워드 임베딩 기반의 비정상 윈도우 파일 경로 탐지 기법

Vol. 34, No. 6, pp. 1459-1469, 12월. 2024
10.13089/JKIISC.2024.34.6.1459, Full Text:
Keywords: digital forensic, filepath, Windows, Machine Learning, Word Embedding
Abstract

In the field of digital forensics, particularly in Windows forensics, rapidly distinguishing between normal and suspicious files is a critical challenge. Analyzing the vast amount of files present in a system can be time-consuming and costly. This study proposes a method to identify suspicious files using natural language processing techniques based solely on file paths. To achieve this, the study utilizes the New Technology File System (NTFS) Master File Table (MFT) to obtain paths for all files in the Windows file system. The file paths are converted into vectors that capture their structural characteristics using a word embedding model, which is commonly used in natural language processing. These vectors are then compared using machine learning techniques to classify abnormal file paths. Experiments conducted with data collected from real-world environments demonstrated that the detection model can effectively identify abnormal file paths with an accuracy of up to 94%

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
이라경 and 송현민, "Abnormal Windows File Path Detection Technique Based on Word Embedding," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 6, pp. 1459-1469, 2024. DOI: 10.13089/JKIISC.2024.34.6.1459.

[ACM Style]
이라경 and 송현민. 2024. Abnormal Windows File Path Detection Technique Based on Word Embedding. Journal of The Korea Institute of Information Security and Cryptology, 34, 6, (2024), 1459-1469. DOI: 10.13089/JKIISC.2024.34.6.1459.