Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

A Method to Find the Core Node Engaged in Malware Propagation in the Malware Distribution Network Hidden in the Web

웹에 숨겨진 악성코드 배포 네트워크에서 악성코드 전파 핵심노드를 찾는 방안

  • 김성진 (제주한라대학교 인공지능공학과)
  • Received : 2023.04.05
  • Accepted : 2023.04.13
  • Published : 2023.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In the malware distribution network existing on the web, there is a central node that plays a key role in distributing malware. If you find and block this node, you can effectively block the propagation of malware. In this study, a centrality search method applied with risk analysis in a complex network is proposed, and a method for finding a core node in a malware distribution network is introduced through this approach. In addition, there is a big difference between a benign network and a malicious network in terms of in-degree and out-degree, and also in terms of network layout. Through these characteristics, we can discriminate between malicious and benign networks.

웹에 존재하는 악성코드 배포 네트워크에는 악성코드 배포를 위해 핵심 역할을 수행하는 중심 노드가 있다. 이노드를 찾아 차단하면 악성코드 전파를 효과적으로 차단할 수 있다. 본 연구에서는 복잡계 네트워크에서 위험 분석이 적용된 centrality 검색 방법을 제안하였고, 이 방식을 통해 악성코드 배포 네트워크 내에서 핵심노드를 찾는 방법을 소개한다. 그 외에, 정상 네트워크와 악성 네트워트는 in-degree와 out-degree 측면에서 큰 차이가 있고, 네트워크 레이아웃 측면에서도 서로 다르다. 이 특징을 통해 우리는 악성과 정상 네트워크를 분별할 수 있다.

Keywords

References

  1. S. J. Kim, S. K. Kim and D. H. Kim, "LoGos: Internet-Explore-Based Malicious Webpage Detection", ETRI Journal, Vol. 39, No. 3, pp. 406-416, 2017. https://doi.org/10.4218/etrij.17.0116.0810
  2. S. J. Kim, J. K. Kim, S. W. N am and D. H. Kim, "WebMon: ML-and YARA-based malicious webpage detection", Computer Networks, Vol. 137, pp. 119-131, 2018. https://doi.org/10.1016/j.comnet.2018.03.006
  3. Thug, https://buffer.github.io/thug/, 2023.
  4. T. Nelms, R. Perdisci, M. Antonakakis and M. Ahamad, "Webwitness: Investigating, categorizing, and mitigating malware download paths", In 24th {USENIX} Security Symposium ({USENIX} Security 15), pp. 1025-1040, 2015.
  5. S. Kim, J. Kim and B. B. Kang, "Malicious URL protection based on attackers' habitual behavioral analysis", Computers & Security, Vol. 77, pp. 790-806, 2018. https://doi.org/10.1016/j.cose.2018.01.013
  6. S. Huh, S. Cho, J. Choi, S. Shin and H. Lee, "A Comprehensive Analysis of Today's Malware and Its Distribution Network: Common Adversary Strategies and Implications", EEE Access, Vol. 10, pp. 49566-49584, 2022.
  7. H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen and B. Y. Zhao, "Detecting and characterizing social spam campaigns", In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp. 35-47, 2010.
  8. Centrality, https://en.wikipedia.org/wiki/Centrality.
  9. OpenGraphiti, https://www.opengraphiti.com/, 2015.
  10. NetMiner, http://www.netminer.com, 2023.
  11. The Open Graph Viz Platform, https://gephi.org/, Gephi, 2022.
  12. Alexa, https://en.wikipedia.org/wiki/Alexa_Internet.