소개글

"의사 결정 트리를 이용한 악성 행위 분석 기반 침입 차단 시스템 졸업 논문 발표 자료(Master Thesis)"에 대한 내용입니다.

목차

1. 서론
1.1 연구배경
1.2 연구목표

2. 관련연구
2.1 침입차단시스템
2.2 악성코드행위분석
2.3 의사결정트리
2.4 침입차단시스템요구사항
2.5 기존연구

3. 의사결정트리를이용한악성행위분석기반침입차단시스템
3.1 시스템아키텍쳐
3.2 동작절차
3.3 프로토타입구현
3.4 비교및 분석

4. 결론

본문내용

1.1 연구배경

• 신규 악성코드의 증가
- 신규 악성 코드가 증가함에 따라 기존 악성코드에 의존한 보안으로는 어려움
• 특정 타겟을 목표로 한 Advanced Persistent Threats (APT) 공격이 활발하게 이루어지고 있음
• APT 공격의 90% 이상은 사회공학적 기법으로 유발

- 스피어피싱과 USB감염이 대표적인 예
- 사용자의 이목을 집중 시키는 이메일과 함께 악성 파일을 첨부하여 오픈율을 높임
• 초기 침투 후에 지능적이고 조직적인 악성 파일로 변화함
- 문서파일(.doc, .pdf, .hwp, .xls) -> 악성파일 (exe, dll, temp)

참고 자료

VirvilisNikos, and Dimitris Gritzalis. "The big four-what we did wrong in advanced persistent threat detection?." Availability, Reliability and Security (ARES), 2013 Eighth International Conference on. IEEE, 2013.
Neda AfzaliSeresht, Reza Azmi, "MAIS-IDS: A distributed intrusion detection system using multi-agent AIS approach", Engineering Applications of Artificial Intelligence, Vol. 35, pp.286-298
Hung-Jen Liao, Chun-Hung Richard Lin, Ying-ChihLin, Kuang-Yuan Tung, "Intrusion detection system: A comprehensive", Journal of Network and Computer Applications, Vol.36, Iss.1, pp.16-24, 2013
Nicolas Falliere, Liam O Murchu, and Eric Chien, "W32.Stuxnet Dossier Version 1.4 (February 2011)", Symantec Corporation, 2011
BoldizsárBencsáth, GáborPék, LeventeButtyán, MárkFélegyházi, " Duqu: Analysis, detection, and lessons learned." ACM European Workshop on System Security (EuroSec). Vol. 2012. 2012
"The ‘Red October’ Campaign—An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies", (14 Jan 2013), GReAT, Kaspersky Lab
"CARBANAK APT THE GREAT BANK ROBBERY”, Version 2.1, February 2015, Kaspersky lab
Chirag Modi, DhirenPatel, BhaveshBorisaniya, Hiren Patel, AviPatel, MuttukrishnanRajarajan, “A survey of intrusion detection techniques in Cloud”, Journal of Network and Computer Applications, vol.36, iss.1, pp.42-57, 2013
NirNissim, Robert Moskovitch, LiorRokach, Yuval Elovici, “Novel active learning methods for enhanced PC malware detection in windows OS”, Expert Systems with Applications, vol.41, iss.13, pp.5843-5857, 2014
ShahidAlam, R.NigelHorspool, IssaTraore, Ibrahim Sogukpinar, "A framework for metamorphic malware analysis and real-time detection", Computers&Security, Vol.48, pp.212-233, 2015
Aziz Mohaisen, Omar Alrawi, ManarMohaisen, "Amal: High-fidelity, behavior-based automated malware analysis and classification", Computer&Security, pp.1-16, 2015
Ping Wang, Yu-Shih Wang, "Malware behaviouraldetection and vaccine development by using a support vector model classifier", Journal of Computer and System Sciences, Vol. 81, Iss . 6, pp.1012-1026, 2015
Ammar Ahmed E. Elhadi, MohdAizainiMaarof, BazaraI.A. Barry, HentabliHamza, "Enhancing the detection of metamorphic malware using call graphs" Computers&Security, Vol 46, pp.62-78, 2014
LIU Wu, REN Ping, LIU Ke, DUAN Hai-xin, "Behavior-based Malware Analysis and Detection", 2011 First International Workshop on Complexity and Data Mining, pp.39-42, 2011
김태근, 임을규, “악성코드변종 탐지를 위한 코드 재사용 분석 기법”, 정보보호학회지, Vol.24, Iss.1, pp32-38, 2014
NirNissim, Robert Moskovitch, LiorRokach, Yuval Elovici, “Novel active learning methods for enhanced PC malware detection in windows OS”, Expert Systems with Applications, Vol.41, pp.5843-5857, 2014
JnanamurthyHK, Chirag Warty, Sanjay Singh, “Threat Analysis and Malicious User Detection in Reputation Systems using Mean Bisector Analysis and Cosine Similarity (MBACS)”, Annual IEEE India Conference (INDICON), 2013
BALDANGOMBO, Usukhbayar; JAMBALJAV, Nyamjav; HORNG, Shi-Jinn. “A static malware detection system using data mining methods”. cornelluniversity library, arXivpreprint arXiv:1308.2831, 2013.27