Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2021.11.04.055

Graph Database based Malware Behavior Detection Techniques  

Choi, Do-Hyeon (Computer Science, Soongsil University)
Park, Jung-Oh (Division of Paideia, Sungkyul University)
Publication Information
Journal of Convergence for Information Technology / v.11, no.4, 2021 , pp. 55-63 More about this Journal
Abstract
Recently, the incidence rate of malicious codes is over tens of thousands of cases, and it is known that it is almost impossible to detect/respond all of them. This study proposes a method for detecting multiple behavior patterns based on a graph database as a new method for dealing with malicious codes. Traditional dynamic analysis techniques and has applied a method to design and analyze graphs of representative associations malware pattern(process, PE, registry, etc.), another new graph model. As a result of the pattern verification, it was confirmed that the behavior of the basic malicious pattern was detected and the variant attack behavior(at least 5 steps), which was difficult to analyze in the past. In addition, as a result of the performance analysis, it was confirmed that the performance was improved by about 9.84 times or more compared to the relational database for complex patterns of 5 or more steps.
Keywords
Malware; Grape Database; Behavior Analysis; Association Analysis; Pattern Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 ESTsecurity. (n. d.). ESTsecurity. Eastsecurity Security Trend Report No.136. 2021-01 - Malicious Code Statistics and Analysis(Online). https://www.estsecurity.com/
2 KISA. (n. d.). Korea Internet & Security Agency. Malicious Code Hidden Site Detection Trend Report [First Half of 20](Online). https://www.boho.or.kr/
3 K. W. Kook & B. C. Gong. (n. d.). ITFIND. Trends in Security Technology Development Using Artificial Intelligence - Planning Series (Next Generation Security)(Online). https://www.itfind.or.kr/
4 S. J. Kim, J. H. Ha, S. H. Oh & T. J. Lee. (2019). A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique. Journal of The Korea Institute of Information Security and Cryptology. 29(4), 775-784. DOI : 10.13089/JKIISC.2019.29.4.775   DOI
5 ESTsecurity. (n. d.). ESTsecurity. ESTsecurity Security Trend Report No.137. 2021-02 - Malicious Code Statistics and Analysis(Online). https://www.estsecurity.com/
6 J. S. Seo & H. J. Lee. (n. d.). Bitnine.. Graph Database Technology Trends and Application Cases(Online). https://www.itfind.or.kr/
7 AMAZON. (n. d.). Amazon Web Services. What Is a Graph Database? - The graph database defined(Online). https://aws.amazon.com/
8 W. C. Park. (2020). Is-A Node Type Modeling Methodology to Improve Pattern Query Performance in Graph Database. Journal of The Korea Society of Computer and Information, 25(4), 123-131. DOI : 10.9708/jksci.2020.25.04.123   DOI
9 Bitnine. (n. d.). AgensGraph Use Case #8. Collaboration/Performance Management System(Online). https://bitnine.net/
10 S. C. Sin. (2017). Static Code Analysis based on Graph Database. Communications of the Korean Institute of Information Scientists and Engineers, 35(2), 9-13. UCI(KEPA) : I410-ECN-0101-2017-569-002204936
11 W. C. Jeong, M. S. Jun & D. H. Choi. (2020). AMI Network Failure Analysis based on Graph Database. Journal of Convergence for Information Technology, 10(7), 41-48. DOI : 10.22156/CS4SMB.2020.10.07.041   DOI
12 D. H. Han & M. S. Kim. (2020). A Matrix Computation Engine and Applications based on Distributed GPUs for Large-scale Machine Learning. Journal of Computing Science and Engineering, 38(8), 8-17.
13 INCA Internet Security Analysis & Response Center. (n. d.). October 2020 Malware Statistics(Online). https://www.estsecurity.com/
14 T. R. Kim & J. J. Lee. (2020). A Study on the Structure of Muga by Ontology Method - Focusing on -. Korean Folklore Society, 72, 333-369. DOI : 10.21318/TKF.2020.11.72.333   DOI
15 J. Y. Kim & K. H. Ro. (2019). Construction of Knowledge Base Based on Graph Database for College Student Career Advice Using Public Data. Journal of the Institute of Electronics and Information Engineers of Korea. 56(10), 41-48. DOI : 10.5573/ieie.2019.56.10.41   DOI
16 IDG - CIO Korea. (n. d.). Gartner, Announcement of Top 10 Data and Analysis Technology Trends in 2019 - Trend 5 : Grape(Online). https://www.ciokorea.com/
17 RTInsights. (n. d.). Todd Blaschka and Gaurav Deshpande, How the World's Largest Banks Use Advanced Graph Analytics to Fight Fraud(Online). https://www.rtinsights.com
18 S. W. Hyun & T. K. Kwon. (2019). A Study of Effectiveness of the Improved Security Operation Model Based on Vulnerability Database. Journal of the Korea Institute of Information Security & Cryptology, 29(5), 1167-1177. DOI : 10.13089/JKIISC.2019.29.5.1167   DOI
19 W. C. Jeong, M. S. Jun & D. H. Choi. (2020). Association Analysis for Detecting Abnormal in Graph Database Environment. Journal of Convergence for Information Technology, 10(8), 15-22. DOI : 10.22156/CS4SMB.2020.10.08.015   DOI
20 William Lyon. (n. d.). Graph Visualization of Panama Papers Data In Neo4j - Revisiting ICIJ's Offshore Leaks In The Face Of The Latest Deutsche Bank Scandal (Online). https://medium.com/
21 T. H. Park, H. W. Lee & W. Shin. (2020). Propagation Modeling of WannaCryptor Wormable Malware. Journal of The Korea Institute of Information Security and Cryptology, 30(3), 389-396. DOI : doi.org/10.13089/JKIISC.2020.30.3.389   DOI
22 dyaniworld. (n. d.). Information Technology/Spear Phishing - A Study on Behavior-Based Discrimination for Spear Phishing(Online). https://dyaniworld.tistory.com/
23 S. J. Kim, J. H. Ha, S. H. Oh, T. J. Lee. (2019). A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique. Journal of the Korea Institute of Information Security & Cryptology, 29(4), 775-784. DOI :10.13089/JKIISC.2019.29.4.775   DOI