Analysis of Research Trend on Machine Learning Based Malware Mutant Identification

기계 학습을 활용한 변종 악성코드 식별 연구 동향 분석

  • 유정빈 (연세대학교 정보보호연구실) ;
  • 신민식 (연세대학교 정보보호연구실) ;
  • 권태경 (연세대학교 컴퓨터과학과)
  • Published : 2017.06.30

Abstract

기하급수적으로 증가하고 있는 변종 악성코드에 대응하기 위한 식별 연구가 다양화 되고 있다. 최근 연구에서는 기존 악성코드 분석 기술 (정적/동적)의 개별 사용 한계를 파악하고, 각 방식을 혼합한 하이브리드 분석으로 전환하는 추세이다. 나아가 변종 식별이 어려운 악성코드를 더욱 정확하게 식별하기 위해 기계 학습을 적용하기에 이르렀다. 이에 따라, 본 논문에서는 변종 악성코드 식별을 위해 각 연구에서 활용한 기계 학습 기술과 사용한 악성코드 특징을 중심으로 변종 악성코드 식별 연구를 분류 및 분석한다.

Keywords

References

  1. https://www.av-test.org/en
  2. M. G. Schultz, E. Eskin, F. Zadok, and S. J. Stolfo. Data mining methods for detection of new malicious executables. In Proc. IEEE Symposium on Security and Privacy (S&P), pages 38-49, 2001.
  3. J. Z. Kolter, and M. A. Maloof. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research, pages 2721-2744, 2006.
  4. M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and G. Giacinto. Novel feature extraction, selection and fusion for effective malware family classification. In Proc. Data and Application Security and Privacy (CODASPY), pages 183-194, 2016.
  5. M. E. Karim, A. Walenstein, A. Lakhotia, and L. Parida. Malware phylogeny generation using permutations of code. Journal of Computer Virology, 1(1-2):13-23, 2005. https://doi.org/10.1007/s11416-005-0002-9
  6. X. Hu, K. G. Shin, S. Bhatkar, and K. Griffin. MutantX-S: scalable malware clustering based on static features. In Proc. USENIX Conference on Annual Technical Conference (ATC), pages 187-198, 2013.
  7. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. Learning and classification of malware behavior. In Proc. Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), pages 108-125, 2008.
  8. M. Bailey, J. Oberheide, J. Andersen, Z. M. Mao, F. Jahanian, and J. Nazario. Automated classification and analysis of internet malware. In Proc. International Workshop on Recent Advances in Intrusion Detection (RAID), pages 178-197, 2007.
  9. U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In Proc. Network and Distributed System Security Symposium (NDSS), volume 9, pages 8-11, 2009.
  10. K. Rieck, P. Trinius, C. Willems, and T. Holz. Automatic Analysis of Malware Behavior Using Machine Learning. Journal of Computer and Security, 19(4):639-668, 2011. https://doi.org/10.3233/JCS-2010-0410
  11. A. Mohaisen, O. Alrawi, and M. Mohaisen. Amal: High-fidelity, behavior-based automated malware analysis and classification. Journal of Computers and Security, 2015.
  12. T. Y. Wang, S. J. Horng, M. Y. Su, C. H. Wu, P. C. Wang, and W. Z. Su. A surveillance spyware detection system based on data mining methods. In Proc. IEEE Congress on Evolutionary Computation, pages 3236-3241, 2006.
  13. B. Anderson, C. Storlie, and T. Lane. Improving malware classification: bridging the static/dynamic gap. In Proc. Artificial Intelligence and Security (AISec), pages 3-14, 2012.
  14. M. Eskandari, Z. Khorshidpour, and S. Hashemi. Hdm-analyser: a hybrid analysis approach based on data mining techniques for malware detection. Journal of Computer Virology and Hacking Techniques, 9(2):77-93, 2013. https://doi.org/10.1007/s11416-013-0181-8
  15. R. Islam, R. Tian, L. M. Batten, and S. Versteeg. Classification of malware based on integrated static and dynamic features. Journal of Network and Computer Applications, 36(2): 646-656, 2013. https://doi.org/10.1016/j.jnca.2012.10.004