Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Malware Classification Possibility based on Sequence Information

순서 정보 기반 악성코드 분류 가능성

  • 윤태욱 (중앙대학교 컴퓨터공학과) ;
  • 박찬수 (중앙대학교 컴퓨터공학과) ;
  • 황태규 (중앙대학교 컴퓨터공학과) ;
  • 김성권 (중앙대학교 컴퓨터공학과)
  • Received : 2017.01.22
  • Accepted : 2017.07.17
  • Published : 2017.11.15
⟨ Previous Next ⟩

Abstract

LSTM(Long Short-term Memory) is a kind of RNN(Recurrent Neural Network) in which a next-state is updated by remembering the previous states. The information of calling a sequence in a malware can be defined as system call function that is called at each time. In this paper, we use calling sequences of system calls in malware codes as input for malware classification to utilize the feature remembering previous states via LSTM. We run an experiment to show that our method can classify malware and measure accuracy by changing the length of system call sequences.

LSTM(Long Short-term Memory)은 이전 상태의 정보를 기억하여 현재 상태에 반영해 학습하는 순환신경망(Recurrent Neural Network) 모델이다. 악성코드에서 선형적 순서 정보는 각 시점에서 호출되는 함수로서 정의 가능하다. 본 논문에서는 LSTM 모델의 이전 상태를 기억하는 특성을 이용하며, 시간 순서에 따른 악성코드의 함수 호출 정보를 입력으로 사용한다. 그리고 실험으로서 우리가 제시한 방법이 악성코드 분류가 가능함을 보이고 순서 정보의 길이 변화에 따른 정확률을 측정한다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. AV-TEST. Malware statistic [Online]. Available: www.av-test.org/en/statistics/malware (downloaded 2017, Jul. 3)
  2. Saxe, Joshua, and Konstantin Berlin. "Deep neural network based malware detection using two dimensional binary program features," 2015 10th International Conference on Malicious and Unwanted Software, pp. 11-20, 2015.
  3. G. E. Dahl, J. W. Stokes, L. Deng, and D. Yu, "Large-scale malware classification using random projections and neural networks," 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 3422-3426, 2013.
  4. D. M. d. Almeida, "Malware classification on time series data through machine learning," M.S, University of PORTO, 2016.
  5. R. Pascanu, J. W. Stokes, H. Sanossian, M. Marinescu, and A. Thomas, "Malware classification with recurrent networks," 2015 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 1916-1920, 2015.
  6. S. Hochreiter and J. Schmidhuber, "Long short-term memory," Neural computation, Vol. 9, No. 8, pp. 1735-1780, Nov. 1997. https://doi.org/10.1162/neco.1997.9.8.1735
  7. C. Olah. LSTM Structure [Online]. Available: http://colah.github.io/post/2015-08-Understanding-LSTMs (downloaded 2017, Jul. 3)