Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

머신러닝을 이용한 지능형 악성코드 분석기술 동향

  • 이태진 (호서대학교 컴퓨터정보공학부)
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

사이버 침해공격은 단순히 사이버 공간에만 피해를 주는 것이 아니라, IoT/CPS와 연결되면서 실생활에 큰 피해를 줄 수 있는 중요한 문제로 대두되었다. 이러한 사이버 침해공격의 대부분은 악성코드를 사용하고 있으며, 점차 지능화된 형태로 발전하고 있다. 이에 대응하고자 다양한 악성코드 분석기술이 출현해왔으며, 최근의 연구들은 대부분 머신러닝을 이용하여 기존에 진행했던 Pattern, Heuristic 기반의 한계들을 보완하려 노력하고 있다. 본 논문에서는 머신러닝을 이용한 악성코드 분석기술의 동향을 기술하였다. 특히, 머신러닝을 이용한 악성코드 분석 목적을 7개로 분류하였고, 악성코드 분석에 핵심이 되는 Key Feature들에 대해 소개하였다. 본 논문을 통해, 다양한 악성코드 분석 방법에 있어 새로운 Approach로 연결되는 계기가 되기를 기대한다.

Keywords

References

  1. Baset, Mohamad. "MACHINE LEARNING FOR MALWARE DETECTION." (2016).
  2. Yonts, Joel. "Attributes of malicious files." SANS Institute InfoSec Reading Room (2012).
  3. Kabanga, Espoir K., and Chang Hoon Kim. "Malware Images Classification Using Convolutional Neural Network." Journal of Computer and Communications 6.01 (2017): 153.
  4. Nataraj, Lakshmanan, et al. "Malware images: visualization and automatic classification." Proceedings of the 8th international symposium on visualization for cyber security. ACM, 2011.
  5. Ahmadi, Mansour, et al. "Novel feature extraction, selection and fusion for effective malware family classification." Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. ACM, 2016.
  6. Jacob, Gregoire, et al. "A static, packer-agnostic filter to detect similar malware samples." International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Berlin, Heidelberg, 2012.
  7. Li, Yuping, et al. "Experimental study of fuzzy hashing in malware clustering analysis." 8th workshop on cyber security experimentation and test (cset 15). Vol. 5. No. 1. 2015.
  8. You, Ilsun, and Kangbin Yim. "Malware obfuscation techniques: A brief survey." Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference on. IEEE, 2010.
  9. Liu, Liu, and Baosheng Wang. "Malware classification using gray-scale images and ensemble learning." Systems and Informatics (ICSAI), 2016 3rd International Conference on. IEEE, 2016.
  10. Dahl, George E., et al. "Large-scale malware classification using random projections and neural networks." Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on. IEEE, 2013.
  11. Souri, Alireza, and Rahil Hosseini. "A state-of-the-art survey of malware detection approaches using data mining techniques." Human-centric Computing and Information Sciences 8.1 (2018): 3. https://doi.org/10.1186/s13673-018-0125-x
  12. Saxe, Joshua, and Konstantin Berlin. "Deep neural network based malware detection using two dimensional binary program features." Malicious and Unwanted Software (MALWARE), 2015 10th International Conference on. IEEE, 2015.
  13. Madry, Aleksander, et al. "Towards deep learning models resistant to adversarial attacks." arXiv preprint arXiv:1706.06083 (2017).
  14. Lin, Chih-Ta, et al. "Feature Selection and Extraction for Malware Classification." J. Inf. Sci. Eng. 31.3 (2015): 965-992.
  15. Ucci, Daniele, Leonardo Aniello, and Roberto Baldoni. "Survey on the Usage of Machine Learning Techniques for Malware Analysis." arXiv preprint arXiv:1710.08189 (2017).
  16. Ma hew Asquith. 2015. Extremely scalable storage and clustering of malware metadata. Journal of Computer Virology and Hacking Techniques (2015), 1-10.
  17. Jinrong Bai, JunfengWang, and Guozhong Zou. 2014. A malware detection scheme based on mining format information. e Scienti c World Journal 2014 (2014
  18. Mansour Ahmadi, Giorgio Giacinto, Dmitry Ulyanov, Stanislav Semenov, and Mikhail Tro mov. 2015. Novel feature extraction, selection and fusion for e ective malware family classi cation. CoRR abs/1511.04317 (2015).
  19. Blake Anderson, Daniel ist, Joshua Neil, Curtis Storlie, and Terran Lane. 2011. Graph-based malware detection using dynamic analysis. Journal in Computer Virology 7, 4 (2011), 247-258. https://doi.org/10.1007/s11416-011-0152-x
  20. Blake Anderson, Curtis Storlie, and Terran Lane. 2012. Improving malware classi cation: bridging the static/dynamic gap. In Proceedings of the 5th ACM workshop on Security and arti cial intelligence. ACM, 3-14.
  21. Ra qul Islam, Ronghua Tian, Lynn M Ba en, and Steve Versteeg. 2013. Classi cation of malware based on integrated static and dynamic features. Journal of Network and Computer Applications 36, 2 (2013), 646-656 https://doi.org/10.1016/j.jnca.2012.10.004
  22. Ki, Youngjoon, Eunjin Kim, and Huy Kang Kim. "A novel approach to detect malware based on API call sequence analysis." International Journal of Distributed Sensor Networks 11.6 (2015): 659101. https://doi.org/10.1155/2015/659101