다중 서열 정렬 기법을 이용한 변종 악성코드 분류
- Title
- 다중 서열 정렬 기법을 이용한 변종 악성코드 분류
- Other Titles
- Thesis for the Master of Science
- Author
- 조인겸
- Alternative Author(s)
- In Kyeom Cho
- Advisor(s)
- 임을규
- Issue Date
- 2016-02
- Publisher
- 한양대학교
- Degree
- Master
- Abstract
- Nowadays malware developers use various techniques to avoid detection of antivirus software. Using one of those techniques, attackers could make malware variants from an existing malware file. For malware variants, existing signature based detection methods could be avoidable because malware variants have some differences in static features like code or strings. Therefore, to detect and to classify malware variants, a behavior based detection is needed. This thesis proposed a technique to extract a representative API pattern from API call sequences of a malware family using the multiple sequence alignment (MSA) algorithm to measure similarities among malware variants. To extract API call sequences of malware, a sandbox tool was used. After that, the Clustal algorithm, one of the most popular MSA algorithms used in the Bioinformatics field, was applied to malware API call sequences, and a representative API pattern was extracted from the results of MSA. Experiments to test the extracted API signatures that are used to classify malware variants were carried out, and we measured classification accuracy of the representative API pattern of each family. The experimental results show that my proposed method can be effective to classify malware families. From the result of experiments, I proposed the behavioral relationship of each family also, and discussed about that.
- URI
- https://repository.hanyang.ac.kr/handle/20.500.11754/126490http://hanyang.dcollection.net/common/orgView/200000428363
- Appears in Collections:
- GRADUATE SCHOOL[S](대학원) > COMPUTER SCIENCE(컴퓨터·소프트웨어학과) > Theses (Master)
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML