• 제목/요약/키워드: Malware Containment

검색결과 2건 처리시간 0.018초

Malware Containment Using Weight based on Incremental PageRank in Dynamic Social Networks

  • Kong, Jong-Hwan;Han, Myung-Mook
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제9권1호
    • /
    • pp.421-433
    • /
    • 2015
  • Recently, there have been fast-growing social network services based on the Internet environment and web technology development, the prevalence of smartphones, etc. Social networks also allow the users to convey the information and news so that they have a great influence on the public opinion formed by social interaction among users as well as the spread of information. On the other hand, these social networks also serve as perfect environments for rampant malware. Malware is rapidly being spread because relationships are formed on trust among the users. In this paper, an effective patch strategy is proposed to deal with malicious worms based on social networks. A graph is formed to analyze the structure of a social network, and subgroups are formed in the graph for the distributed patch strategy. The weighted directions and activities between the nodes are taken into account to select reliable key nodes from the generated subgroups, and the Incremental PageRanking algorithm reflecting dynamic social network features (addition/deletion of users and links) is used for deriving the high influential key nodes. With the patch based on the derived key nodes, the proposed method can prevent worms from spreading over social networks.

Deterlab 환경에서 Earlybird를 이용한 웜 탐지와 Snort 연동을 통한 웜 확산 차단 (Worm Detection and Containment using Earlybird and Snort on Deterlab)

  • 이형윤;황성운;안병구
    • 한국인터넷방송통신학회논문지
    • /
    • 제13권1호
    • /
    • pp.71-76
    • /
    • 2013
  • 웜이란 시스템의 취약점을 탐색하고 취약한 시스템을 공격하여 훼손시키는 독립형 프로그램으로서, 네트워크를 통하여 자신을 복제하고 확산한다. 본 논문에서는 웜 탐지 및 차단 방법을 연구하였다. 먼저 가상 시뮬레이션 테스트베드인 Deterlab 환경에서 Codered II 웜 트래픽을 발생시켰다. 이 트래픽을 Earlybird를 이용하여 의심스러운 부분을 식별한 후, Wireshark를 통해 분석하여 Snort 규칙을 작성하였다. 다음으로 Codered II 웜 트래픽에, 앞에서 작성된 Snort 규칙을 적용함으로써, 생성된 로그 파일의 확인을 통해, 정상적으로 웜 탐지가 이루어짐을 확인할 수 있었다.