http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
문서 구조 및 스트림 오브젝트 분석을 통한 문서형 악성코드 탐지
강아름(Ah Reum Kang),정영섭(Young-Seob Jeong),김세령(Se Lyeong Kim),김종현(Jonghyun Kim),우지영(Jiyoung Woo),최선오(Sunoh Choi) 한국컴퓨터정보학회 2018 韓國컴퓨터情報學會論文誌 Vol.23 No.11
In recent years, there has been an increasing number of ways to distribute document-based malicious code using vulnerabilities in document files. Because document type malware is not an executable file itself, it is easy to bypass existing security programs, so research on a model to detect it is necessary. In this study, we extract main features from the document structure and the JavaScript contained in the stream object In addition, when JavaScript is inserted, keywords with high occurrence frequency in malicious code such as function name, reserved word and the readable string in the script are extracted. Then, we generate a machine learning model that can distinguish between normal and malicious. In order to make it difficult to bypass, we try to achieve good performance in a black box type algorithm. For an experiment, a large amount of documents compared to previous studies is analyzed. Experimental results show 98.9% detection rate from three different type algorithms. SVM, which is a black box type algorithm and makes obfuscation difficult, shows much higher performance than in previous studies.