• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.461-464
• /
• 2016

기업 사용자의 PC를 노리는 알려지지 않은 지능형 위협으로 전사적 IT자원 보안 문제가 대두하고 있다. 지정된 프로그램만 동작하게 하는 화이트리스트 보안 기술로 알려지지 않은 지능형 위협에 대응이 가능하다. 따라서 화이트리스트 기반 전사적 IT자원 보안 관제가 필요하다. 본 논문에서는 WhiteList 기반의 실시간 프로세스 분석을 통해 기업 사용자 PC 내에 허가되지 않은 프로그램을 관제할 수 있는 방법을 제시 하였고, 화이트리스트 기반 전사적 IT자원 보안 관제 시스템을 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1258-1261
• /
• 2007

온라인 피싱과 같은 경제적 목적의 정보 수집 행위들이 급격히 증가하고 있는 가운데, 위험 사이트 정보를 관리하는 블랙리스트 기반의 대응과 신뢰할 수 있는 사이트를 기반으로 하는 화이트 리스트 접근 방법이 활용되고 있다. 그러나 블랙리스트 기반 방법은 피싱 사이트의 유효시간을 볼 때 비현실적이며, 화이트 리스트 접근 방법은 인증된 사이트 내에 존재하는 악성 웹 페이지나 악성 사이트로 유도되는 피싱 메일에는 대응하기 어렵다. 이 논문에서는 화이트 리스트 접근 방법을 보완하기 위해 사용자 웹 페이지의 위험도를 정량화 할 수 있는 웹 페이지 위험도 산정 기법을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.346-349
• /
• 2014

Currently, the growing cyber threat continues, the damage caused by the evolution of malicious code incidents become more bigger. Such advanced attacks as APT using 'zero-day vulnerability' bring easy way to steal sensitive data or personal information. However it has a lot of limitation that the traditional ways of defense like 'access control' with blocking of application ports or signature base detection mechanism. This study is suggesting a way of controlling application activities focusing on keeping integrity of applications, authorization to running programs and changes of files of operating system by hardening of legitimate resources and programs based on 'white-listing' technology which analysis applications' behavior and its usage.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.641-653
• /
• 2013

Recent cyber attacks targeting control systems are getting sophisticated and intelligent notoriously. As the existing signature based detection techniques faced with their limitations, a whitelist model with security techniques is getting attention again. However, techniques that are being developed in a whitelist model used at the application level narrowly and cannot provide specific information about anomalism of various cases. In this paper, we classify abnormal cases that can occur in control systems of enterprises and propose a new whitelist model for detecting abnormal cases.

• 주택과사람들
• /
• s.201
• /
• pp.88-91
• /
• 2007

집을 꾸미는 데 둘째가라면 스타일리스트 박래경 씨의 분당 전원 주택은, 소탈하면서도 내추럴한 느낌이 강한 곳이다. 화려하게 꾸미지 않아도 멋스러움이 묻어나는 그녀의 집은 화이트와 브라운의 두 가지 컬러를 적절하게 배합해 꾸며진 심플하면서도 세련된 공간이다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.2
• /
• pp.95-102
• /
• 2010

This paper proposes a SPIT(Spam over IP Telephony) prevention framework which is using expanded white-list in real-time VoIP environment. The existing schemes are vulnerable to attack from spammers since they can continue to transfer SPIT upon changing their ID. And existing frameworks have experienced the time delay and overload as session initiates due to real-time operation. To solve these problems, the proposed scheme expands the scope of white lists by forming social networks using the white list, but it is to decide quickly whether pass a caller ID without searching the entire database. The proposed framework takes the three-stage architecture and the fast scoring system. The proposed framework minimize user's inconvenience and time delay for initiation of session, therefore, it is proper for real-time VoIP environment.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.6
• /
• pp.1369-1374
• /
• 2014

In case of APT attacks, the update server is being used as a means of dissemination, the update program is running malicious code or data in applications such as anti-virus signature is vulnerable to manipulation, SW Update threat identification and prevention measures are urgently required. This paper presents a natiional and international SW update structure, update process exploits and response measures to examine, Through the extraction/analysis of a domestic famous SW update log, we are willing to select the necessary component of the normal program update to identify a white list.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.228-231
• /
• 2016

현재 한 번의 공격으로 많은 피해를 줄 수 있는 국가기반시설 위주의 제어시스템은 사이버 공격의 대상으로 가장 적합하다고 할 수 있다. 이에 대비해 제어시스템에서 주로 사용되는 DNP3는 한정적이고 반복된 트래픽을 주고받아 화이트리스트 기반 보안 기법이 사이버 공격으로부터 효과적으로 시스템을 보호할 수 있다. 본 논문에서는 제어시스템에 알려져 있는 취약점에 대해서 소개하고, 화이트리스트 보안 기법을 적용하고 규칙을 정의하여 이상 징후를 탐지하였다.