• Title/Summary/Keyword: malicious codes

Search Result 165, Processing Time 0.028 seconds

Research on the Classification Model of Similarity Malware using Fuzzy Hash (퍼지해시를 이용한 유사 악성코드 분류모델에 관한 연구)

  • Park, Changwook;Chung, Hyunji;Seo, Kwangseok;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1325-1336
    • /
    • 2012
  • In the past about 10 different kinds of malicious code were found in one day on the average. However, the number of malicious codes that are found has rapidly increased reachingover 55,000 during the last 10 year. A large number of malicious codes, however, are not new kinds of malicious codes but most of them are new variants of the existing malicious codes as same functions are newly added into the existing malicious codes, or the existing malicious codes are modified to evade anti-virus detection. To deal with a lot of malicious codes including new malicious codes and variants of the existing malicious codes, we need to compare the malicious codes in the past and the similarity and classify the new malicious codes and the variants of the existing malicious codes. A former calculation method of the similarity on the existing malicious codes compare external factors of IPs, URLs, API, Strings, etc or source code levels. The former calculation method of the similarity takes time due to the number of malicious codes and comparable factors on the increase, and it leads to employing fuzzy hashing to reduce the amount of calculation. The existing fuzzy hashing, however, has some limitations, and it causes come problems to the former calculation of the similarity. Therefore, this research paper has suggested a new comparison method for malicious codes to improve performance of the calculation of the similarity using fuzzy hashing and also a classification method employing the new comparison method.

An Improved Detecting Scheme of Malicious Codes using HTTP Outbound Traffic (HTTP Outbound Traffic을 이용한 개선된 악성코드 탐지 기법)

  • Choi, Byung-Ha;Cho, Kyung-San
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.9
    • /
    • pp.47-54
    • /
    • 2009
  • Malicious codes, which are spread through WWW are now evolved with various hacking technologies However, detecting technologies for them are seemingly not able to keep up with the improvement of hacking and newly generated malicious codes. In this paper, we define the requirements of detecting systems based on the analysis of malicious codes and their spreading characteristics, and propose an improved detection scheme which monitors HTTP Outbound traffic and detects spreading malicious codes in real time. Our proposed scheme sets up signatures in IDS with confirmed HTML tags and Java scripts which spread malicious codes. Through the verification analysis under the real-attacked environment, we show that our scheme is superior to the existing schemes in satisfying the defined requirements and has a higher detection rate for malicious codes.

Malware Analysis Mechanism using the Word Cloud based on API Statistics (API 통계 기반의 워드 클라우드를 이용한 악성코드 분석 기법)

  • Yu, Sung-Tae;Oh, Soo-Hyun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.16 no.10
    • /
    • pp.7211-7218
    • /
    • 2015
  • Tens of thousands of malicious codes are generated on average in a day. New types of malicious codes are surging each year. Diverse methods are used to detect such codes including those based on signature, API flow, strings, etc. But most of them are limited in detecting new malicious codes due to bypass techniques. Therefore, a lot of researches have been performed for more efficient detection of malicious codes. Of them, visualization technique is one of the most actively researched areas these days. Since the method enables more intuitive recognition of malicious codes, it is useful in detecting and examining a large number of malicious codes efficiently. In this paper, we analyze the relationships between malicious codes and Native API functions. Also, by applying the word cloud with text mining technique, major Native APIs of malicious codes are visualized to assess their maliciousness. The proposed malicious code analysis method would be helpful in intuitively probing behaviors of malware.

A Study on Malicious Codes Grouping and Analysis Using Visualization (시각화 기법을 이용한 악성코드 분석 및 분류 연구)

  • Song, In-Soo;Lee, Dong-Hui;Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.10 no.3
    • /
    • pp.51-60
    • /
    • 2010
  • The expansion of internet technology has made convenience. On the one hand various malicious code is produced. The number of malicious codes occurrence has dramadically increasing, and new or variant malicious code circulation very serious, So it is time to require analysis about malicious code. About malicious code require set criteria for judgment, malicious code taxonomy using Algorithm of weakness difficult to new or variant malicious code taxonomy but already discovered malicious code taxonomy is effective. Therefore this paper of object is various malicious code analysis besides new or variant malicious code type or form deduction using visualization of strong. Thus this paper proposes a malicious code analysis and grouping method using visualization.

A Novel Process Design for Analyzing Malicious Codes That Bypass Analysis Techniques (분석기법을 우회하는 악성코드를 분석하기 위한 프로세스 설계)

  • Lee, Kyung-Roul;Lee, Sun-Young;Yim, Kang-Bin
    • Informatization Policy
    • /
    • v.24 no.4
    • /
    • pp.68-78
    • /
    • 2017
  • Malicious codes are currently becoming more complex and diversified, causing various problems spanning from simple information exposure to financial or psychologically critical damages. Even though many researches have studied using reverse engineering to detect these malicious codes, malicious code developers also utilize bypassing techniques against the code analysis to cause obscurity in code understanding. Furthermore, rootkit techniques are evolving to utilize such bypassing techniques, making it even more difficult to detect infection. Therefore, in this paper, we design the analysis process as a more agile countermeasure to malicious codes that bypass analysis techniques. The proposed analysis process is expected to be able to detect these malicious codes more efficiently.

Fast k-NN based Malware Analysis in a Massive Malware Environment

  • Hwang, Jun-ho;Kwak, Jin;Lee, Tae-jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.12
    • /
    • pp.6145-6158
    • /
    • 2019
  • It is a challenge for the current security industry to respond to a large number of malicious codes distributed indiscriminately as well as intelligent APT attacks. As a result, studies using machine learning algorithms are being conducted as proactive prevention rather than post processing. The k-NN algorithm is widely used because it is intuitive and suitable for handling malicious code as unstructured data. In addition, in the malicious code analysis domain, the k-NN algorithm is easy to classify malicious codes based on previously analyzed malicious codes. For example, it is possible to classify malicious code families or analyze malicious code variants through similarity analysis with existing malicious codes. However, the main disadvantage of the k-NN algorithm is that the search time increases as the learning data increases. We propose a fast k-NN algorithm which improves the computation speed problem while taking the value of the k-NN algorithm. In the test environment, the k-NN algorithm was able to perform with only the comparison of the average of similarity of 19.71 times for 6.25 million malicious codes. Considering the way the algorithm works, Fast k-NN algorithm can also be used to search all data that can be vectorized as well as malware and SSDEEP. In the future, it is expected that if the k-NN approach is needed, and the central node can be effectively selected for clustering of large amount of data in various environments, it will be possible to design a sophisticated machine learning based system.

Research on Malicious code hidden website detection method through WhiteList-based Malicious code Behavior Analysis (WhiteList 기반의 악성코드 행위분석을 통한 악성코드 은닉 웹사이트 탐지 방안 연구)

  • Ha, Jung-Woo;Kim, Huy-Kang;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.61-75
    • /
    • 2011
  • Recently, there is significant increasing of massive attacks, which try to infect PCs that visit websites containing pre-implanted malicious code. When visiting the websites, these hidden malicious codes can gain monetary profit or can send various cyber attacks such as BOTNET for DDoS attacks, personal information theft and, etc. Also, this kind of malicious activities is continuously increasing, and their evasion techniques become professional and intellectual. So far, the current signature-based detection to detect websites, which contain malicious codes has a limitation to prevent internet users from being exposed to malicious codes. Since, it is impossible to detect with only blacklist when an attacker changes the string in the malicious codes proactively. In this paper, we propose a novel approach that can detect unknown malicious code, which is not well detected by a signature-based detection. Our method can detect new malicious codes even though the codes' signatures are not in the pattern database of Anti-Virus program. Moreover, our method can overcome various obfuscation techniques such as the frequent change of the included redirection URL in the malicious codes. Finally, we confirm that our proposed system shows better detection performance rather than MC-Finder, which adopts pattern matching, Google's crawling based malware site detection, and McAfee.

Design of Classification Methodology of Malicious Code in Windows Environment (윈도우 악성코드 분류 방법론의 설계)

  • Seo, Hee-Suk;Choi, Joong-Sup;Chu, Pill-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.2
    • /
    • pp.83-92
    • /
    • 2009
  • As the innovative internet technologies and multimedia are being rapidly developed, malicious codes are a remarkable new growth part and supplied by various channel. This project presents a classification methodology for malicious codes in Windows OS (Operating System) environment, develops a test classification system. Thousands of malicious codes are brought in every day. In a result, classification system is needed to analyzers for supporting information which newly brought malicious codes are a new species or a variety. This system provides the similarity for analyzers to judge how much a new species or a variety is different to the known malicious code. It provides to save time and effort, to less a faulty analysis. This research includes the design of classification system and test system. We classify the malicious codes to 9 groups and then 9 groups divide the clusters according to the each property.

Detection Of Unknown Malicious Scripts using Code Insertion Technique (코드 삽입 기법을 이용한 알려지지 않은 악성 스크립트 탐지)

  • 이성욱;방효찬;홍만표
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.6
    • /
    • pp.663-673
    • /
    • 2002
  • Server-side anti-viruses are useful to protect their domains, because they can detect malicious codes at the gateway of their domains. In prevailing local network, all clients cannot be perfectly controlled by domain administrators, so server-side inspection, for example in e-mail server, is used as an efficient technique of detecting mobile malicious codes. However, current server-side anti-virus systems perform only signature-based detection for known malicious codes, simple filtering, and file name modification. One of the main reasons that they don't have detection features, for unknown malicious codes, is that activity monitoring technique is unavailable for server machines. In this paper, we propose a detection technique that is executed at the server, but it can monitor activities at the clients without any anti-virus features. we describe its implementation.

Analysis and Countermeasure of Malicious Code in Small Businesses (중소기업 환경에서 악성코드 유형 분석과 대응 방안)

  • Hong, Jun Suk;Kim, Young hee;Park, Won Hyung;Kook, Kwang Ho
    • Convergence Security Journal
    • /
    • v.15 no.7
    • /
    • pp.55-62
    • /
    • 2015
  • Due to the development of various information systems and PC, usage of Internet has rapidly increaced which lead to malicious codes rapidly spreading throughout the Internet. By the increasing use of the Internet, the threat by malicious codes has become a serious problem. In particular, Small businesses which lack investments in security personnels makes it impossible to verify and measure the servers and PC infected with malicious codes. We have analized malware infection types by using malicious code detection technology of security monitoring service and proposed countermeasures in small businesses.