Journal of IKEEE (전기전자학회논문지)

Institute of Korean Electrical and Electronics Engineers (한국전기전자학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Email Security through Proactive Detection and Prevention of Malware Email Attacks

악성 이메일 공격의 사전 탐지 및 차단을 통한 이메일 보안에 관한 연구

  • Yoo, Ji-Hyun (Dept. of Software Convergence, Jangan University)
  • Received : 2021.12.14
  • Accepted : 2021.12.20
  • Published : 2021.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

New malware continues to increase and become advanced by every year. Although various studies are going on executable files to diagnose malicious codes, it is difficult to detect attacks that internalize malicious code threats in emails by exploiting non-executable document files, malicious URLs, and malicious macros and JS in documents. In this paper, we introduce a method of analyzing malicious code for email security through proactive detection and blocking of malicious email attacks, and propose a method for determining whether a non-executable document file is malicious based on AI. Among various algorithms, an efficient machine learning modeling is choosed, and an ML workflow system to diagnose malicious code using Kubeflow is proposed.

시간이 지날수록 새로운 맬웨어는 계속 증가하고, 점점 고도화되고 있다. 악성 코드를 진단하기 위해 실행파일에 관한 연구는 다양하게 진행되고 있으나, 비실행 문서파일과 악성 URL, 문서 내 악성 매크로 및 JS 등을 악용하여 이메일에 악성 코드 위협을 내재화한 공격은 탐지하기 어려운 것이 현실이다. 본 논문에서는 악성 이메일 공격의 사전 탐지 및 차단을 통한 이메일 보안을 위해 악성 코드를 분석하는 방법을 소개하고, AI 기반으로 비실행 문서파일의 악성 여부를 판단하는 방법을 제시한다. 다양한 알고리즘 중에 효율적인 학습 모델링 방법을 채택하고 Kubeflow를 활용하여 악성 코드를 진단하는 ML 워크플로 시스템을 제안하고자 한다.

Keywords

Acknowledgement

This work was supported by Jangan University Research Grant in 2021.

References

  1. "Malware Statistics & Trends Report," https://www.av-test.org/en/statistics/malware/
  2. Lenny Zeltser, "Information Security in Businesses," https://zeltser.com/mastering-4-stages-of-malware-analysis/
  3. "Kubeflow," https://www.kubeflow.org/
  4. "Virus Total," https://www.virustotal.com/gui/home/upload
  5. J. Kinable and O. Kostakis, "Malware classication based on call graph clustering," Journal in Computer Virology, vol.7, no.4, pp.233-245, 2011. DOI: 10.1007/s11416-011-0151-y
  6. M. Islam, R. Tian, L. Batten, and S. Versteeg, "Classication of malware based on string and function feature selection," Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second, pp.9-17, 2010. DOI: 10.1109/CTC.2010.11
  7. R. Tian, L. Batten, and S. Versteeg, "Function length as a tool for malware classification," Malicious and Unwanted Software, 2008. MALWARE 2008. 3 rd International Conference, pp.69-76, 2008. DOI: 10.1109/MALWARE.2008.4690860
  8. M. Bailey, J. Oberheide, J. Andersen, Z. Mao, F. Jahanian, and J. Nazario, "Automated classification and analysis of internet malware," Recent Advances in Intrusion Detection (C. Kruegel, R. Lippmann, and A. Clark, eds.), vol. 4637 of Lecture Notes in Computer Science, pp.178-197, 2007. DOI: 10.1007/978-3-540-74320-0_10
  9. M. Zolkipli and A. Jantan, "An approach for malware behavior identification and classification," Computer Research and Development (ICCRD), 2011 3rd International Conference, vol.1, pp.191-194, 2011. DOI: 10.1109/ICCRD.2011.5764001
  10. R. Islam, R. Tian, L. M. Batten, and S. Versteeg, "Classification of malware based on integrated static and dynamic features," Journal of Network and Computer Applications, vol.36, no.2, pp.646-656, 2013. DOI: 10.1016/j.jnca.2012.10.004
  11. R. Pascanu, J. Stokes, H. Sanossian, M. Marinescu, and A. Thomas, "Malware classification with recurrent networks," Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference, pp.1916-1920, 2015. DOI: 10.1109/ICASSP.2015.7178304
  12. M. Sokolova and G. Lapalme, "A system atic analysis of performance measures for classification tasks," Information Processing & Management, vol.45, no.4, pp.427-437, 2009. DOI: 10.1016/j.ipm.2009.03.002