닫기
Loading..

전자정보연구정보센터 ICT 융합 전문연구정보의 집대성

영문 논문지

홈 홈 > 연구문헌 > 영문 논문지 > JIPS (한국정보처리학회)

JIPS (한국정보처리학회)

Current Result Document : 541 / 541

한글제목(Korean Title) Host-Based Malware Variants Detection Method Using Logs
영문제목(English Title) Host-Based Malware Variants Detection Method Using Logs
저자(Author) Woo-Jin Joe   Hyong-Shik Kim  
원문수록처(Citation) VOL 17 NO. 04 PP. 0851 ~ 0865 (2021. 08)
한글내용
(Korean Abstract)
영문내용
(English Abstract)
Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company’s analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.
키워드(Keyword) Big Data   Host-Based Detection   Log   Malware Variants   Sysmon  
원문 PDF 다운로드