Markov Logic Networks를 이용한 악성코드 행위 분류

Metadata Downloads
Issued Date
Malware producers employ various ways to make variants avoiding anti-virus programs. Existing anti-virus programs, however, detect or classify malware based on previously fixed signatures, so it is limited to detect variants with no signature information or detour codes inserted, which makes malware increase tremendously these days. In fact, malware detection technology used in previous signature-based methods is not sufficient, so to solve problems in malware variant detection, research is being done to detect and analyze malware variants themselves instead of detecting already discovered or new malware.
One of the primary fields of it is heuristic-based detection. It is a way to detect malware variants by using the rules or patterns of its detection system. When signature-based methods fail to detect, it can consider similarities with known malware or detect malicious behavior of codes. At this time, by using the call-out frequency of API function operating and calling malware in virtual environment or particular information about API calls, it performs detection through comparison on similarities with existing malware. Even in similar malware, however, the order of calls in API function often differs, and besides, detection takes long and error may arise often, too.
In order to solve such possibility of detection error, this author employs FP-Growth Algorithm and MLNs and suggests a method to overcome those limitations of existing methods. FP-Growth is one of the correlation analysis algorithms and can figure out correlation among data hidden in a big data set. Using it, this researcher creates malware's behavior pattern and applies it to MLNs. MLNs is one of the typical models for learning statistical correlation. It classifies malware variants based on the fact that inferences can be made if correlation among complex probability variables expressed in network forms is used to establish an accurate prediction model for parameters and correlation patterns.
Alternative Title
Classification of Malware Behavior using Markov Logic Networks
Alternative Author(s)
Lee, Mungyu
조선대학교 산업기술융합대학원
산업기술융합대학원 소프트웨어융합공학과
Awarded Date
2017. 2
Table Of Contents
목 차


Ⅰ. 서론 1
A. 연구 배경 및 목적 1
B. 연구 내용 및 구성 2

Ⅱ. 관련 연구 3
A. 악성코드 탐지와 분석 방법 4
1. 악성코드 탐지를 위한 코드 분석 4
2. Portable Excutable 파일 구조 분석 6
B. Markov Logic Networks를 이용한 추론 방법 8

Ⅲ. 변종 악성코드 추론 방법 11
A. 변종 악성코드 추론 및 분류 과정 11
B. API 추출 및 카테고리 생성 13
C. 빈발 악성행위 패턴 생성 15
1. FP-Tree 구축 15
2. 악성 행위 패턴 생성 17
D. MLNs를 이용한 알려지지 않은 악성코드 추론 20
1. MLNs 적용을 위한 규칙 설계 20
2. 가중치 선정 23

Ⅳ. 실험 및 결과 25
A. 실험데이터세트(Data Set) 25
B. 실험 평가 방법 및 결과 분석 26
1. 가중치 값 부여 규칙 실험 26
2. 변종 악성코드 추론을 위한 학습 최적화 28
3. 처리 성능 평가 29

Ⅴ. 결론 및 제언 32
참고문헌 33
조선대학교 산업기술융합대학원
이문규. (2016). Markov Logic Networks를 이용한 악성코드 행위 분류
Appears in Collections:
Engineering > Theses(Master)(산업기술창업대학원)
Authorize & License
  • AuthorizeOpen
Files in This Item:

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.