• Title, Summary, Keyword: Malware

Search Result 386, Processing Time 0.052 seconds

Comparing Network Data of Virtual Malware and Real Malware using GAM (GAM을 이용한 가상 Malware와 실제 Malware의 네트워크 데이터 비교 및 검증)

  • Lee, Ho-Sub;Lee, Su-Young;Cho, Jae-Ik;Moon, Jong-Sub
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • /
    • pp.158-161
    • /
    • 2007
  • Malware는 인터넷 혹은 일반 네트워크사용자의 컴퓨터에 설치되어 의도하지 않은 악의적인 행위와 정보의 유출을 목적으로 하는 프로그램이다. Malware의 성향 분석은 Malware의 행위를 분석하는 것으로서 실제 Malware의 행위를 이용하여 가상의 Malware를 생성하고 두 Malware가 가지는 전파 과정상의 트래픽을 비교함으로써, 네트워크 상의 특성을 비교 및 검증할 수 있다. 본 논문에서는 Malware를 분석하고 가상 Malware를 제작하여 두 Malware가 발생하는 행위, 즉 네트워크 트래픽 데이터를 비교하여 가상의 Malware가 실제의 Malware와 동일한 네트워크 트래픽을 발생 시키는지 확인하기 위해 통계적인 모델링 기법인 GAM 을 이용해 비교 및 검증하는 방법에 대해 제안한다.

  • PDF

A Study on Variant Malware Detection Techniques Using Static and Dynamic Features

  • Kang, Jinsu;Won, Yoojae
    • Journal of Information Processing Systems
    • /
    • v.16 no.4
    • /
    • pp.882-895
    • /
    • 2020
  • The amount of malware increases exponentially every day and poses a threat to networks and operating systems. Most new malware is a variant of existing malware. It is difficult to deal with numerous malware variants since they bypass the existing signature-based malware detection method. Thus, research on automated methods of detecting and processing variant malware has been continuously conducted. This report proposes a method of extracting feature data from files and detecting malware using machine learning. Feature data were extracted from 7,000 malware and 3,000 benign files using static and dynamic malware analysis tools. A malware classification model was constructed using multiple DNN, XGBoost, and RandomForest layers and the performance was analyzed. The proposed method achieved up to 96.3% accuracy.

A Cross-Platform Malware Variant Classification based on Image Representation

  • Naeem, Hamad;Guo, Bing;Ullah, Farhan;Naeem, Muhammad Rashid
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.7
    • /
    • pp.3756-3777
    • /
    • 2019
  • Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.

Automatic malware variant generation framework using Disassembly and Code Modification

  • Lee, Jong-Lark;Won, Il-Yong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.25 no.11
    • /
    • pp.131-138
    • /
    • 2020
  • Malware is generally recognized as a computer program that penetrates another computer system and causes malicious behavior intended by the developer. In cyberspace, it is also used as a cyber weapon to attack adversary. The most important factor that a malware must have as a cyber weapon is that it must achieve its intended purpose before being detected by the other's detection system. It requires a lot of time and expertise to create a single malware to avoid the other's detection system. We propose the framework that automatically generates variant malware when a binary code type malware is input using the DCM technique. In this framework, the sample malware was automatically converted into variant malware, and it was confirmed that this variant malware was not detected in the signature-based malware detection system.

A Development of Malware Detection Tool based on Signature Patterns (시그너처 패턴기반의 악성코드 탐색도구의 개발)

  • Woo Chong-Woo;Ha Kyoung-Hui
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.6
    • /
    • pp.127-136
    • /
    • 2005
  • Recently, the damages occurring from the malware are increasing rapidly, regardless of continuous development of commercial vaccines . Generally, the vaccine detects well-known malware effectively, but it becomes helpless without any information against the unknown ones. Also, the malware generates its variations fast enough, so that the vaccine always gets behind in its updates. In this paper, we are describing a design and development of malware detection tool, which can detect such malware effectively. We first analyze the general functionality of the malware, and then extracts specific signatures. Such that, we can actively cope with a malware, which may come in previous type, a new type, and any of its mutations also.

  • PDF

ANNs on Co-occurrence Matrices for Mobile Malware Detection

  • Xiao, Xi;Wang, Zhenlong;Li, Qi;Li, Qing;Jiang, Yong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.7
    • /
    • pp.2736-2754
    • /
    • 2015
  • Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

A Secure Encryption-Based Malware Detection System

  • Lin, Zhaowen;Xiao, Fei;Sun, Yi;Ma, Yan;Xing, Cong-Cong;Huang, Jun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.4
    • /
    • pp.1799-1818
    • /
    • 2018
  • Malware detections continue to be a challenging task as attackers may be aware of the rules used in malware detection mechanisms and constantly generate new breeds of malware to evade the current malware detection mechanisms. Consequently, novel and innovated malware detection techniques need to be investigated to deal with this circumstance. In this paper, we propose a new secure malware detection system in which API call fragments are used to recognize potential malware instances, and these API call fragments together with the homomorphic encryption technique are used to construct a privacy-preserving Naive Bayes classifier (PP-NBC). Experimental results demonstrate that the proposed PP-NBC can successfully classify instances of malware with a hit-rate as high as 94.93%.

A Spread Prediction Tool based on the Modeling of Malware Epidemics (악성코드 확산 모델링에 기반한 확산 예측 도구 개발)

  • Shin, Weon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.24 no.4
    • /
    • pp.522-528
    • /
    • 2020
  • Rapidly spreading malware, such as ransomware, trojans and Internet worms, have become one of the new major threats of the Internet recently. In order to resist against their malicious behaviors, it is essential to comprehend how malware propagate and how main factors affect spreads of them. In this paper, we aim to develop a spread prediction tool based on the modeling of malware epidemics. So we surveyed the related studies, and described the system design and implementation. In addition, we experimented on the spread of malware with major factors of malware using the developed spread prediction tool. If you make good use of the proposed prediction tool, it is possible to predict the malware spread at major factors and explore under various responses from a macro perspective with only basic knowledge of the recently wormable malware.

Intelligent Approach for Android Malware Detection

  • Abdulla, Shubair;Altaher, Altyeb
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.8
    • /
    • pp.2964-2983
    • /
    • 2015
  • As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

A Study of Realtime Malware URL Detection & Prevention in Mobile Environment (모바일 환경에서 실시간 악성코드 URL 탐지 및 차단 연구)

  • Park, Jae-Kyung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.6
    • /
    • pp.37-42
    • /
    • 2015
  • In this paper, we propose malware database in mobile memory for realtime malware URL detection and we support realtime malware URL detection engine, that is control the web service for more secure mobile service. Recently, mobile malware is on the rise and to be new threat on mobile environment. In particular the mobile characteristics, the damage of malware is more important, because it leads to monetary damages for the user. There are many researches in cybercriminals prevention and malware detection, but it is still insufficient. Additionally we propose the method for prevention Smishing within SMS, MMS. In the near future, mobile venders must build the secure mobile environment with fundamental measures based on our research.