DOI QR코드

DOI QR Code

Graph Database Design and Implementation for Ransomware Detection

랜섬웨어 탐지를 위한 그래프 데이터베이스 설계 및 구현

  • Received : 2021.03.25
  • Accepted : 2021.06.20
  • Published : 2021.06.28

Abstract

Recently, ransomware attacks have been infected through various channels such as e-mail, phishing, and device hacking, and the extent of the damage is increasing rapidly. However, existing known malware (static/dynamic) analysis engines are very difficult to detect/block against novel ransomware that has evolved like Advanced Persistent Threat (APT) attacks. This work proposes a method for modeling ransomware malicious behavior based on graph databases and detecting novel multi-complex malicious behavior for ransomware. Studies confirm that pattern detection of ransomware is possible in novel graph database environments that differ from existing relational databases. Furthermore, we prove that the associative analysis technique of graph theory is significantly efficient for ransomware analysis performance.

최근 랜섬웨어(ransomware) 공격은 이메일, 피싱(phishing), 디바이스(Device) 해킹 등 다양한 경로를 통해 감염되어 피해 규모가 급증하는 추세이다. 그러나 기존 알려진 악성코드(정적/동적) 분석 엔진은 APT(Aadvanced Persistent Threat)공격처럼 발전된 신종 랜섬웨어에 대한 탐지/차단이 매우 어렵다. 본 연구는 그래프 데이터베이스를 기반으로 랜섬웨어 악성 행위를 모델링(Modeling)하고 랜섬웨어에 대한 새로운 다중 복합 악성 행위를 탐지하는 방법을 제안한다. 연구 결과 기존 관계형 데이터베이스와 다른 새로운 그래프 데이터 베이스 환경에서 랜섬웨어의 패턴 탐지가 가능함을 확인하였다. 또한, 그래프 이론의 연관 관계 분석 기법이 랜섬웨어 분석 성능에 크게 효율적임을 증명하였다.

Keywords

References

  1. S. H. Woo. (2020). Attack Types and Countermeasures of Next Generation Ransomeware. Journal of the Korea Information and Communication Association Conference, 24(1), 541-544. UCI(KEPA) : I410-ECN-0101-2020-004-000905920
  2. S. J. Kim, J. H. Ha, S. H. Oh & T. J. Lee. (2019). A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique. Journal of the Korea Institute of Information Security & Cryptology, 29(4), 775-784. DOI : 10.13089/JKIISC.2019.29.4.775
  3. Arvind Padmanabhan. (Date of publication). Devopedia. Structured vs Unstructured Data(Online). https://devopedia.org/structured-vs-unstructured-data
  4. S. Venkatraman, K. Fahd, S. Kaspi & R. Venkatraman. (2016). SQL versus NoSQL movement with big data analytics. Int. J. Inform. Technol. Comput. Sci., 8, 59-66. DOI : 10.5815/ijitcs.2016.12.07
  5. K. S. Kim. (2016). Performance Comparison of PostgreSQL and MongoDB using YCSB. Journal of Korean Institute of Information Scientists and Engineers, 43(12), 1385-1395. UCI(KEPA) : I410-ECN-0101-2017-569-001860058
  6. Jon. P. Smith. (Date of publication). The Reformed Programmer. EF Core - Combining SQL and NoSQL databases for better performance. https://www.thereformedprogrammer.net/
  7. C. S. Bae & S. C. Goh. (2020). For Improving Security Log Big Data Analysis Efficiency, A Firewall Log Data Standard Format Proposed. Journal of the Korea Institute of Information Security and Cryptology, 30(1), 157-167. DOI : 10.13089/JKIISC.2020.30.1.157
  8. Y. S. Ko & J. P. Park. (2019). A Study on the Ransomware Detection System Based on User Requirements Analysis for Data Restoration. Journal of the Korea Academia-Industrial cooperation Society, 20(4), 50-55. DOI : 10.5762/KAIS.2019.20.4.50
  9. J. W. Lee, Y. M. Kim, J. H. Lee & J. M. Hong. (2019). An Efficient Decoy File Placement Method for Detecting Ransomware. Journal of Korean Institute of Smart Media, 8(1), 27-34. DOI : 10.30693/SMJ.2019.8.1.27
  10. S. K. Park. (2020). Development of Prevention and Post-recovery System against the Ransomwares Attacks using the Technique of Massively Data Signing and Kernel Level Backup. Journal of the Institute of Electronics and Information Engineers, 57(3), 57-72. DOI : 10.5573/ieie.2020.57.3.57
  11. J. G. Joo, I. S. Jung & S. H. Kang. (2019). An Optimal Feature Selection Method to Detect Malwares in Real Time Using Machine Learning. Journal of Korea Multimedia Society, 22(2), 203-209. DOI : 10.9717/kmms.2019.22.2.203
  12. H. B. Kim & T. J. Lee. (2020). Stacked Autoencoder Based Malware Feature Refinement Technology Research. Journal of the Korea Institute of Information Security & Cryptology, 30(4), 593-603. DOI : 10.13089/JKIISC.2020.30.4.593
  13. W. J. Joo & H. S. Kim. (2019). A Malware Variants Detection Method based on Behavior Similari. Journal of Korean Institute of Smart Media, 8(4), 25-32. DOI : 10.30693/SMJ.2019.8.4.25
  14. S. I. Bae, G. B. Lee & E. G. Im. (2020). Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience, 32(18). DOI : 10.1002/cpe.5422
  15. J. H. Hwang & T. J. Lee. (2017). Android Malware Analysis Technology Research Based on Naive Bayes. Journal of the Korea Institute of Information Security & Cryptology, 27(5), 1087-1097. DOI : 10.13089/JKIISC.2017.27.5.1087
  16. J. B. Yoo, S. J. Oh, R. H. Park & T. K. Kwon. (2018). Development Research of An Efficient Malware Classification System Using Hybrid Features And Machine Learning. Journal of the Korea Institute of Information Security & Cryptology, 28(5), 1161-1167. DOI : 10.13089/JKIISC.2018.28.5.1161
  17. J. H. Ha & T. J. Lee. (2020). Research on text mining based malware analysis technology using string information. Journal of Korea Internet Computing and Services, 21(1), 45-55. DOI : 10.7472/jksii.2020.21.1.45
  18. Y. B. Cho. (2018). The Malware Detection Using Deep Learning based R-CNN. Journal of Korea Digital Contents Society, 19(6), 1177-1183. DOI : 10.9728/dcs.2018.19.6.1177
  19. H. J. Lee, S. Y. uh & D. S. wang. (2019). Distributed Processing System Design and Implementation for Feature Extraction from Large-Scale Malicious Code. KIPS Transactions on Computer and Communication Systems, 8(2), 2. DOI : 10.3745/KTCCS.2019.8.2.35