Browse > Article
http://dx.doi.org/10.7472/jksii.2018.19.5.21

Study on High-speed Cyber Penetration Attack Analysis Technology based on Static Feature Base Applicable to Endpoints  

Hwang, Jun-ho (Department of Information Security, Hoseo University)
Hwang, Seon-bin (Department of Information Security, Hoseo University)
Kim, Su-jeong (Department of Information Security, Hoseo University)
Lee, Tae-jin (Department of Information Security, Hoseo University)
Publication Information
Journal of Internet Computing and Services / v.19, no.5, 2018 , pp. 21-31 More about this Journal
Abstract
Cyber penetration attacks can not only damage cyber space but can attack entire infrastructure such as electricity, gas, water, and nuclear power, which can cause enormous damage to the lives of the people. Also, cyber space has already been defined as the fifth battlefield, and strategic responses are very important. Most of recent cyber attacks are caused by malicious code, and since the number is more than 1.6 million per day, automated analysis technology to cope with a large amount of malicious code is very important. However, it is difficult to deal with malicious code encryption, obfuscation and packing, and the dynamic analysis technique is not limited to the performance requirements of dynamic analysis but also to the virtual There is a limit in coping with environment avoiding technology. In this paper, we propose a machine learning based malicious code analysis technique which improve the weakness of the detection performance of existing analysis technology while maintaining the light and high-speed analysis performance applicable to commercial endpoints. The results of this study show that 99.13% accuracy, 99.26% precision and 99.09% recall analysis performance of 71,000 normal file and malicious code in commercial environment and analysis time in PC environment can be analyzed more than 5 per second, and it can be operated independently in the endpoint environment and it is considered that it works in complementary form in operation in conjunction with existing antivirus technology and static and dynamic analysis technology. It is also expected to be used as a core element of EDR technology and malware variant analysis.
Keywords
Malware; Static analysis; Deep neural network;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 D. Keragala, "Detecting Malware and Sandbox Evasion Techniques", SANS Institute InfoSec Reading Room, 2016. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=2005&sciodt=0%2C5&cites=11695446247611230975&scipsc=&q=Detecting+Malware+and+Sandbox+Evasion+Techniques&btnG=
2 M. Asha. Jerlin, C. Jayakumar, "A Dynamic Malware Analysis for Windows Platform - A Survey", Indian Journal of Science and Technology, Vol. 8, No. 27, pp.1-5, 2015. https://doi.org/10.17485/ijst/2015/v8i27/81172
3 H.V. Nath, B. M. Mehtr, "Static Malware Analysis Using Machine Learning Methods", Communication in Computer and Information Science, pp.440-450, 2014. https://doi.org/10.1007/978-3-642-54525-2_39   DOI
4 N. Rafiq, Y. Mao, "Improving heuristics. Virus Bulletin Conference", pp.9-12, 2008. https://www.virusbulletin.com/virusbulletin/2008/08/improving-heuristics
5 A. Stewart, "Malware Dynamic Behavior Classification : SVM-HMM applied to Malware API sequencing", Whiting School of Engineering(Johns Hopkins University), 2014. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Malware+Dynamic+Behavior+Classification+%3A+SVM-HMM+applied+to+Malware+API+sequencing.&btnG=
6 R. Veeramani, R. Ni tin, "Windows API based Malware Detection and Framework Analysis", International Journal of Scientific & Engineering Research, Vol. 3, No. 3, 2012. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Windows+API+based+Malware+Detection+and+Framework+Analysis&btnG=
7 U. Baldangombo, N. Jambaljav, SJ. Horng, "A Static Malware Detection System Using Data Mining Methods", Cornell University, 2013. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=A+Static+Malware+Detection+System+Using+Data+Mining+Methods&btnG=
8 D. Bilar, "Statistical structures : Fingerprinting Malware for Classification and Analysis", Proceedings of Black Hat Federal, 2006. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Statistical+structures+%3A+Fingerprinting+Malware+for+Classification+and+Analysis&btnG=
9 C. Burgess, F. Kurugollu, S. Sezer, K. McLaughlin, "Detecting Packed Executables Using Steganalysis", Visual Information Processing(5th European Workshop (EUVIP), pp.1-5, 2014. https://doi.org/10.1109/euvip.2014.7018361   DOI
10 S. Gupta, H. Sharma, S. Kaur, "Malware Characterization using Windows API Call Sequences", International Conference on Security, Privacy, and Applied Cryptography Engineering", pp.271-280, 2016. https://doi.org/10.1007/978-3-319-49445-6_15   DOI
11 P. Natani, D. Vidyarthi, "Malware Detection Using API Function Frequency with Ensemble based Classifier", Communications in Computer and Information Science, pp.378-388, 2013. https://doi.org/10.1007/978-3-642-40576-1_37   DOI
12 L. Hyo-young, K. Wan-ju, N. Hong-jun, L. Jae-sung, "Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups", The Journal of Korean Institute of Communications and Information Science, Vol. 42, No. 1, pp.193-204, 2017. https://doi.org/10.7840/kics.2017.42.1.193   DOI
13 A. Javaid, Q. Niyaz, W. Sun, M. Alam, "A Deep Learning Approach for Network Intrusion Detection System", Proceeding of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies, pp.21-26, 2016. https://doi.org/10.4108/eai.3-12-2015.2262516   DOI
14 L. Etienne, "Malicious Traffic Detection in Local Networks with Snort", EPFL-SSC, pp.1-34, 2009. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Malicious+Traffic+Detection+in+Local+Networks+with+Snort&btnG=
15 C. Wang, J. Pang, R. Zhao, X. Liu, "Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior", International Conference on Communication Software and Networks, pp.544-548, 2009. https://doi.org/10.1109/iccsn.2009.60   DOI
16 P. Vinod, R. Jaipur, V. Laxmi, M. Gaur, "Survey on Malware Detection Methods(3rd Hackers)", Workshop on Computer and Internet Security, Department of Computer Science and Engineering, Prabhu Goel Research Centre for Computer & Internet Security, IIT, Kanpur, pp.74-79, 2009. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Survey+on+Malware+Detection+Methods&btnG=
17 D. Ucci, L. Aniello, R. Baldoni, "Survey on the Usage of Machine Learning Techniques for Malware Analysis", ACM, Vol. 1, No. 1, 2017. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Survey+on+the+Usage+of+Machine+Learning+Techniques+for+Malware+Analysis&btnG=
18 R. Perdisci, W. Lee, N. Feamster, "Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces", USENIX NSDI, 2010. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Behavioral+Clustering+of+HTTP-Based+Malware+and+Signature+Generation+Using+Malicious+Network+Traces&btnG=
19 G. Liang, J. Pang, C. Dai, "A Behavior-Based Malware Variant Classification Technique", International Journal of Information and Education Technology, Vol. 6, No. 4, pp.291, 2016. https://doi.org/10.7763/ijiet.2016.v6.702   DOI
20 J. Sexton, C. Storlie, B. Anderson, "Subroutine based Detection of APT Malware", Journal of Computer Virology and Hacking Techniques, Vol. 12, No. 4, pp.225-233, 2015. https://doi.org/10.1007/s11416-015-0258-7
21 M. Zubair. Rafique, P. Chen, C. Huygens, W. Joosen, "Evolutionary Algorithms for Classification of Malware Families through Different Network Behaviors", Genetic and Evolutionary Computation Conference, pp.1167-1174, 2014. https://doi.org/10.1145/2576768.2598238
22 G. Gu, R. Perdisci, J. Zhang, W. Lee, "Botminer : clustering analysis of network traffic for protocol- and structure independent botnet detection", USENIX Security 2008. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Botminer+%3A+clustering+analysis+of+network+traffic+for+protocol-+and+structure+independent+botnet+detection&btnG=
23 Tae-woo. K, Cae-lk. C, Man-hyun. C, Jong-sub. M, "Malware Detection Via Hybrid Analysis for API Calls", Journal of the Korea Institute of Information Security and Cryptology, 2007. https://scholar.google.co.kr/scholar?hl=ko&as_sdt=0%2C5&q=Malware+Detection+Via+Hybrid+Analysis+for+API+Calls&btnG=
24 G. Berger-Sabbatel, A. Duda, "Classification of Malware Network Activity", Multimedia Communications Services and Security, pp.24-35, 2012. https://doi.org/10.1007/978-3-642-30721-8_3   DOI
25 K. Iwamoto, K. Wasaki, "Malware Classification based on Extracted API Sequences using Static Analysis", Internet Engineering Conference, pp.31-38, 2012. https://doi.org/10.1145/2402599.2402604   DOI
26 I. Ahmed, L. Kyung-suk, "Classification of Packet Contents for Malware Detection", Journal in Computer Virology, Vol. 7, No. 4, pp.279-295, 2011. https://doi.org/10.1007/s11416-011-0156-6   DOI