• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.158-161
• /
• 2007

Malware는 인터넷 혹은 일반 네트워크사용자의 컴퓨터에 설치되어 의도하지 않은 악의적인 행위와 정보의 유출을 목적으로 하는 프로그램이다. Malware의 성향 분석은 Malware의 행위를 분석하는 것으로서 실제 Malware의 행위를 이용하여 가상의 Malware를 생성하고 두 Malware가 가지는 전파 과정상의 트래픽을 비교함으로써, 네트워크 상의 특성을 비교 및 검증할 수 있다. 본 논문에서는 Malware를 분석하고 가상 Malware를 제작하여 두 Malware가 발생하는 행위, 즉 네트워크 트래픽 데이터를 비교하여 가상의 Malware가 실제의 Malware와 동일한 네트워크 트래픽을 발생 시키는지 확인하기 위해 통계적인 모델링 기법인 GAM 을 이용해 비교 및 검증하는 방법에 대해 제안한다.

• Journal of Information Processing Systems
• /
• v.16 no.4
• /
• pp.882-895
• /
• 2020

The amount of malware increases exponentially every day and poses a threat to networks and operating systems. Most new malware is a variant of existing malware. It is difficult to deal with numerous malware variants since they bypass the existing signature-based malware detection method. Thus, research on automated methods of detecting and processing variant malware has been continuously conducted. This report proposes a method of extracting feature data from files and detecting malware using machine learning. Feature data were extracted from 7,000 malware and 3,000 benign files using static and dynamic malware analysis tools. A malware classification model was constructed using multiple DNN, XGBoost, and RandomForest layers and the performance was analyzed. The proposed method achieved up to 96.3% accuracy.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.64-69
• /
• 2023

We devise a collaboration construction method based on the SPRT (Sequential Probability Ratio Test) for malware detection in IoT. In our method, high-end IoT nodes having capable of detecting malware and generating malware signatures harness the SPRT to give a reward of malware signatures to low-end IoT nodes providing useful data for malware detection in IoT. We evaluate our proposed method through simulation. Our simulation results indicate that the number of malware signatures provided for collaboration is varied in accordance with the threshold for fraction of useful data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3756-3777
• /
• 2019

Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.

• Journal of KIISE
• /
• v.43 no.3
• /
• pp.289-295
• /
• 2016

Malware authors spread malware variants in order to evade detection. It's hard to detect malware variants using static analysis. Therefore dynamic analysis based on API call information is necessary. In this paper, we proposed a malware family recommendation method to assist malware analysts in classifying malware variants. Our proposed method extract API call information of malware families by dynamic analysis. Then the multiple sequence alignment technique was applied to the extracted API call information. A signature of each family was extracted from the alignment results. By the similarity of the extracted signatures, our proposed method recommends three family candidates for unknown malware. We also measured the accuracy of our proposed method in an experiment using real malware samples.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.286-293
• /
• 2021

Recently, the quick development rate of apps in the Android platform has led to an accelerated increment in creating malware applications by cyber attackers. Numerous Android malware detection tools have utilized conventional signature-based approaches to detect malware apps. However, these conventional strategies can't identify the latest apps on whether applications are malware or not. Many new malware apps are periodically discovered but not all malware Apps can be accurately detected. Hence, there is a need to propose intelligent approaches that are able to detect the newly developed Android malware applications. In this study, Radial Basis Function (RBF) networks are trained using known Android applications and then used to detect the latest and new Android malware applications. Initially, the optimal permission features of Android apps are selected using Information Gain Ratio (IGR). Appropriately, the features selected by IGR are utilized to train the RBF networks in order to detect effectively the new Android malware apps. The empirical results showed that RBF achieved the best detection accuracy (97.20%) among other common machine learning techniques. Furthermore, RBF accomplished the best detection results in most of the other measures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4105-4121
• /
• 2021

Recently, malware classification based on Deep Neural Networks (DNN) has gained significant attention due to the rise in popularity of artificial intelligence (AI). DNN-based malware classifiers are a novel solution to combat never-before-seen malware families because this approach is able to classify malwares based on structural characteristics rather than requiring particular signatures like traditional malware classifiers. However, these DNN-based classifiers have been found to lack robustness against malwares that are carefully crafted to evade detection. These specially crafted pieces of malware are referred to as adversarial examples. We consider a clever adversary who has a thorough knowledge of DNN-based malware classifiers and will exploit it to generate a crafty malware to fool DNN-based classifiers. In this paper, we propose a DNN-based malware classifier that becomes resilient to these kinds of attacks by exploiting Generative Adversarial Network (GAN) based data augmentation. The experimental results show that the proposed scheme classifies malware, including AEs, with a false positive rate (FPR) of 3.0% and a balanced accuracy of 70.16%. These are respective 26.1% and 18.5% enhancements when compared to a traditional DNN-based classifier that does not exploit GAN.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.374-376
• /
• 2022

The Malware App Analysis Tool is a system that analyzes Android-based apps by the AI-based algorithm defined in the tool and detects whether malware code is included. Currently, as the spred of smartphones is activated, crimes using malware apps have increased, and accordingly, security for malware apps is required. Android operating systems used in smartphones have a share of more than 70% and are open-source-based, so not only will there be many vulnerabilities and malware, but also more damage to malware apps, increasing demand for tools to detect and analyze malware apps. However, this paper is proposed because there are many difficulties in designing and developing a malware app analysis tool because the security functional requirements for the malware app analysis tool are not clearly specified. Through the developed protection profile, technology can be improved based on the design and development of malware app analysis tools, safety can be secured by minimizing damage to malware apps, and furthermore, trust in malware app analysis tools can be guaranted through common criteria.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1799-1818
• /
• 2018

Malware detections continue to be a challenging task as attackers may be aware of the rules used in malware detection mechanisms and constantly generate new breeds of malware to evade the current malware detection mechanisms. Consequently, novel and innovated malware detection techniques need to be investigated to deal with this circumstance. In this paper, we propose a new secure malware detection system in which API call fragments are used to recognize potential malware instances, and these API call fragments together with the homomorphic encryption technique are used to construct a privacy-preserving Naive Bayes classifier (PP-NBC). Experimental results demonstrate that the proposed PP-NBC can successfully classify instances of malware with a hit-rate as high as 94.93%.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.6 s.38
• /
• pp.127-136
• /
• 2005

Recently, the damages occurring from the malware are increasing rapidly, regardless of continuous development of commercial vaccines . Generally, the vaccine detects well-known malware effectively, but it becomes helpless without any information against the unknown ones. Also, the malware generates its variations fast enough, so that the vaccine always gets behind in its updates. In this paper, we are describing a design and development of malware detection tool, which can detect such malware effectively. We first analyze the general functionality of the malware, and then extracts specific signatures. Such that, we can actively cope with a malware, which may come in previous type, a new type, and any of its mutations also.