Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
´ë¿ë·® ¾Ç¼ºÄÚµåÀÇ Æ¯Â¡ ÃßÃâ °¡¼Óȸ¦ À§ÇÑ ºÐ»ê ó¸® ½Ã½ºÅÛ ¼³°è ¹× ±¸Çö |
| ¿µ¹®Á¦¸ñ(English Title) |
Distributed Processing System Design and Implementation for Feature Extraction from Large-Scale Malicious Code |
| ÀúÀÚ(Author) |
ÀÌÇöÁ¾
¾î¼ºÀ²
ȲµÎ¼º
Hyunjong Lee
Seongyul Euh
Doosung Hwang
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 08 NO. 02 PP. 0035 ~ 0040 (2019. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
±âÁ¸ ¾Ç¼ºÄÚµå ŽÁö´Â ´ÙÇü¼º ¶Ç´Â ³µ¶È ±â¹ýÀÌ Àû¿ëµÈ º¯Á¾ ¾Ç¼ºÄÚµå ŽÁö¿¡ Ãë¾àÇÏ´Ù. ±â°èÇнÀ ¾Ë°í¸®ÁòÀº ¾Ç¼ºÄڵ忡 ³»ÀçµÈ ÆÐÅÏÀ» ÇнÀ½ÃÄÑ À¯»ç ÇàÀ§ ŽÁö°¡ °¡´ÉÇØ ±âÁ¸ ŽÁö ¹æ¹ýÀ» ´ëüÇÒ ¼ö ÀÖ´Ù. ½Ã°£¿¡ µû¶ó º¯ÈÇÏ´Â ¾Ç¼ºÄÚµå ÆÐÅÏÀ» ÇнÀ½ÃÅ°±â À§ÇØ Áö¼ÓÀûÀ¸·Î µ¥ÀÌÅ͸¦ ¼öÁýÇؾßÇÑ´Ù. ±×·¯³ª ´ë¿ë·® ¾Ç¼ºÄÚµå ÆÄÀÏÀÇ ÀúÀå ¹× Ã³¸® °úÁ¤Àº ³ôÀº °ø°£°ú ½Ã°£ º¹Àâµµ°¡ ¼ö¹ÝµÈ´Ù. ÀÌ ³í¹®¿¡¼´Â °ø°£ º¹Àâµµ¸¦ ¿ÏÈÇÏ°í ó¸® ½Ã°£À» °¡¼ÓÈÇϱâ À§ÇØ HDFS ±â¹Ý ºÐ»ê ó¸® ½Ã½ºÅÛÀ» ¼³°èÇÑ´Ù. ºÐ»ê ó¸® ½Ã½ºÅÛÀ» ÀÌ¿ëÇØ 2-gram Ư¡°ú ÇÊÅ͸µ ±âÁØ¿¡ µû¸¥ API Ư¡ 2°³, APICFG Ư¡À» ÃßÃâÇÏ°í ¾Ó»óºí ÇнÀ ¸ðµ¨ÀÇ ÀϹÝÈ ¼º´ÉÀ» ºñ±³Çß´Ù. ½ÇÇè °á°ú·Î Ư¡ ÃßÃâÀÇ ½Ã°£ º¹Àâµµ´Â ÄÄÇ»ÅÍ ÇÑ ´ëÀÇ Ã³¸® ½Ã°£°ú ºñ±³ÇßÀ» ¶§ ¾à 3.75¹è ¼Óµµ°¡ °³¼±µÇ¾úÀ¸¸ç, °ø°£ º¹Àâµµ´Â ¾à 5¹èÀÇ È¿À²¼ºÀ» º¸¿´´Ù. Ư¡ º° ºÐ·ù ¼º´ÉÀ» ºñ±³ÇßÀ» ¶§ 2-gram Ư¡ÀÌ °¡Àå ¿ì¼öÇßÀ¸³ª ÈÆ·Ã µ¥ÀÌÅÍ Â÷¿øÀÌ ³ô¾Æ ÇнÀ ½Ã°£ÀÌ ¿À·¡ ¼Ò¿äµÇ¾ú´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Traditional Malware Detection is susceptible for detecting malware which is modified by polymorphism or obfuscation technology. By learning patterns that are embedded in malware code, machine learning algorithms can detect similar behaviors and replace the current detection methods. Data must collected continuously in order to learn malicious code patterns that change over time. However, the process of storing and processing a large amount of malware files is accompanied by high space and time complexity. In this paper, an HDFS-based distributed processing system is designed to reduce space complexity and accelerate feature extraction time. Using a distributed processing system, we extract two API features based on filtering basis, 2-gram feature and APICFG feature and the generalization performance of ensemble learning models is compared. In experiments, the time complexity of the feature extraction was improved about 3.75 times faster than the processing time of a single computer, and the space complexity was about 5 times more efficient. The 2-gram feature was the best when comparing the classification performance by feature, but the learning time was long due to high dimensionality.
|
| Å°¿öµå(Keyword) |
ºÐ»ê ó¸® ½Ã½ºÅÛ
¾Ç¼ºÄÚµå ŽÁö
Ư¡ ÃßÃâ
±â°è ÇнÀ
Distributed Processing System
Malware Detection
Feature Extraction
Machine Learning
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
