摘要
A ransomware attack that interrupted the operation of Colonial Pipeline(a large U.S.oil pipeline company),showed that security threats by malware have become serious enough to affect industries and social infrastructure rather than individuals alone.The agents and characteristics of attacks should be identified,and appropriate strategies should be established accordingly in order to respond to such attacks.For this purpose,the first task that must be performed is malware classification.Malware creators are well aware of this and apply various concealment and avoidance techniques,making it difficult to classify malware.This study focuses on new features and classification techniques to overcome these difficulties.We propose a behavioral performance visualization method using utilization patterns of system resources,such as the central processing unit,memory,and input/output,that are commonly used in performance analysis or tuning of programs.We extracted the usage patterns of the system resources for ransomware to performbehavioral performance visualization.The results of the classification performance evaluation using the visualization results indicate an accuracy of at least 98.94%with a 3.69%loss rate.Furthermore,we designed and implemented a framework to perform the entire process—from data extraction to behavioral performance visualization and classification performance measurement—that is expected to contribute to related studies in the future.
基金
This work was supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project No.2019-0-00426%,10%)
the ICT R&D Program of MSIT/IITP(Project No.2021-0-01816,A Research on Core Technology of Autonomous Twins for Metaverse,10%)
National Research Foundation of Korea(NRF)grant funded by the Korean government(Project No.NRF-2020R1A2C4002737%,80%).
