• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.45-54
• /
• 2006

Nowadays, a lot of techniques have been applied for the detection of malicious behavior. However, the current techniques taken into practice are facing with the challenge of much variations of the original malicious behavior, and it is impossible to respond the new forms of behavior appropriately and timely. There are also some limitations can not be solved, such as the error affirmation (positive false) and mistaken obliquity (negative false). With the questions above, we suggest a new method here to improve the current situation. To detect the malicious code, we put forward dealing with the basic source code units through the conceptual graph. Basically, we use conceptual graph to define malicious behavior, and then we are able to compare the similarity relations of the malicious behavior by testing the formalized values which generated by the predefined graphs in the code. In this paper, we show how to make a conceptual graph and propose an efficient method for similarity measure to discern the malicious behavior. As a result of our experiment, we can get more efficient detection rate.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.159-168
• /
• 2017

Smartphone malware has increased because Smartphone users has increased and smartphones are widely used in everyday life. Since 2012, Android has been the most mobile operating system. Owing to the open nature of Android, countless malware are in Android markets that seriously threaten Android security. Most of Android malware detection program does not detect malware to which bypass techniques apply and also does not detect unknown malware. In this paper, we propose lightweight method for detection of Android malware using static analysis and deep learning techniques. For experiments we crawl 7,000 apps from the Google Play Store and collect 6,120 malwares. The result show that proposed method can achieve 98.05% detection accuracy. Also, proposed method can detect about unknown malware families with good performance. On smartphones, the method requires 10 seconds for an analysis on average.

• The KIPS Transactions:PartC
• /
• v.9C no.5
• /
• pp.765-774
• /
• 2002

Analyzing the code using static heuristics is a widely used technique for detecting unknown malicious codes. It decides the maliciousness of a code by searching for some fragments that had been frequently found in known malicious codes. However, in script codes, it tries to search for sequences of method calls, not code fragments, because finding such fragments is much difficult. This technique makes many false alarms because such method calls can be also used in normal scripts. Thus, static heuristics for scripts are used only to detect malicious behavior consisting of specific method calls which is seldom used in normal scripts. In this paper. we suggest a static analysis that can detect malicious behavior more accurately, by concerning not only the method calls but also parameters and return values. The result of experiments show that malicious behaviors, which were difficult to detect by previous works, due to high false positive, will be detected by our method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.933-943
• /
• 2022

As the Internet develops and the utilization rate of computers increases, the threats posed by malware keep increasing. This leads to the demand for a system to automatically analyzes a large amount of malware. In this paper, an automatic malware analysis technique using a deep learning algorithm is introduced. Our proposed method uses CNN (Convolutional Neural Network) to analyze the malicious features represented as images. To reflect semantic information of malware for detection, our method uses the opcode frequency data of binary for image generation, rather than using bytes of binary. As a result of the experiments using the datasets consisting of 20,000 samples, it was found that the proposed method can detect malicious codes with 91% accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.945-954
• /
• 2022

Billions of malicious codes are detected every year, of which only 0.01% are new types of malware. In this situation, an effective malware type classification tool is needed, but previous studies have limitations in quickly analyzing a large amount of malicious code because it requires a complex and massive amount of data pre-processing. To solve this problem, this paper proposes a method to classify the types of malicious code based on the similarity hash without complex data preprocessing. This approach trains the XGBoost model based on the similarity hash information of the malware. To evaluate this approach, we used the BIG-15 dataset, which is widely used in the field of malware classification. As a result, the malicious code was classified with an accuracy of 98.9% also, identified 3,432 benign files with 100% accuracy. This result is superior to most recent studies using complex preprocessing and deep learning models. Therefore, it is expected that more efficient malware classification is possible using the proposed approach.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.12
• /
• pp.817-826
• /
• 2018

As malicious comments are emerging as social problems, the solution is needed. Many studies have been conducted in various perspectives to understand and prevent malicious comments. In the previous researches, the neutralization of malicious comments has attracted attention as an important factor explaining the malicious comments, but the difference of the degree of neutralization according to the gender has not been rarely considered. In addition, although there are many environmental characteristics that are different from reality in online, research with malicious comments is insufficient. Based on these facts, this study examined moderating effects of gender on relationship between malicious comments and neutralization, and demonstrated the effects of online environmental factors (anonymity, lack of social presence) on malicious comments. As a result of the study, we discovered that the influence of online environmental factors was not found, but neutralization of malicious comments had strong direct influence on malicious comments and moderating effect of gender difference. Based on the results of this study, we discuss academic and practical implications and suggest limitations of research and future research directions.

• Journal of Yeungnam Medical Science
• /
• v.16 no.1
• /
• pp.76-84
• /
• 1999

The differentiation between malignancy-related ascites(MRA) and non-malignant ascites (NMA) is important for further diagnostic and therapeutic purposes. Although many parameters were investigated, none has provided a complete distinction between MRA and NMA. We investigated several ascitic fluid parameters to determine the differential power, and to differentiate malignant-related from nonmalignant-related ascites with a sequence of sensitive parameters followed by specific parameters. For the present study, 80 patients with ascites were divided into two groups: MRA and NMA, The MRA group was consisted of 27 patients with proven malignancy by image study, biopsy, and follow up: 21 of these patients had peritoneal carcinomatosis, but the remaining 6 showed no evidence of peritoneal carcinomatosis. The NMA group was consisted of 53 patients with no evidence of malignancy: among these patients, one had SLE, and others had liver cirrhosis, The samples of blood and ascites were obtained simultaneously, and then the levels of ascites cholesterol, CEA. protein and LDH, cytology, albumin gradient, ascites/serum concen-tration ratios of LDH(LDH A/S), and ascites/serum concentration ratios of protein(protein A/S) were measured. Applying cut-off limits for determined parameters, we estimated the diagnostic efficacy of each parameter, Among the eight parameters investigated, ascites fluid cholesterol yielded the best sensitive value of 93%(cut-off value 30mg/dl), and cytologic examination and the protein A/S(cut-off value 0.5) showed the most specific value of 100% and 96%, respectively. Based on the above results, the diagnostic sequence with cholesterol as a sensitive parameter followed by the combination of cytologic examination and protein A/S as specific parameters, was tested in 80 patients. This diagnostic sequence identified 81.5% of patients with malignancy, and all patients with peritoneal carcinomatosis were classified as malignancy-related ascites. In spite of many limitations, this proposed diagnostic sequence may permit a cost-effective and simple differentiation of malignancy-related ascites from nonmalignant ascites.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.897-909
• /
• 2014

With the development of the Internet, the number of cyber threats is continuously increasing and their techniques are also evolving for the purpose of attacking our crucial systems. Since attackers are able to easily make exploit codes, i.e., malware, using dedicated generation tools, the number of malware is rapidly increasing. However, it is not easy to analyze all of malware due to an extremely large number of malware. Because of this, many researchers have proposed the malware classification methods that aim to identify unforeseen malware from the well-known malware. The existing malware classification methods used malicious information obtained from the static and the dynamic malware analysis as the criterion of calculating the similarity between malwares. Also, most of them used API functions and their sequences that are divided into a certain length. Thus, the accuracy of the malware classification heavily depends on the length of divided API sequences. In this paper, we propose an extraction method of optimized API sequence length and combination that can be used for improving the performance of the malware classification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.197-208
• /
• 2016

In this paper, we propose a method based on a convolutional neural network which is one of the deep neural network. So, we convert a malware code to malware image and train the convolutional neural network. In experiment with classify 9-families, the proposed method records a 96.2%, 98.7% of top-1, 2 error rate. And our model can classify 27 families with 82.9%, 89% of top-1,2 error rate.

• Review of KIISC
• /
• v.25 no.6
• /
• pp.5-12
• /
• 2015

스마트폰 사용이 대중화됨에 따라 스마트폰 사용인구 증가와 함께 우리의 일상생활과 밀접한 관계를 가지며 영향력을 넓혀가고 있는 가운데, 악성앱을 이용해 개인정보 유출, 불법 과금 유발, 스팸 발송 등 스마트폰 사용자에 피해를 입히며 사회적인 문제를 유발하는 보안 위협의 출현 또한 지속적으로 증가하고 있다. 이러한 문제를 해결하기 위해 전 세계 보안업체, 연구소, 학계 등에서는 스마트폰 악성앱을 탐지하고 대응하기 위한 기술을 연구개발하고, 앱 마켓에서는 악성앱을 탐지하기 위한 분석 시스템을 도입하는 등 다양한 활동이 진행되고 있다. 하지만 악성앱 또한 기존의 탐지 및 대응 기술을 우회하는 등 생존율을 높이기 위한 방향으로 점차 지능화 정교화되는 양상을 보이고 있다. 최근 이러한 특징은 앱 마켓 등에서 도입하고 있는 대량의 앱에 대한 자동화된 런타임 분석을 수행하는 동적분석 시스템/서비스를 대상으로 많이 발생되고 있는데, 동적분석의 환경적, 시간적 제약 등을 이용하여 분석기술을 회피하는 기법을 주로 사용하고 있다. 이와 관련하여 본 논문에서는 기존의 동적분석 기술을 우회하는 악성앱 분석회피 행위 유형을 분류하고, 이와 관련된 연구 동향에 대한 정보를 제공하고자 한다.