Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.11.123

The Next Generation Malware Information Collection Architecture for Cybercrime Investigation  

Cho, Ho-Mook (Cyber Security Research Center, KAIST)
Bae, Chang-Su (APEX ESC)
Jang, Jaehoon (APEX ESC)
Choi, Sang-Yong (Dept. of Cyber Security, Yeungnam University College)
Publication Information
Journal of the Korea Society of Computer and Information / v.25, no.11, 2020 , pp. 123-129 More about this Journal
Abstract
Recently, cybercrime has become increasingly difficult to track by applying new technologies such as virtualization technology and distribution tracking avoidance. etc. Therefore, there is a limit to the technology of tracking distributors based on malicious code information through static and dynamic analysis methods. In addition, in the field of cyber investigation, it is more important to track down malicious code distributors than to analyze malicious codes themselves. Accordingly, in this paper, we propose a next-generation malicious code information collection architecture to efficiently track down malicious code distributors by converging traditional analysis methods and recent information collection methods such as OSINT and Intelligence. The architecture we propose in this paper is based on the differences between the existing malicious code analysis system and the investigation point's analysis system, which relates the necessary elemental technologies from the perspective of cybercrime. Thus, the proposed architecture could be a key approach to tracking distributors in cyber criminal investigations.
Keywords
Malware; Cyber criminal; Intelligence; Cyber investigation; Trace;
Citations & Related Records
Times Cited By KSCI : 12  (Citation Analysis)
연도 인용수 순위
1 Seongmin Jeong, Hyeonseok Kim, Youngjae Kim, Myungkeun Yoon, "V-gram: Malware Detection Using Opcode Basic Blocks and Deep Learning", Journal of KIISE, Vol.46, No.7, pp.599-605, Jul, 2018, 10.5626/JOK.2019.46.7.599   DOI
2 M. Sharif, A. Lanzi, J. Giffin, W. Lee, "Automatic Reverse Engineering of Malware Emulators". 2009 30th IEEE Symposium on Security and Privacy. pp. 94-109, May. 2009.
3 Soon-Gohn Kim, "Code Automatic Analysis Technique for Virtualization-based Obfuscation and Deobfuscation", Journal of Korea Institute of Information, Electronics, and Communication Technology, Vol.11, No.6, pp.724-731, Dec. 2018, 10.17661/JKIIECT.2018.11.6.724   DOI
4 Ki-Hwan Kim, Woo-Jin Joe, Hyong-Shik Kim, "A Malware Variants Detection Method using Malicious Behavior Signature", Korea Software Congress 2019, pp. 1633-1635, Dec. 2019
5 Jinung Ahn, Hongsun Yoon, Souhwan Jung, "An Enhancement Scheme of Dynamic Analysis for Evasive Android Malware", Journal of the Korea Institute of Information Security & Cryptology, Vol.29, No.3, pp.519-529, Jun, 2019, 10.13089/JKIISC.2019.29.3.519   DOI
6 Ollydbg, http://www.ollydbg.de/
7 IDA pro, https://www.hex-rays.com/products/ida/
8 Cuckoo Sandbox, https://cuckoosandbox.org/
9 IP2Location, https://www.ip2location.com/
10 MaxMind, https://www.ip2location.com/
11 GeoByte, https://geobytes.com/iplocator/
12 NetAcuity, https://www.digitalelement.com/solutions/
13 DomainTools, https://www.domaintools.com/
14 Virustotal, https://www.virustotal.com/gui/
15 C-TAS, https://www.krcert.or.kr/data/noticeView.do?bulletin_writing_sequence=25824
16 ENISA, "ENISA Thread Landscape Report 2018", Jun, 2019
17 Y.S.Kim, "Ensemble Model using Multiple Profiles for Analytical Classification of Threat Intelligence", JOURNAL OF THE KOREA CONTENTS ASSOCIATION, Vol.17, No.3, pp.231-237, 2017.03, 10.5392/JKCA.2017.17.03.231   DOI
18 Open Threat eXchange(OTX), https://otx.alienvault.com/
19 Malware Information Sharing Platform(MISP), https://www.misp-project.org/
20 Changwan Lim, Youngsup Shin, Dongjae Lee, Sungyoung Cho, Insung Han, Haengrok Oh "Real-time Cyber Threat Intelligent Analysis and Prediction Technique, KIISE Transactions on Computing Practices, Vol.25, No.11, pp.565-570, 2019.11,10.5626/KTCP.2019.25.11.565   DOI
21 Choi Wonseok, Kim Jinsoo, "A System for Generating and Sharing Cyber Threat Intelligence on malicious code", Korea Software Congress 2018, pp.1035-1036, PeungChang, korea, Dec, 2018,
22 Seonhee Seok, Howon Kim, "Visualized Malware Classification Based-on Convolutional Neural Network", Journal of the Korea Institute of Information Security & Cryptology, Vol.26, No.1, pp. 197-208, Feb. 2016, 10.13089/JKIISC.2016.26.1.197   DOI
23 Taejin Lee "Trend of intelligent malicious code analysis technology using machine learning", REVIEW OF KIISC, Vol.28, No.2, pp.12-19, Apr, 2018
24 Jun-ho Hwang, Tae-jin Lee, "Study of Static Analysis and Ensemble-Based Linux Malware Classification", Journal of the Korea Institute of Information Security & Cryptology, Vol.29, No.6, pp.1327-1337, Dec. 2019,10.13089/JKIISC.2019.29.6.1327   DOI
25 Jun-ho Hwang, Tae-jin Lee, "Malware Packing Analysis Based on Convolutional Neural Network with 2-Dimension Static Feature Set", The Journal of Korean Institute of Communications and Information Sciences, Vol.43, No.12, pp.2089-2099, Dec. 2018, 10.7840/kics.2018.43.12.2089   DOI