The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Improved Detection Signature System in Hacking Response of One-Line Games

온라인 게임 해킹대응에서 Signature 기반 탐지방법 개선에 관한 연구

  • Lee, Chang Seon (Dept. of Business Administration, Sangmyung University) ;
  • Yoo, Jinho (Dept. of Business Administration, Sangmyung University)
  • Received : 2016.02.01
  • Accepted : 2016.02.23
  • Published : 2016.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Game companies are frequently attacked by attackers while the companies are servicing their own games. This paper analyzes the limit of the Signature detection method, which is a way of detecting hacking modules in online games, and then this paper proposes the Scoring Signature detection scheme to make up for these problems derived from the limits. The Scoring Signature detection scheme enabled us to detect unknown hacking attacks, and this new scheme turned out to have more than twenty times of success than the existing signature detection methods. If we apply this Scoring Signature detection scheme and the existing detection methods at the same time, it seems to minimize the inconvenient situations to collect hacking modules. And also it is expected to greatly reduce the amount of using hacking modules in games which had not been detected yet.

게임회사는 온라인 게임을 서비스하는 과정에서 공격자의 공격을 자주 받는다. 본 논문에서는 온라인 게임에서 해킹 모듈을 탐지하는 방식 중 하나인 Signature 탐지 방식의 한계점을 분석하고, 이러한 문제점을 보완하기 위한 Scoring Signature 탐지 방식을 제안하고자 한다. Scoring Signature 탐지 방식은 알려지지 않은 해킹 공격에 대한 수집 및 탐지를 가능토록하여 기존의 Signature 탐지 방식보다 20배 이상의 탐지 성과로 나타났다. 이 방식을 기존에 탐지하고 있는 방식과 병행하여 적용하면 해킹 모듈 수집에 대한 번거로움을 최소화하고 미탐지로 인한 게임내의 해킹 모듈 사용도 크게 감소시킬 수 있을 것으로 판단된다.

Keywords

References

  1. Cheat Engine, http://www.cheatengine.org/.
  2. Chess, D. M. and White, S. R., "An undetectable computer virus," In Proceedings of the 2000 Virus Bulletin Conference, 2000.
  3. Faloutsos, C. and Christodoulakis, S., "Description and Performance Analysis of Signature File Methods for Office Filing," ACM TOIS, Vol. 5, No. 3, pp. 237-257, 1987. https://doi.org/10.1145/27641.28057
  4. Ha, K. M., "Threatened to free server operator of DDoS attacks tear money 'cyber gang'," newsis, 2014.
  5. Jo, M. J. and Shin, J. S., "A Performance Enhancement Scheme for Signature-based Anti-Viruses," Journal of the Korea Industrial Information Systems Research, Vol. 20, No. 2, pp. 65-72, 2015. https://doi.org/10.9723/jksiis.2015.20.2.065
  6. Jung, J. H. and Lee, C. M, "Analysis of C2C Internet Fraud and Its Counter Measures," The Journal of Society for e-Business Studies, Vol. 20, No. 2, pp. 141-153, May 2015. https://doi.org/10.7838/jsebs.2015.20.2.141
  7. Kang, H.-K. et al, "Development of an automatic document malware analysis system," IT Convergence and Security 2012, Vol. 215, pp. 3-11, 2013.
  8. Kang, H. M., Bang, J. H., Lee, E. H., "Choice Satisfaction of the Broadband Internet Network Services," The Journal of Society for e-Business Studies, Vol. 16, No. 3, pp. 47-66, 2011. https://doi.org/10.7838/jsebs.2011.16.3.047
  9. Kim, H. J., "Cruise in the off-season second quarter of the neowiz game," moneytoday, 2008.
  10. Kim, J. S., "Freestyle, Southeast Asia in exports for three countries to globalization," NEWSWiRE, 2008.
  11. Kim, S. M. and Kim, H. K, "A research on improving client based detection feature by using server log analysis in FPS games" Journal of The Korea Institute of Information Security and Cryptology, Vol. 25, No. 6, 2015.
  12. Lee, B. H., "High-income part paid game the key to success," TheGames, 2007.
  13. Lee, C. S., "Hackers even unknown hacking story-let the others ride in memory" Microsoft Magazine, 2006.
  14. Lee, D. W., "FIFA 3, respite---KT CDN DDoS Attack," ZDNet Korea, 2014.
  15. Lee, J. N., "Casual game is not a big hit? Not that there is a national game Kart-Rider," the hankyoreh, 2005.
  16. Lim, G. G. and Lee, H. S., "An Exploratory Study on the status and classification of Cyber Money," Proceedings of the CALSEC Conference, pp. 17-28, 2005.
  17. "High-flying popular throughout the fifth anniversary of the service 'maple story'" NEXON, 2008.
  18. https://www.exploit-db.com/.
  19. Moran, D. B., "Trapping and Tracking Hackers: Collective security for survival in the Internet Age," Third Information Survivability Workshop. IEEE Computer Society Press, 2000.
  20. Nazario, J., "BlackEnergy DDoS Bot Analysis," 2007.
  21. Notorious, "hacking case 20 election that broke the IT companies," http://www.itworld.co.kr/slideshow/86870, 2014.
  22. Pascal Bouchareine, "Format String Vulnerability." https://www.win.tue.nl/-aeb/linux/hh/kalou/format.html, July 18 2000.
  23. Park, J.-W., Moon, S.-T., Son, G.-W., Kim, I.-K., Han, K.-S., Im, E.-G., and Kim, I.-G., "An Automatic Malware Classification System using String List and APIs," Journal of Security Engineering, Vol. 8, No. 5, pp. 611-626, 2011.
  24. Process Explorer, https://technet.microsoft.com/ko-kr/sysinternals/bb896653.
  25. Richter, J., "Load Your 32-bit DLL into Another Process's Address Space Using INJLIB," Microsoft Systems Journal, Vol. 9, No. 5, May. 1994.
  26. Schultz, M. G., Eskin, E., Zadok, E., and Stolfo, S. J., "Data Mining Methods for Detection of New Malicious Executables," IEEE Symposium on security and privacy, pp. 38-49, 2001.
  27. Shin, H. S., Song, Y. U., and Sung, N. H., "The Impact of Perception on the Difference Between Mobile and Stationary Internet Toward the Intention to Use Mobile Internet," The Journal of Society for e-Business Studies, Vol. 15, No. 3, pp. 99-129, 2010.
  28. Skape, Jarkko Turkulainen, "Remote Library Injection" http://www.nologin.org/Downloads/Papers/remote-library-injection.pdf, p. 14.
  29. Son, K. H., "CD Networks, DDoS cause "amplification attacks" increased" ZDNET Korea, 2015.
  30. Son, K. H., "Google Maps exploiting vulnerabilities DDoS occurs," ZDNET Korea, 2015.
  31. Tian, R., Batten, L., Islam, R., and Versteeg, S., "An automated classification system based on strings and of trojan and virus families," In Proceedings of MALWARE, 2009.
  32. Tully Joshua, "An Anti-Reverse Engineering Guide," 9 Nov 2008.
  33. Virus Total, https://www.virustotal.com/ko/#search.
  34. Virus Total API, https://www.virustotal.com/ko/documentation/public-api/.
  35. Wikipedia, http://en.wikipedia.org/wiki/Dynamic-link_library.
  36. Wikipedia, http://en.wikipedia.org/wiki/Hacking.
  37. Wikipedia, https://ko.wikipedia.org/wiki/MD5.
  38. Xu, J.-Y., Sung, A. H., Chavez, P., and Mukkamala, S., "Polymorphic malicious executable scanner by api sequence analysis," In Proc. of the 4th International Conference on Hybrid Intelligent Systems (HIS'04), Kitakyushu, Japan, IEEE, pp. 378-383, 2004.
  39. Yoo, H., Yun, J.-H., and Shon, T., "Whitelist- based anomaly detection for industrial control system security," The Journal of Korean Institute of Communications and Information Sciences, Vol. 38B, No. 8, pp. 641-653, 2013. https://doi.org/10.7840/kics.2013.38B.8.641
  40. Yoo, J. H., "Comparison of Information Security Controls by Leadership of Top Management," The Journal of Society for e-Business Studies Vol. 19, No. 1, pp. 63-78, 2014. https://doi.org/10.7838/jsebs.2014.19.1.063