• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.251-258
• /
• 2017

Most malware, including Ransomware, is built for the Windows operating system. This is because it is more harmful to target an operating system with a high share. But in recent years, MacOS's operating system share has steadily increased. As people become more and more used, the number of malicious code running on the MacOS operating system is increasing. Ransomware has been known to Korea since 2015, and damage cases are gradually increasing. MacOS is no longer free from Ransomware, as Ransomware for MacOS was discovered in March 2016. In order to cope with future Ransomware, this paper used Ransomware's modified file extension to detect Ransomware. We have studied how to detect and block Ransomware processes by distinguishing between extensions changed by the user and extensions changed by the Ransomware process.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.46-52
• /
• 2017

Along with the expansion of areas in which ICT and Internet of Things (IoT) devices are utilized, open source software has recently expanded its scope of applications to include computers, smart phones, and IoT devices. Hence, as the scope of open source software applications has varied, there have been increasing malicious attempts to attack the weaknesses of open source software. In order to address this issue, various secure coding programs have been developed. Nevertheless, numerous vulnerabilities are still left unhandled. This paper provides some methods to handle newly raised weaknesses based on the analysis of histories and patterns of previous open source vulnerabilities. Through this study, we have designed a weaknesses analysis system that utilizes weakness histories and pattern learning, and we tested the performance of the system by implementing a prototype model. For five vulnerability categories, the average vulnerability detection time was shortened by about 1.61 sec, and the average detection accuracy was improved by 44%. This paper can provide help for researchers studying the areas of weaknesses analysis and for developers utilizing secure coding for weaknesses analysis.