• Title/Summary/Keyword: Attack Mail

Search Result 46, Processing Time 0.025 seconds

A Classification Model for Attack Mail Detection based on the Authorship Analysis (작성자 분석 기반의 공격 메일 탐지를 위한 분류 모델)

  • Hong, Sung-Sam;Shin, Gun-Yoon;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.18 no.6
    • /
    • pp.35-46
    • /
    • 2017
  • Recently, attackers using malicious code in cyber security have been increased by attaching malicious code to a mail and inducing the user to execute it. Especially, it is dangerous because it is easy to execute by attaching a document type file. The author analysis is a research area that is being studied in NLP (Neutral Language Process) and text mining, and it studies methods of analyzing authors by analyzing text sentences, texts, and documents in a specific language. In case of attack mail, it is created by the attacker. Therefore, by analyzing the contents of the mail and the attached document file and identifying the corresponding author, it is possible to discover more distinctive features from the normal mail and improve the detection accuracy. In this pager, we proposed IADA2(Intelligent Attack mail Detection based on Authorship Analysis) model for attack mail detection. The feature vector that can classify and detect attack mail from the features used in the existing machine learning based spam detection model and the features used in the author analysis of the document and the IADA2 detection model. We have improved the detection models of attack mails by simply detecting term features and extracted features that reflect the sequence characteristics of words by applying n-grams. Result of experiment show that the proposed method improves performance according to feature combinations, feature selection techniques, and appropriate models.

A Profiling Case Study to Phishing Mail Attack Group (피싱 메일 공격조직에 대한 프로파일링 사례 연구)

  • Lee, Jae-il;Lee, Yong-joon;Kwon, Hyuk-jin
    • Journal of Internet Computing and Services
    • /
    • v.21 no.2
    • /
    • pp.91-97
    • /
    • 2020
  • Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

Protecting E-mail Server with Class-Based Rate Limiting Technique (클래스 기반의 대역 제한 기법을 통한 이메일 서버의 보호)

  • Yim, Kang-Bin;Lee, Chang-Hee;Kim, Jong-Su;Choi, Kyung-Hee;Jung, Gi-Hyun
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.41 no.6 s.324
    • /
    • pp.17-24
    • /
    • 2004
  • This paper proposes an efficient technique to protect e-mail server from DDoS attack using the CBQ (Class Based Queuing) algorithm The proposed method classifies incoming trafic to an e-mail server into three classes: 'more important mail traffic', 'less important traffic' and 'unknown traffic' and assigns bandwidths differently to the traffics. By differentiating the bandwidths of classes, normal mail traffic may flow even under DDoS attack in the proposed technique. The proposed technique is implemented on an embedded system which hires a switching processor with the WFHBD(Weighted Fair Hashed Bandwidth Distribution) engine that has been known as an efficient algorithm to distribute a given bandwidth to multiple sources, and it is verified that it can be an efficient way to protect e-mail server from DDoS attack.

A Study on the Effectiveness of Secure Responses to Malicious E-mail (악성 이메일에 대한 안전한 대응의 효과성 연구)

  • Lee, Taewoo;Chang, Hangbae
    • Journal of Platform Technology
    • /
    • v.9 no.2
    • /
    • pp.26-37
    • /
    • 2021
  • E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

E-mail System Model based on Ethereum (이더리움 기반 이메일 시스템 모델)

  • Kim, Taekyung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.13 no.4
    • /
    • pp.99-106
    • /
    • 2017
  • With the advent of virtual money such as bit coins, interest in the block chain is increasing. Block Chain is a technology that supports Distributed Ledger and is a versatile technology applicable to various fields. Currently, the block chain is conducting research for various applications such as virtual money, trade finance, marketplace, power market, image contents service, and IoT. The technologies that make up the block chain are smart contract, digital signature/hash function and consensus algorithm. And these technologies operate on P2P networks. In this paper, we have studied e-mail system based on the ethereum which is one of the block chain based technologies. Most legacy mail systems use SMTP and the POP3/IMAP protocol to send and receive e-mail, and e-mail use S/MIME to protect the e-mail. However, S/MIME is vulnerable to DDoS attacks because it is configured centrally. And it also does not provide non-repudiation of mail reception. To overcome these weaknesses, we proposed an e-mail system model based on ethereum. The proposed model is able to cope with DDoS attack and forgery prevention by using block chain based technology, and reliable recording and management among block chain participants are provided, so that it is possible to provide a non-repudiation function of e-mail transmission and reception.

Sender Authentication Mechanism based on SW Security Card with PGP for Secure E-mail (SW 형태의 보안카드와 PGP 기반 안전한 E-mail 송신자 인증 기법)

  • Lee, Hyung-Woo
    • The Journal of Korean Association of Computer Education
    • /
    • v.10 no.3
    • /
    • pp.57-66
    • /
    • 2007
  • E-mail system is considered as a most important communication media, which can be used to transmit personal information by internet. But e-mail attack also has been increased by spoofing e-mail sender address. Therefore, this work proposes sender verification faculty for spam mail protection at sender's MTA by using security card for protection forged sender and also for authenticating legal sender. Sender's mail MT A requests security card's code number to sender. Then sender input code number and generate session key after sender verification. Session key is used to encrypt sender's signature and secure message transmission. This work can provide efficient and secure e-mail sender authentication with sender verification and message encryption.

  • PDF

Feature-selection algorithm based on genetic algorithms using unstructured data for attack mail identification (공격 메일 식별을 위한 비정형 데이터를 사용한 유전자 알고리즘 기반의 특징선택 알고리즘)

  • Hong, Sung-Sam;Kim, Dong-Wook;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.20 no.1
    • /
    • pp.1-10
    • /
    • 2019
  • Since big-data text mining extracts many features and data, clustering and classification can result in high computational complexity and low reliability of the analysis results. In particular, a term document matrix obtained through text mining represents term-document features, but produces a sparse matrix. We designed an advanced genetic algorithm (GA) to extract features in text mining for detection model. Term frequency inverse document frequency (TF-IDF) is used to reflect the document-term relationships in feature extraction. Through a repetitive process, a predetermined number of features are selected. And, we used the sparsity score to improve the performance of detection model. If a spam mail data set has the high sparsity, detection model have low performance and is difficult to search the optimization detection model. In addition, we find a low sparsity model that have also high TF-IDF score by using s(F) where the numerator in fitness function. We also verified its performance by applying the proposed algorithm to text classification. As a result, we have found that our algorithm shows higher performance (speed and accuracy) in attack mail classification.

An Implementation and Evaluation of FQDN Check System to Filter Junk Mail (정크메일 차단을 위한 FQDN 확인 시스템의 구현 및 평가)

  • Kim Sung-Chan;Lee Sang-Hun;Jun Moon-Seog
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.361-368
    • /
    • 2005
  • Internet mail has become a common communication method around the world because of tremendous Internet service usage increment. In other respect, Most Internet users' mail addresses are exposed to spammer, and the damage of Junk mail is growing bigger and bigger. These days, Junk mail delivery problem is becoming more serious, because this is used for an attack or propagation scheme of malicious code. It's a most dangerous dominant cause for computer system accident. This paper shows the Junk mail filtering model and implementation which is based on FQDN (Fully Qualified Domain Name) check and evaluates it for proposing advanced scheme against Junk mail.

EMICS: E-mail based Malware Infected IP Collection System

  • Lee, Taejin;Kwak, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.6
    • /
    • pp.2881-2894
    • /
    • 2018
  • Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

Modeling and Simulation of Firewall System and Security Functions of Operating System for Network Security (네트워크 보안을 위한 침입차단 시스템과 운영체제 보안 기능 모델링 및 시뮬레이션)

  • 김태헌;이원영;김형종;김홍근;조대호
    • Journal of the Korea Society for Simulation
    • /
    • v.11 no.2
    • /
    • pp.1-16
    • /
    • 2002
  • The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

  • PDF