Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

Graph Database based Malware Behavior Detection Techniques

그래프 데이터베이스 기반 악성코드 행위 탐지 기법

  • 최도현 (숭실대학교 컴퓨터학과) ;
  • 박중오 (성결대학교 파이데이아학부)
  • Received : 2021.03.15
  • Accepted : 2021.04.20
  • Published : 2021.04.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the incidence rate of malicious codes is over tens of thousands of cases, and it is known that it is almost impossible to detect/respond all of them. This study proposes a method for detecting multiple behavior patterns based on a graph database as a new method for dealing with malicious codes. Traditional dynamic analysis techniques and has applied a method to design and analyze graphs of representative associations malware pattern(process, PE, registry, etc.), another new graph model. As a result of the pattern verification, it was confirmed that the behavior of the basic malicious pattern was detected and the variant attack behavior(at least 5 steps), which was difficult to analyze in the past. In addition, as a result of the performance analysis, it was confirmed that the performance was improved by about 9.84 times or more compared to the relational database for complex patterns of 5 or more steps.

최근 악성코드 발생률은 약 수만 건이 넘는 추세로, 전부 탐지/대응하는 것은 불가능에 가깝다고 알려졌다. 본 연구는 새로운 악성코드 대응방법으로 그래프 데이터베이스 기반 다중행위 패턴 탐지 기법을 제안한다. 기존 동적 분석기법과는 다른 새로운 그래프 모델을 설계하고, 대표적인 악성코드 패턴(프로세스, PE, 레지스트리 등)의 그래프 연관관계를 분석하는 방법을 적용했다. 패턴 검증 결과 기본 악성 패턴에 대한 행위 탐지와 기존 분석이 어려웠던 변종 공격행위(5단계 이상)의 탐지를 확인했다. 또한, 성능 분석결과 5단계 이상의 복잡한 패턴에 대하여 관계형 데이터베이스 대비 약 9.84배 이상 성능이 향상되었음을 확인하였다.

Keywords

References

  1. ESTsecurity. (n. d.). ESTsecurity. Eastsecurity Security Trend Report No.136. 2021-01 - Malicious Code Statistics and Analysis(Online). https://www.estsecurity.com/
  2. KISA. (n. d.). Korea Internet & Security Agency. Malicious Code Hidden Site Detection Trend Report [First Half of 20](Online). https://www.boho.or.kr/
  3. K. W. Kook & B. C. Gong. (n. d.). ITFIND. Trends in Security Technology Development Using Artificial Intelligence - Planning Series (Next Generation Security)(Online). https://www.itfind.or.kr/
  4. S. J. Kim, J. H. Ha, S. H. Oh & T. J. Lee. (2019). A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique. Journal of The Korea Institute of Information Security and Cryptology. 29(4), 775-784. DOI : 10.13089/JKIISC.2019.29.4.775
  5. ESTsecurity. (n. d.). ESTsecurity. ESTsecurity Security Trend Report No.137. 2021-02 - Malicious Code Statistics and Analysis(Online). https://www.estsecurity.com/
  6. IDG - CIO Korea. (n. d.). Gartner, Announcement of Top 10 Data and Analysis Technology Trends in 2019 - Trend 5 : Grape(Online). https://www.ciokorea.com/
  7. J. S. Seo & H. J. Lee. (n. d.). Bitnine.. Graph Database Technology Trends and Application Cases(Online). https://www.itfind.or.kr/
  8. AMAZON. (n. d.). Amazon Web Services. What Is a Graph Database? - The graph database defined(Online). https://aws.amazon.com/
  9. W. C. Park. (2020). Is-A Node Type Modeling Methodology to Improve Pattern Query Performance in Graph Database. Journal of The Korea Society of Computer and Information, 25(4), 123-131. DOI : 10.9708/jksci.2020.25.04.123
  10. Bitnine. (n. d.). AgensGraph Use Case #8. Collaboration/Performance Management System(Online). https://bitnine.net/
  11. S. C. Sin. (2017). Static Code Analysis based on Graph Database. Communications of the Korean Institute of Information Scientists and Engineers, 35(2), 9-13. UCI(KEPA) : I410-ECN-0101-2017-569-002204936
  12. W. C. Jeong, M. S. Jun & D. H. Choi. (2020). AMI Network Failure Analysis based on Graph Database. Journal of Convergence for Information Technology, 10(7), 41-48. DOI : 10.22156/CS4SMB.2020.10.07.041
  13. D. H. Han & M. S. Kim. (2020). A Matrix Computation Engine and Applications based on Distributed GPUs for Large-scale Machine Learning. Journal of Computing Science and Engineering, 38(8), 8-17.
  14. T. R. Kim & J. J. Lee. (2020). A Study on the Structure of Muga by Ontology Method - Focusing on -. Korean Folklore Society, 72, 333-369. DOI : 10.21318/TKF.2020.11.72.333
  15. J. Y. Kim & K. H. Ro. (2019). Construction of Knowledge Base Based on Graph Database for College Student Career Advice Using Public Data. Journal of the Institute of Electronics and Information Engineers of Korea. 56(10), 41-48. DOI : 10.5573/ieie.2019.56.10.41
  16. RTInsights. (n. d.). Todd Blaschka and Gaurav Deshpande, How the World's Largest Banks Use Advanced Graph Analytics to Fight Fraud(Online). https://www.rtinsights.com
  17. S. W. Hyun & T. K. Kwon. (2019). A Study of Effectiveness of the Improved Security Operation Model Based on Vulnerability Database. Journal of the Korea Institute of Information Security & Cryptology, 29(5), 1167-1177. DOI : 10.13089/JKIISC.2019.29.5.1167
  18. W. C. Jeong, M. S. Jun & D. H. Choi. (2020). Association Analysis for Detecting Abnormal in Graph Database Environment. Journal of Convergence for Information Technology, 10(8), 15-22. DOI : 10.22156/CS4SMB.2020.10.08.015
  19. William Lyon. (n. d.). Graph Visualization of Panama Papers Data In Neo4j - Revisiting ICIJ's Offshore Leaks In The Face Of The Latest Deutsche Bank Scandal (Online). https://medium.com/
  20. INCA Internet Security Analysis & Response Center. (n. d.). October 2020 Malware Statistics(Online). https://www.estsecurity.com/
  21. T. H. Park, H. W. Lee & W. Shin. (2020). Propagation Modeling of WannaCryptor Wormable Malware. Journal of The Korea Institute of Information Security and Cryptology, 30(3), 389-396. DOI : doi.org/10.13089/JKIISC.2020.30.3.389
  22. dyaniworld. (n. d.). Information Technology/Spear Phishing - A Study on Behavior-Based Discrimination for Spear Phishing(Online). https://dyaniworld.tistory.com/
  23. S. J. Kim, J. H. Ha, S. H. Oh, T. J. Lee. (2019). A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique. Journal of the Korea Institute of Information Security & Cryptology, 29(4), 775-784. DOI :10.13089/JKIISC.2019.29.4.775