¦¾ÈÇÏ´Â ¾Ë°í¸®ÁòÀÇ Å½Áö ¼Óµµ ¼º´É ºñ±³ ½ÇÇèÀ» ÅëÇØ Á¦¾ÈÇÏ´Â ¾Ë°í¸®ÁòÀÇ ¿ì¼ö¼ºÀ» Áõ¸íÇÑ´Ù. ÇâÈÄ ´Ù¸¥ LSH±â¹Ý ŽÁö ±â¹ý°ú ¿¬°èÇÑ º¯Á¾ ¾Ç¼ºÄÚµå ºÐ¼® ±â¼ú °³¹ßÀ» Áö¼Ó ÁøÇàÇÒ ¿¹Á¤ÀÌ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Malicious codes are becoming more intelligent due to the popularization of malware generation tools and obfuscation techniques, but existing malware detection techniques suffer from incomplete detection of malicious codes. Considering the facts that many newly emerging malicious codes are variants of existing malicious codes, and that they have binary data similar to those of the original malicious codes, a Dhash-based malware detection technique is presented here that classifies images based on the binary data in a file, along with a 10-gram algorithm that improves the long time taken by the analysis due to the full comparison of the Dhash algorithm. A comparison with the superior ssdep technique in variant malware detection shows that the Dhash algorithm can detect areas that ssdep does not detect, and the superiority of the proposed algorithm through the existing Dhash algorithm and the detection speed comparison experiment of the algorithms proposed in this paper. Future work will continue to develop variety of malware analysis technologies that are linked to other LSH-based detection techniques.
|
| Å°¿öµå(Keyword) |
¾Ç¼ºÄÚµå ŽÁö
Á¤Àû ºÐ¼®
º¯Á¾ ¾Ç¼ºÄÚµå
Dhash (Difference hash)
CNN (Convolutional Neural Network)
malware detection
static analysis
mutant malware
Dhash (Difference hash)
CNN(Convolutional Neural Network)
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
