DOI QR코드

DOI QR Code

Development of a Performance Evaluation Model on Similarity Measurement Method of Malware

악성코드 유사도 측정 기법의 성능 평가 모델 개발

  • 천성택 (공주대학교 융합과학과) ;
  • 김희석 (한국과학기술정보연구원 과학기술사이버안전센터) ;
  • 임광혁 (배재대학교 전자상거래학과) ;
  • 김규일 (한국과학기술정보연구원 과학기술사이버안전센터) ;
  • 서창호 (공주대학교 융합과학과)
  • Received : 2014.08.27
  • Accepted : 2014.09.11
  • Published : 2014.10.28

Abstract

While there is a great demand for malware classification to reduce the time required in malware analysis and find a new type of malware, various similarity measurement methods of malware to classify a lot of malwares have been proposed. But, the existing methods to measure similarity just represented the classification results by them and have not carried out performance comparison with other methods. This is because an evaluation model to compare the performance of similarity measurement methods is non-existent. In this paper, we propose a new performance evaluation model on similarity measurement methods of malware by using two indicators: success rate and degree of confidence. In addition, we compare and evaluate the performance of existing similarity measurement methods by using these two indicators.

Keywords

Malware Classification;Similarity Measurement Method;Static Analysis;Dynamic Analysis;Honeypot

Acknowledgement

Grant : 대용량 보안 이벤트 자동검증 고도화 기술연구

Supported by : 한국과학기술정보연구원

References

  1. M. Bailey, J. Oberheide, J. Andersen, and Z. M. Mao, "Automated classification and analysis of Internet malware," RAID 2007, LNCS 4637, Springer-Verlag, pp.178-197, 2007.
  2. K. Rieck, T. Holz, C.Willems, P. Dussel, and P. Laskov, "Learning and classification of malware behavior," DIMVA 2008, LNCS 5137, Springer-Verlag, pp.108-125, 2008.
  3. J. Nakazato, J. Song, M. Eto, D. Inoue, and K. Nakao, "A novel malware clustering method using frequency of function call traces in parallel threads," IEICE Trans. on Inf. And Syst., Vol.E94-D, No.11, pp.2150-2158, 2011. https://doi.org/10.1587/transinf.E94.D.2150
  4. K. Iwamoto and K. Wasaki, "Malware Classification based on Extracted API Sequences using Static Analysis," AINTEC 2012, ACM, pp.31-38, 2012.
  5. V. P., H. Jain, Y. K. Golecha, M. S. Gaur, and V. Laxmi, "Medusa: MEtamorphic Malware Dynamic Analysis Using Signature from API," SIN 2010, ACM, pp.263-269, 2010.
  6. http://www.opswat.com/about/media/reports/antivirus-january-2014
  7. 김성환, 조환규, "PAM 행렬 모델을 이용한 음소간 유사도 자동 계산 기법", 한국콘텐츠학회논문지, 제12권, 제3호, pp.34-43, 2012.
  8. 유주원, 김종원, 최종욱, 배경율, "개선된 비디오 장면 유사도 검출 알고리즘", 한국콘텐츠학회논문지, 제9권, 제2호, pp.43-50, 2009. https://doi.org/10.5392/JKCA.2009.9.2.043
  9. http://www.cuckoosandbox.org/