Concept Graph와 SVM을 이용한 악성 스크립트 코드 분석

Abstract

There are a lot of malicious codes on the internet and many research studies methods for detection of them. Generally, detection methods of malicious codes compare source codes through definition and analysis pattern of malicious codes. In this paper, proposed method is a malicious code detection using relations and concepts between codes pattern based on semantics. Also, this method is detection of malicious script code through token conceptualization for extraction of relations and concepts in source codes because conceptual graph and regularization pattern matching between malicious behaviors in codes. In experiment, we test a malicious behavior distinction based on SVM(Support Vector Machine) training and the result is indicated adequate rate of malicious code detection. With increasing internet use, the number of malicious codes is spreading rapidly through internet services. The most common type of malicious code is viruses. But malicious codes are evolving more complex and smart. Malicious codes are designed to affect your computer adversely such as making your computer to malfunction, disseminate information, or distributed service attack. In order to detect these malicious script codes, signature based scanning is used most commonly. It cannot detect the malicious codes unknown or source codes with their structure modified. In order to detect unknown malicious codes, a new approach is needed conceptually different from existing methods. Hence, we propose a new method for detecting malicious codes using conceptual graphs while decreasing error rates compared with the existing methods. For this purpose, we define the concept and relation of source codes and propose a method of using SVM learning result of malicious codes after creating a conceptual graph using the concept and relation.