DOI QR코드

DOI QR Code

악성코드 확산 모델링에 기반한 확산 예측 도구 개발

A Spread Prediction Tool based on the Modeling of Malware Epidemics

  • Shin, Weon (Department of Information Security, Tongmyong University)
  • 투고 : 2019.12.30
  • 심사 : 2020.02.15
  • 발행 : 2020.04.30

초록

엄청난 속도로 확산하는 랜섬웨어, 트로이목마, 인터넷 웜과 같은 악성코드는 인터넷의 주요한 위협이 되고 있다. 이러한 악성코드의 행위에 대응하기 위해서는 악성코드의 확산 방식과 영향을 끼치는 영향 요인을 이해하는 것이 필수적이다. 본 논문에서는 악성코드 확산 모델링에 기반을 둔 확산 예측 도구를 개발하였다. 이를 위하여 관련 연구를 살펴보고, 시스템 구성과 구현 방법을 살펴본 후 확산 예측 도구를 이용하여 워머블 악성코드 확산 실험을 수행하였다. 제안 확산 예측 도구를 잘 활용한다면, 최근 악명을 떨치는 워머블 악성코드에 대한 기본 지식만으로도 거시적 관점의 여러 조건에서 확산 형태를 예측하고 다양한 대응 방안을 모색할 수 있게 해준다.

Rapidly spreading malware, such as ransomware, trojans and Internet worms, have become one of the new major threats of the Internet recently. In order to resist against their malicious behaviors, it is essential to comprehend how malware propagate and how main factors affect spreads of them. In this paper, we aim to develop a spread prediction tool based on the modeling of malware epidemics. So we surveyed the related studies, and described the system design and implementation. In addition, we experimented on the spread of malware with major factors of malware using the developed spread prediction tool. If you make good use of the proposed prediction tool, it is possible to predict the malware spread at major factors and explore under various responses from a macro perspective with only basic knowledge of the recently wormable malware.

키워드

참고문헌

  1. Microsoft, Microsoft Security Intelligence Report Vol. 24, [Internet]. Available: https://info.microsoft.com/ww-landing-M365-SIR-v24-Report-eBook.html?lcid=en-us
  2. IBM, IBM X-Force Threat Intelligence Index 2019, [Internet]. Available: https://xforceintelligenceindex.mybluemix.net/
  3. S. Kim, J. Yoo, "A Study on Prediction of Malicious Code Infection Websites Using Markov Chain", Journal of Security Engineering, Vol.14, No.1, pp. 9-20, 2017. https://doi.org/10.14257/jse.2017.02.02
  4. H. W. Hethcote, "The Mathematics of Infectious Diseases", SIAM Review, vol. 42, No. 4, pp.599-653, 2000. https://doi.org/10.1137/S0036144500371907
  5. Y. Wang, S. Wen, Y. Xiang, and W. Zhou, "Modeling the Propagation of Worms in Networks: A Survey", IEEE Communications Surveys and Tutorials, Vol. 16, Issue 2, pp. 942-960, 2014. https://doi.org/10.1109/SURV.2013.100913.00195
  6. J. D. Murray, Mathematical Biology, Springer International Publishing, 1993.
  7. W. Shin, "A Study on the Spread and Responses of Mobile Worms by Wireless Network Environments", Journal of Korea Institute of Information and Communication Engineering, vol. 10, No. 4, pp.429-440, 2013.
  8. C. C. Zou, W. Gong, D. Towsley. "Code Red Worm Propagation Modeling and Analysis", in Proceedings of the 9th ACM conference on Computer and communications security, pp.138-147, 2002.
  9. Microsoft Security Response Center, Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) [Internet]. Available: https://msrc-blog.microsoft.com/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
  10. AhnLab ASEC, "WannaCryptor Ransomware Analysis", AhnLab, Analysis Report, 2017.
  11. KISA KrCERT, WannaCry Analysis Special Report [Internet]. Available:, https://www.krcert.or.kr/data/reportView.do?bulletin_writing_sequence=26747
  12. T. H. Park, K. B. Kim and W. Shin, "A Prediction Model for the Spread of WannaCryptor Ransomware," in Proceeding of Conference on Information Security and Cryptography-Summer 2019, Busan, pp. 204-208, 2019.