Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.5.1119

A Study on Automatic Classification Technique of Malware Packing Type  

Kim, Su-jeong (Hoseo University)
Ha, Ji-hee (Hoseo University)
Lee, Tae-jin (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.5, 2018 , pp. 1119-1127 More about this Journal
Abstract
Most of the cyber attacks are caused by malicious codes. The damage caused by cyber attacks are gradually expanded to IoT and CPS, which is not limited to cyberspace but a serious threat to real life. Accordingly, various malicious code analysis techniques have been appeared. Dynamic analysis have been widely used to easily identify the resulting malicious behavior, but are struggling with an increase in Anti-VM malware that is not working in VM environment detection. On the other hand, static analysis has difficulties in analysis due to various packing techniques. In this paper, we proposed malware classification techniques regardless of known packers or unknown packers through the proposed model. To do this, we designed a model of supervised learning and unsupervised learning for the features that can be used in the PE structure, and conducted the results verification through 98,000 samples. It is expected that accurate analysis will be possible through customized analysis technology for each class.
Keywords
Packing; Malware classification; Section name; Clustering; Deep Learning;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Seon-gyun Kim, "Design and Implementation of PE File Unpacking Automatic System for Malware Analysis," master's thesis, Kangwon National University, Feb. 2018
2 AV-TEST, The AV-TEST security report 2016/2017, AV-TEST report, Jul. 2017.
3 Kaspersky Lab, Machine learning for malware detection, Kaspersky Lab, 2017.
4 Deok-jo Jeon and Dong-gue Park, "Real-time malware detection method using machine learning," The Journal of Korean Institute of Information Technology, 16(3), pp. 101-113, Mar. 2018.   DOI
5 M.G. Schultz, E. Eskin, F. Zadok, and S.J. Stolfo, "Data mining methods for detection of new malicious executables," Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 38-49, Aug. 2001.
6 U. Bayer, P.M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda, "Scalable, Behavior-based malware clustering," NDSS, vol. 9, pp. 8-11, Feb. 2009.
7 Chang-wook Park, Hyun-ji Chung, Kwang-seok Seo and Sang-jin Lee, "Research on the classification model of similarity malware using fuzzy hash," Journal of the Korea Institute of Information Security & Cryptology, 22(6), pp. 1325-1336, Jan. 2012.
8 Hee-jun Kwon, Sun-woo Kim and Eul-gyu Im, "An malware classification system using multi n-gram," Journal of Security Engineering, 9(6), pp. 531-542, Dec. 2012.
9 J. Saxe, and K. Berlin, "Deep neural network based malware detection using two dimensional binary program features," Proceedings of the 10th International Conference on Malicious and Unwanted Software, pp. 11-20, Oct. 2015.
10 D. Gibert, "Convolutional neural networks for malware classification," master's thesis, Computer Science Department, Universitat Politecnica de Catalunya, Oct. 2016.
11 Ho-dong Lee, Reverse engineering 1 (file structure section), Hanbit Media, Oct. 2016.
12 Ho-dong Lee, Structure and principles of windows system executables, Hanbit Media, May 2005.
13 Hea-eun Moon, Joon-young Sung, Hyun-sik Lee, Gyeong-ik Jang, Ki-yong Kwak and Sang-tae Woo, "Identification of Attack Group using Malware and Packer Detection," Journal of KIISE, 45(2), pp. 106-112, Feb. 2018.   DOI