• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.1-6
• /
• 2005

Today the malicious approach and information threat against a network system increase and, the demage about this spread to persnal user from company. The product which provides only unit security function like an infiltration detection system and an infiltration interception system reached the limits about the composition infiltration which is being turn out dispersion anger and intelligence anger Necessity of integrated security civil official is raising its head using various security product about infiltration detection, confrontation and reverse tracking of hacker. Because of the quantity to be many analysis of the event which is transmitted from the various security product and infiltration alarm, analysis is difficult. So server is becoming the charge of their side. Consequently the dissertation will research the method to axis infiltration alarm data to solve like this problem.

• KIISE Transactions on Computing Practices
• /
• v.24 no.2
• /
• pp.99-104
• /
• 2018

Recently, there are increasing damages by ransomware in the world. Ransomware is a malicious software that infects computer systems and restricts user's access to them by locking the system or encrypting user's files saved in the hard drive. Victims are forced to pay the 'ransom' to recover from the damage and regain access to their personal files. Strong countermeasure is needed due to the extremely vicious way of attack with enormous damage. Malware analysis method can be divided into two approaches: static analysis and dynamic analysis. Recent malwares are usually equipped with elaborate packing techniques which are main obstacles for static analysis of malware. Therefore, this paper suggests a dynamic analysis method to monitor activities of ransomware. The proposed method can analyze ransomwares more accurately. The suggested method is comprised of extracting signatures of benign program, malware, and ransomware, and selecting the most appropriate signatures for ransomware detection.

• Journal of Information Processing Systems
• /
• v.19 no.3
• /
• pp.289-301
• /
• 2023

Due to the development and dissemination of modern technology, anyone can easily communicate using services such as social network service (SNS) through a personal computer (PC) or smartphone. The development of these technologies has caused many beneficial effects. At the same time, bad effects also occurred, one of which was the spam problem. Spam refers to unwanted or rejected information received by unspecified users. The continuous exposure of such information to service users creates inconvenience in the user's use of the service, and if filtering is not performed correctly, the quality of service deteriorates. Recently, spammers are creating more malicious spam by distorting the image of spam text so that optical character recognition (OCR)-based spam filters cannot easily detect it. Fortunately, the level of transformation of image spam circulated on social media is not serious yet. However, in the mail system, spammers (the person who sends spam) showed various modifications to the spam image for neutralizing OCR, and therefore, the same situation can happen with spam images on social media. Spammers have been shown to interfere with OCR reading through geometric transformations such as image distortion, noise addition, and blurring. Various techniques have been studied to filter image spam, but at the same time, methods of interfering with image spam identification using obfuscated images are also continuously developing. In this paper, we propose a deep learning-based spam image detection model to improve the existing OCR-based spam image detection performance and compensate for vulnerabilities. The proposed model extracts text features and image features from the image using four sub-models. First, the OCR-based text model extracts the text-related features, whether the image contains spam words, and the word embedding vector from the input image. Then, the convolution neural network-based image model extracts image obfuscation and image feature vectors from the input image. The extracted feature is determined whether it is a spam image by the final spam image classifier. As a result of evaluating the F1-score of the proposed model, the performance was about 14 points higher than the OCR-based spam image detection performance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.7
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of Korea Multimedia Society
• /
• v.14 no.1
• /
• pp.144-152
• /
• 2011

As IPv4 addresses are exhausting, the use of IPv6 addresses is increasing. IPv6 environment provides address auto-configuration function. If addresses are allocated to each host automatically, network management system has difficulty in inspecting every IP of all devices and keeping the relevant informations. Also, as IP addresses are configured automatically, problems such as malicious users accessing network devices with no restriction can occur. To solve these problems, managing and blocking of malicious user is necessary. In this paper, we suggest agent system for searching of host computer and blocking network access which manages and protects the major network resources efficiently by searching host and blocking unauthorized host access to network in IPv6 environment. According to the test results of function of this agent system in IPv6 environment, we have checked that this system performs searching and blocking function normally.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.199-207
• /
• 2013

Recently, hacking is seen as a criminal activity beyond an activity associated with curiosity in the beginning. The malignant bot which is used as an attack technique is one of the examples. Malignant Bot is one of IRC Bots and it leaks user's information with attacker's command by attacking specified IP range. This paper will discuss an access method and a movement process by analyzing shadowbot which is a kind of a malignant Bot and will suggest possible countermeasure. This study has two distinct features. First, we analyze malignant Bot by analyzing tools such as VM ware. Second, we formulate a hypothesis and will suggest possible countermeasure through analyzing malignant Bot's access method and movement. Performance evaluation will be conducted by applying possible countermeasure to see if it can prevent attacks from malignant bot.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.4
• /
• pp.93-99
• /
• 2011

Recently, the development of internet technology makes user's personal data used by being saved in USB. But there is a critical issue that personal data can be exposed with malicious purpose because that personal data doesn't need to be certificate to use. This paper proposes USB security framework to prevent a duplicate use of personal data for protecting the data which in USB. The proposed USB security framework performs certification process of user with additional 4bite of user's identification data and usage choice of USB security token before certification data when the framework uses USB security product in different network. It makes communication overhead and service delay increased. As a result of the experiment, packet certification delay time is more increased by average 7.6% in the proposed USB security framework than simple USB driver and USB Token, and procedure rate of certification server on the number of USB is also increased by average 9.8%.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.1
• /
• pp.455-461
• /
• 2020

Electronic payment system using Internet banking is a very important application for users of e-commerce environment. With rapidly growing use of fintech applications, the risk and damage caused by malicious hacking or identity theft are getting significant. To prevent the damage, fraud detection system (FDS) calculates the risk of the electronic payment transactions using user profiles including types of goods, device status, user location, and so on. In this paper, we propose a new risk calculation method using relative location of users such as SSID of wireless LAN AP and MAC address. Those relative location information are more difficult to imitate or copy compared with conventional physical location information like nation, GPS coordinates, or IP address. The new method using relative location and cumulative user characteristics will enable stronger risk calculation function to FDS and thus give enhanced security to electronic payment systems.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.11
• /
• pp.427-432
• /
• 2014

The Purpose of local system attacks is to acquire administrator's(root) privilege shell through the execution of the malicious program or change the flow of the program. This acquiring shell through attack is still valid approach method and it is difficult to cope with improving each of vulnerability because the attacker can select various forms of attack. Linux allocate a set of credentials when login, in order to manage user permissions. Credentials were issued and managed by the kernel directly, and also the kernel ensures that any change cannot be occurred outside of kernel. But, user's credentials that acquired root privilege through system attacks occurs a phenomenon that does not remain consistent. In this paper we propose a security module to detect a security threats that may cause to users and tasks by analysis user task execution and inconsistency credentials.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.5
• /
• pp.7-19
• /
• 2019

Ransomware is a malicious program that requires the cost of decryption after encrypting files on the user's desktop. Since the frequency and the financial damage of ransomware attacks are increasing each year, ransomware prevention, detection and recovery system are needed. Baek et al. proposed SSD-Insider, an algorithm for detecting ransomware within SSD. In this paper, we propose an AdvanSSD-Insider algorithm that substitutes a hash table used for the overwriting check with a bloom filter in the SSD-Insider. Experimental results show that the AdvanSSD-Insider algorithm reduces memory usage by up to 90% and execution time by up to 77% compared to the SSD-Insider algorithm and achieves the same detection accuracy. In addition, the AdvanSSD-Insider algorithm can monitor 10 times longer than the SSD-Insider algorithm in same memory condition. As a result, detection accuracy is increased for some ransomware which was difficult to detect using previous algorithm.