Browse > Article
http://dx.doi.org/10.30693/SMJ.2019.8.4.25

A Malware Variants Detection Method based on Behavior Similarity  

Joe, Woo-Jin (충남대학교 컴퓨터공학과 대학원)
Kim, Hyong-Shik (충남대학교 컴퓨터공학과)
Publication Information
Smart Media Journal / v.8, no.4, 2019 , pp. 25-32 More about this Journal
Abstract
While the development of the Internet has made information more accessible, this also has provided a variety of intrusion paths for malicious programs. Traditional Signature-based malware-detectors cannot identify new malware. Although Dynamic Analysis may analyze new malware that the Signature cannot do, it still is inefficient for detecting variants while most of the behaviors are similar. In this paper, we propose a detection method using behavioral similarity with existing malicious codes, assuming that they have parallel patterns. The proposed method is to extract the behavior targets common to variants and detect programs that have similar targets. Here, we verified behavioral similarities between variants through the conducted experiments with 1,000 malicious codes.
Keywords
malware variants; dynamic analysis; behavior similarity;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 2018년 랜섬웨어 피해, 1조 500억원 규모 이를 듯(2018), https://www.rancert.com/bbs/bbs.php?mode=view&id=539&bbs_id=news&page=1&part=title&keyword=%ED%94%BC%ED%95%B4 (accessed Sept., 02, 2019).
2 Michael Sikorski and Andrew Honig, 실전 악성코드와 멀웨어 분석, 에이콘출판, p. 48, 2013
3 샌드박스, https://ko.wikipedia.org/wiki/샌드박스_(소프트웨어_개발) (accessed Sept., 02, 2019).
4 Cuckoo sandbox, https://cuckoosandbox.org, (accessed Sept., 02, 2019).
5 최우석, CUCKOO SANDBOX, 에이콘출판, p. 225, 2018
6 Process Monitor(2019), https://docs.microsoft.com/en-us/sysinternals/downloads/procmon (accessed Sept., 02, 2019).
7 Sysmon, https://docs.microsoft.com/en-us/sysinter nals/downloads/procmon, (accessed Sept., 02, 2019).
8 Mark E. Russinovich, 시스인터널스 도구로 윈도우 문제 해결하기, 에이콘출판, p. 493, 2019
9 박성빈, "자동화된 도구에 의해 생성된 변종 악성코드의 공통 속성을 이용한 탐지 방법," 한국정보기술학회논문지, 제10권, 제9호, 67-75쪽, 2012년 9월
10 문대성, "APT 공격 탐지를 위한 호스트 기반 특징 표현 방법," 정보보호학회논문지, 제24권 제5호, 839-850쪽, 2014년 10월   DOI
11 Zhang, "Sensitive system calls based packed malware variants detection using principal component initialized MultiLayers neural networks," Cybersecurity, vol. 1, no. 10, Dec. 2018.
12 Jaccard index, https://en.wikipedia.org/wiki/Jaccard_index (accessed Sept., 02, 2019).
13 ssdeep, https://ssdeep-project.github.io/ssdeep/index.html (accessed Sept., 02, 2019).
14 Tracking Malware with Import Hashing, https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html, (accessed Sept., 02, 2019).
15 김수정, "정적 분석 기반 기계학습 기법을 활용한 악성코드 식별 시스템 연구," 정보보호학회논문지, 제29권, 제4호, 775-784쪽, 2019년 8월   DOI
16 Zhang, "A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding," Computers & Security Journal, vol. 84, pp. 376-392, 2019.   DOI