Browse > Article
http://dx.doi.org/10.5762/KAIS.2019.20.7.613

A Malware Detection Method using Analysis of Malicious Script Patterns  

Lee, Yong-Joon (Defense Security Institute)
Lee, Chang-Beom (Korea Transportation Safety Authority)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.20, no.7, 2019 , pp. 613-621 More about this Journal
Abstract
Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.
Keywords
Lansomware; Malicious Code; Malware Detection; Malicious Patterns; Secure Web Sites;
Citations & Related Records
Times Cited By KSCI : 11  (Citation Analysis)
연도 인용수 순위
1 H. H. Jung, H. Y. Kwon, "A Study on the Necessity of the Introduction of Professional Certification System for Financial Security", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.17, No.4, pp.209-218, 2017. DOI: https://doi.org/10.7236/JIIBC.2017.17.4.209   DOI
2 K. A. Yang, D. W. Shin, J. K. Kim, B. C. Bae, "Trend and Prospect of Security System Technology for Network", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.18, No.5, pp.1-8, 2018. DOI: https://doi.org/10.7236/JIIBC.2018.18.5.1   DOI
3 S. Y. Lee, J. Y. Kim, "Performance of privacy Amplification in Quantum Key Distribution Systems", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.18, No.5, pp.111-116, 2018. DOI: https://doi.org/10.7236/JIIBC.2018.18.5.111   DOI
4 M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, G. Giacinto, "Novel feature extraction, selection and fusion for effective malware family classification", Proceedings of the sixth ACM conference on data and application security and privacy, pp.183-194. March 2016. DOI: http://dx.doi.org/10.1145/2857705.2857713
5 S. Hansen, S. T. Larsen, M. T. Stevanovic, J. M. Pedersen, "An approach for detection and family classification of malware based on behavioral analysis", Proceedings of International Conference, In Computing, Networking and Communications(ICNC), IEEE, pp.1-5, Feb. 2016. DOI: http://dx.doi.org/10.1109/ICCNC.2016.7440587
6 Y. J. Ki, E. J. Kim, H. K. Kim, "A novel approach to detect malware based on API call sequence analysis", International Journal of Distributed Sensor Networks, Vol.2015, No.4, pp. 1-9, 2015. DOI: https://doi.org/10.1155/2015/659101
7 K. Rieck, T. Holz, C. Willems, P. Dusse, P. Laskov, "Learning and classification of malware behavior", Proceedings of International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, pp.108-125, 2018. DOI: https://doi.org/10.1007/978-3-540-70542-0_6
8 Y. S. Kim, B. K. Lee, "CoAP/6LoWPAN-based Smart Home Network system using DTLS", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.18, No.6, pp.53-61, 2018. DOI: https://doi.org/10.7236/JIIBC.2018.18.6.53   DOI
9 K. S. Jeong, S. Bae, H. Kim, "Evaluation Criteria for Suitable Authentication Method for IoT Service Provider in Industry 4.0 Environment", Journal of the Society of Korea Industrial and Systems Engineering, Vol.40, No.3, pp.116-122, 2017. DOI: https://doi.org/10.11627/jkise.2017.40.3.116   DOI
10 A. Mateen, Q. Zhu, S. Afsar, M. Usman, "IoT and Wireless Sensor Network Monitoring for Campus Security", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.18, No.6, pp.33-41, 2018. DOI: https://doi.org/10.7236/JIIBC.2018.18.6.33   DOI
11 S. T. Yu, S. H. Oh, "Malware Analysis Mechanism using the Word Cloud based on API Statistics", Journal of the Korea Academia-Industrial, Vol.16, No.10, pp.7211-7218, 2015. DOI: http://dx.doi.org/10.5762/KAIS.2015.16.10.7211   DOI
12 J. Saxe, K. Berlin, "Deep neural network based malware detection using two dimensional binary program features", Proceedings of Malicious and Unwanted Software(MALWARE), 10th International Conference, IEEE, pp.11-20, Oct. 2015. DOI: https://doi.org/10.1109/MALWARE.2015.7413680
13 S. Y. Min, E. S. Cho, B. W. Jin, "A Implement of Integrated Management Systems for User Fraud Protection and Malware Infection Prevention", Journal of the Korea Academia-Industrial, Vol.16, No.12, pp.8908-8914, 2015. DOI: http://dx.doi.org/10.5762/KAIS.2015.16.12.8908   DOI
14 E. S. Lee, S. R. Kim, Y. K. Kim, "A Study on Enhancing Security Management of IT Outsourcing for Information System Establishment and Operation", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.17, No.4, pp.27-34, 2017. DOI: https://doi.org/10.7236/JIIBC.2017.17.4.27   DOI
15 H. T. Lee, "Analysis of Security Technology for Internet of things", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.17, No.4, pp.43-48, 2017. DOI: https://doi.org/10.7236/JIIBC.2017.17.4.43   DOI
16 D. D. Lille, B. Coppens, D. Raman, B. D. Sutter, "Automatically combining static malware detection techniques", Proceedings of 10th International Conference on Malicious and Unwanted Software(MALWARE), pp.48-55, Oct. 2015. DOI: https://doi.org/10.1109/MALWARE.2015.7413684
17 P. Vinod, R. Jaipur, V. Laxmi and M. Gaur, "Survey on malware detection methods", Proceedings of the 3rd hackers' workshop on computer and internet security, pp.74-79, 2009.
18 M. Egele, T. Scholte, E. Kirda, C. Kruegel, "A survey on automated dynamic malware-analysis techniques and tools", ACM computing surveys (CSUR), Vol. 44, No.2, 2012. DOI: https://doi.org/10.1145/2089125.2089126
19 S. Y. Min, C. S. Jung, K. H. Lee, E. S. Cho, T. B. Yoon, S. H. You, "Design of Comprehensive Security Vulnerability Analysis System through Efficient Inspection Method according to Necessity of Upgrading System Vulnerability", Journal of the Korea Academia-Industrial, Vol.18, No.7, pp.1-8, 2015. DOI: http://dx.doi.org/10.5762/KAIS.2017.18.7.1   DOI
20 Y. Fan, Y. Ye, L. Chen, "Malicious sequential pattern mining for automatic malware detection", Expert Systems with Applications, Vol.52, pp.16-25. 2016. DOI: https://doi.org/10.1016/j.eswa.2016.01.002   DOI
21 B. Sun, Q. Li, Y. Guo, Q. Wen, X. Lin, W. Liu, "Malware family classification method based on static feature extraction", Proceedings of 3rd International Conference, In Computer and Communications (ICCC), IEEE, pp.507-513. March 2017. DOI: https://doi.org/10.1109/CompComm.2017.8322598
22 S. Acharya, B. Ehrenreich, J. Marciniak, "OWASP inspired mobile security", Proceedings of International Conference, Bioinformatics and Biomedicine(BIBM), IEEE, pp.782-784, 2015. DOI: https://doi.org/10.1109/BIBM.2015.7359786
23 P. Royal, M. Halpin, D. Dagon, R. Edmonds, W. Lee, "PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware", Proceedings of 22nd Annual Computer Security Applications Conference (ACSAC'06), IEEE, pp.289-300, 2006. DOI: https://doi.org/10.1109/ACSAC.2006.38
24 W. Li, C. Li, M. Duan, "Method for detecting the obfuscated malicious code based on behavior connection", Proceedings of 3rd International Conference on Cloud Computing and Intelligence Systems, IEEE, Nov. 2014. DOI: https://doi.org/10.1109/CCIS.2014.7175735
25 A. Shabtal, R. Moskopvitch, C. Feher, S. Dolev, Y. Elovici, "Detecting unknown malicious code by applying classification techniques on opcode patterns", Security Informatics, Vol.1, No.1, 2012. DOI: https://doi.org/10.1186/2190-8532-1-1
26 C. She, Y. Ma, J. Wang, L. Jia, "An improved malicious code intrusion detection method based on target tree for space information network", International Journal of Distributed Sensor Networks, Vol. 13, No. 12, 2017. DOI: https://doi.org/10.1177/1550147717747847