• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제5권11호
• /
• pp.419-426
• /
• 2016

침해사고에 대한 위협이 지속적으로 증가하고 있는 가운데, 이에 대한 원인을 식별하고 해당 내용을 공유하여 유사한 침해사고에 대해 빠르게 대응하기 위한 침해지표(IOC, Indicators of Compromise)의 필요성이 증가하고 있다. 하지만, 국내의 경우 일부 업체에서만 이를 활용할 뿐 외국에 비해 침해지표의 활용 방안에 대한 연구가 많이 부족한 상황이다. 본 논문에서는 Cuckoo Sandbox의 악성코드 분석 결과를 바탕으로 빠르고 표준화된 침해지표 자동생성 방법과 이에 대한 활용 방안을 제안한다.

• 품질경영학회지
• /
• 제49권4호
• /
• pp.505-525
• /
• 2021

Purpose: The purpose of this study was to investigate factors influencing the intention to use Fintech Digital Sand(D-Testbed), which facilitate digital innovation in the financial sectors and allow fintech startups to simulate the PoC their innovative ideas before starting a business. Methods: This study used the Extended Technology Acceptance Model (TAM2), with independent variables such as social influence, personal innovativeness, service quality, relative advantage, and security concerns used in previous studies, for analysis. For mediator variables, the perceived usefulness and perceived ease of use were used in this study. Results: The results indicated that social influence and perceived usefulness have a positive effect on the intention to use. It was also analyzed that relative advantage has a mediating effect on perceived usefulness whereas service quality nor personal innovativeness are not statistically significant mediation. On the other hand, perceived ease of use on the intention is not statistically significant. By this, it was confirmed that the intention to use Fintech Digital Sand(D-Testbed) was to improve the business performance of fintech companies, but not because it was easy to learn and take less effort. Conclusion: The finding of the study provides valuable implications for invigorating the use of fintech digital sandbox(D-testbed) and identifying the factors that affect the perception and intention to use among employees in fintech companies in advance.

• 디지털융복합연구
• /
• 제17권6호
• /
• pp.335-340
• /
• 2019

미디어의 발달과 함께 다양해진 유저의 플랫폼 및 기술적 환경을 동시에 충족시키는 게임 콘텐츠를 디자인하는 것은 매우 어려운 문제이다. 온라인 플랫폼과 네트워킹을 기반으로 성장한 인디게임 분야는 자본의 개입으로부터 자유로운 만큼 다양하고 창의적인 게임 콘텐츠 개발의 시도가 활발하게 이루어졌고, 행동 자율성이 높으며 커스터마이징이 가능한 샌드박스형 게임이 큰 성공을 거두면서 더욱 성장해 나갔다. 본 논문에서는 인디게임을 주도하는 샌드박스형 게임의 성장에 있어 큰 특징적 요소로 사료되는 행동 자율성과 커스터마이징 시스템에 주목하였다. 표현기법으로써 3D 복셀 그래픽이 자주 채택되고 있다는 점에서 복셀 기반 그래픽의 유용성 및 특히 게임 캐릭터 구현에 대한 현황과, 효율적인 게임 그래픽 기법으로 활용될 수 있는 가능성을 연구해 보기로 한다.

• 디지털융복합연구
• /
• 제17권3호
• /
• pp.73-78
• /
• 2019

최근 신기술 기반의 새로운 제품이나 서비스를 규제 제약 없이 사업화를 진행 할 수 있도록 기존 규제의 유예 또는 면제를 시켜주는 한국형 규제 샌드박스(Sandbox) 제도의 도입 필요성이 제기되고 있다. 이에 정부에서는 산업융합, ICT, 핀테크 및 지역혁신성장 등 4개 분야를 중심으로 규제 여부를 신속히 확인하고, 일정한 조건(구역 기간 규모 등)을 설정하여 실험 실증과 시장출시를 허용하도록 관련 법령을 정비하고 있다. 그러나 동일한 규제 샌드박스가 적용됨에도 불구하고 적용되는 분야의 특성에 따라 신청주체, 규제특례의 적용여부, 의사결정 추진체계 및 재정 세제 지원여부 등의 차이점이 보인다. 본 연구는 규제 샌드박스가 적용되는 산업융합 분야의 산업융합촉진법, ICT 분야의 정보통신융합법, 핀테크 분야의 금융혁신법 및 지역혁신성장 분야의 지역특구법을 중심으로 비교 분석하여, 한국형 규제 샌드박스의 성공적인 안착을 위한 효율적인 운영방안을 제시하였다.

• Journal of Information Processing Systems
• /
• 제17권4호
• /
• pp.851-865
• /
• 2021

Enterprise networks in the PyeongChang Winter Olympics were hacked in February 2018. According to a domestic security company's analysis report, attackers destroyed approximately 300 hosts with the aim of interfering with the Olympics. Enterprise have no choice but to rely on digital vaccines since it is overwhelming to analyze all programs executed in the host used by ordinary users. However, traditional vaccines cannot protect the host against variant or new malware because they cannot detect intrusions without signatures for malwares. To overcome this limitation of signature-based detection, there has been much research conducted on the behavior analysis of malwares. However, since most of them rely on a sandbox where only analysis target program is running, we cannot detect malwares intruding the host where many normal programs are running. Therefore, this study proposes a method to detect malware variants in the host through logs rather than the sandbox. The proposed method extracts common behaviors from variants group and finds characteristic behaviors optimized for querying. Through experimentation on 1,584,363 logs, generated by executing 6,430 malware samples, we prove that there exist the common behaviors that variants share and we demonstrate that these behaviors can be used to detect variants.

• 디지털산업정보학회논문지
• /
• 제11권2호
• /
• pp.47-54
• /
• 2015

The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

• 디지털산업정보학회논문지
• /
• 제15권3호
• /
• pp.119-128
• /
• 2019

Minecraft game is a sandboxed game based on a high degree of users' freedom; the game encourages its users to recreate various play patterns to increase their immersion. Although recently there were many studies that use Minecraft game techniques to improve the teaching methods but still not well adapted due to being applications-based techniques. In this paper, we present a teaching model that utilizes the same concept of the Minecraft games in where learners customize the class concepts based on their needs. Moreover, Minecraft-based learning games attempt to be used for learner-led, creativity and programming instruction, to overcome these use-cases limitations, by our study we aim to include the Minecraft-based learning games in class teaching activities, theoretical and practical lessons. In this way, we intend to increase interest in programming lessons, and to increase immersion as another way of game learning. In the future, we attempt to measure various effects of the uses of Minecraft-game-based teaching in programming classes compare to the traditionally used methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권6호
• /
• pp.3258-3279
• /
• 2019

Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권12호
• /
• pp.3345-3363
• /
• 2023

Developers often use cross-platform frameworks to create mobile apps that can run on multiple platforms with minimal code changes. However, these frameworks may not suit all the needs of a specific app, so developers may also use native APIs to add platform-specific features. This method eventually dilutes the advantages of cross-platform development methodology that aims to reduce development costs and time, and often leads to a decision to return back to the original native mobile development methodology. In this study, we explore a different approach: combining different cross-platform tools to develop a storybook mobile app that meets various requirements. We have demonstrated that integrating two cross-platform solutions can be used reliably to develop complex mobile applications. However, we also report that this approach can introduce unforeseen issues such as sandbox redundancy, unexpected functional burdens, and redundant permission requests. Despite these challenges, we believe that combining two cross-platform solutions can be applied to a variety of functional and performance requirements, enabling the development of more sophisticated mobile applications at lower costs and with shorter development timelines than traditional mobile app development methodologies.

• International Journal of Computer Science & Network Security
• /
• 제22권2호
• /
• pp.29-38
• /
• 2022

The growth of digitalization processes around the world, covering almost all areas of human life, including the Fintech sector. In the field of financial technology, radical changes are taking place with increasing levels of automation, openness and consumer focus. In addition, in the context of the spread of coronavirus infection, quarantine and forced isolation, the role of digital technology is coming to the fore worldwide, including in Ukraine. The purpose of the article is to assess the development of Fintech ecosystem of European countries and outline the strategic parameters of domestic Fintech development. The study concluded that the investment raised for the Fintech industry increases annually and the quality and size of transactions gradually increases. Today, Fintech maintains its position as one of the most attractive markets for venture capitalists and the image of an industry with high potential, especially in the era of open banking. The most attractive markets for investors are mature markets, such as the United States, Germany and the United Kingdom, and the preferred niches for investment - the vertical of payments and lending. Trends in investment activity in terms of investing in financial technologies are studied. Moreover, investors prefer businesses that already have a significant scale or considerable potential to achieve it and become sustainable businesses.