ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Multi-Region based Clustering Analysis Method for Unknown Malicious Code Detection
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Byoung Koo Kim, Seung Yong Yoon, Ik Kyun Kim, Jin Tae Oh
Issue Date
2009-07
Citation
International Conference on Security and Management (SAM) 2009, pp.1-6
Language
English
Type
Conference Paper
Abstract
The computer virus had been being developed into the various things like the worm rapidly propagated through a network, the Trojan horse causing data leakage, and the executable malicious software with the object of the file infection. The malicious software is a fact to more and more add a risk in the technical face and disturbingly make computer users. An injury is over the time comprised the tendency of increase. Therefore, various methodologies for reactions for protecting the computer system from the threats of the new malicious software are actively studied. In this paper, we present the technology for detecting the executable malicious software. It uses the clustering analysis technique about the executable file which is divided many feature regions into. The proposed technique can detect till not only the known malicious software but also unknown malicious software. Most of all, it uses the clustering analysis technique that measures the byte distribution similarity between malicious executable files and normal executable files. That is, the proposed technique easily can detect the malicious software without the complicated command analysis. Therefore, it can minimize the load on the system execution. Also, it can decide more accurately in which parts is transformed into or not by applying the clustering technique about many feature regions.
KSP Keywords
Analysis method, Byte distribution, Clustering Analysis, Clustering Technique, Computer Virus, Computer systems, Data Leakage, Executable file, Feature regions, Malicious code detection, Region-based