The Next Generation Malware Information Collection Architecture for Cybercrime Investigation

Ho-Mook Cho; Chang-Su Bae; Jaehoon Jang; Choi Sang Yong

doi:https://doi.org/10.9708/jksci.2020.25.11.123

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2020, 25(11), pp.123-129
DOI :https://doi.org/10.9708/jksci.2020.25.11.123
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Ho-Mook Cho ¹ , Chang-Su Bae ² , Jaehoon Jang ³ , Choi Sang Yong ⁴

¹ 한국과학기술원
² 에이펙스이에스씨
³ 에이펙스이에스씨
⁴ 영남이공대학교

ABSTRACT

Recently, cybercrime has become increasingly difficult to track by applying new technologies such as virtualization technology and distribution tracking avoidance. etc. Therefore, there is a limit to the technology of tracking distributors based on malicious code information through static and dynamic analysis methods. In addition, in the field of cyber investigation, it is more important to track down malicious code distributors than to analyze malicious codes themselves. Accordingly, in this paper, we propose a next-generation malicious code information collection architecture to efficiently track down malicious code distributors by converging traditional analysis methods and recent information collection methods such as OSINT and Intelligence. The architecture we propose in this paper is based on the differences between the existing malicious code analysis system and the investigation point's analysis system, which relates the necessary elemental technologies from the perspective of cybercrime. Thus, the proposed architecture could be a key approach to tracking distributors in cyber criminal investigations.
KEYWORDS

Malware , Cyber criminal , Intelligence , Cyber investigation , Trace
REFERENCES (25)

[report] ENISA / 2019 / ENISA Thread Landscape Report 2018

[journal] 김영수 / 2017 / Ensemble Model using Multiple Profiles for Analytical Classification of Threat Intelligence / 한국콘텐츠학회 논문지 / 한국콘텐츠학회 17 (3) : 231~237 / https://doi.org/10.5392/JKCA.2017.17.03.231

[web] / Open Threat eXchange(OTX) / https://otx.alienvault.com/

[web] / Malware Information Sharing Platform(MISP) / https://www.misp-project.org/

[journal] 임창완 / 2019 / Real-time Cyber Threat Intelligent Analysis and Prediction Technique / 정보과학회 컴퓨팅의 실제 논문지 / 한국정보과학회 25 (11) : 565~570 / https://doi.org/10.5626/KTCP.2019.25.11.565

[confproc] Choi Wonseok / 2018 / A System for Generating and Sharing Cyber Threat Intelligence on malicious code / Korea Software Congress 2018 : 1035~1036

[journal] 석선희 / 2016 / Visualized Malware Classification Based-on Convolutional Neural Network / 정보보호학회논문지 / 한국정보보호학회 26 (1) : 197~208 / http://dx.doi.org/10.13089/JKIISC.2016.26.1.197

[journal] Taejin Le / 2018 / Trend of intelligent malicious code analysis technology using machine learning / REVIEW OF KIISC 28 (2) : 12~19

[journal] 황준호 / 2019 / Study of Static Analysis and Ensemble-Based Linux Malware Classification / 정보보호학회논문지 / 한국정보보호학회 29 (6) : 1327~1337 / https://doi.org/10.13089/JKIISC.2019.29.6.1327

[journal] 황준호 / 2018 / Malware Packing Analysis Based on Convolutional Neural Network with 2-Dimension Static Feature Set / 한국통신학회논문지 / 한국통신학회 43 (12) : 2089~2099 / https://doi.org/10.7840/kics.2018.43.12.2089

[journal] 정성민 / 2019 / V-gram: Malware Detection Using Opcode Basic Blocks and Deep Learning / 정보과학회논문지 / 한국정보과학회 46 (7) : 599~605 / https://doi.org/10.5626/JOK.2019.46.7.599

[confproc] M. Sharif / 2009 / Automatic Reverse Engineering of Malware Emulators / 2009 30th IEEE Symposium on Security and Privacy : 94~109

[journal] 김순곤 / 2018 / Code Automatic Analysis Technique for Virtualization-based Obfuscation and Deobfuscation / 한국정보전자통신기술학회 논문지 / 한국정보전자통신기술학회 11 (6) : 724~731

[confproc] Ki-Hwan Kim / 2019 / A Malware Variants Detection Method using Malicious Behavior Signature / Korea Software Congress 2019 : 1633~1635

[journal] 안진웅 / 2019 / An Enhancement Scheme of Dynamic Analysis for Evasive Android Malware / 정보보호학회논문지 / 한국정보보호학회 29 (3) : 519~529 / https://doi.org/10.13089/JKIISC.2019.29.3.519

[web] / Ollydbg / http://www.ollydbg.de/

[web] / IDA pro / https://www.hex-rays.com/products/ida/

[web] / Cuckoo Sandbox / https://cuckoosandbox.org/

[web] / IP2Location / https://www.ip2location.com/

[web] / MaxMind / https://www.ip2location.com/

[web] / GeoByte / https://geobytes.com/iplocator/

[web] / NetAcuity / https://www.digitalelement.com/solutions/

[web] / DomainTools / https://www.domaintools.com/

[web] / Virustotal / https://www.virustotal.com/gui/

[web] / C-TAS / https://www.krcert.or.kr/data/noticeView.do?bulletin_writing_sequence=25824
KCI Citation (1)

KJC Korea
Journal Central

Statistics

Tools