• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권12호
• /
• pp.4909-4926
• /
• 2020

Cyberattacks penetrate the server and perform various malicious acts such as stealing confidential information, destroying systems, and exposing personal information. To achieve this, attackers perform various malicious actions by infecting endpoints and accessing the internal network. However, the current countermeasures are only anti-viruses that operate in a signature or pattern manner, allowing initial unknown attacks. Endpoint Detection and Response (EDR) technology is focused on providing visibility, and strong countermeasures are lacking. If you fail to respond to the initial attack, it is difficult to respond additionally because malicious behavior like Advanced Persistent Threat (APT) attack does not occur immediately, but occurs over a long period of time. In this paper, we propose a technique that detects an unknown attack using an event log without prior knowledge, although the initial response failed with anti-virus. The proposed technology uses a combination of AutoEncoder and 1D CNN (1-Dimention Convolutional Neural Network) based on semi-supervised learning. The experiment trained a dataset collected over a month in a real-world commercial endpoint environment, and tested the data collected over the next month. As a result of the experiment, 37 unknown attacks were detected in the event log collected for one month in the actual commercial endpoint environment, and 26 of them were verified as malicious through VirusTotal (VT). In the future, it is expected that the proposed model will be applied to EDR technology to form a secure endpoint environment and reduce time and labor costs to effectively detect unknown attacks.

• 정보보호학회논문지
• /
• 제24권1호
• /
• pp.107-122
• /
• 2014

DDoS 공격과 APT 공격은 좀비 컴퓨터들로 정해진 시간에 동시에 공격을 가하여 사회적 혼란을 유발하였다. 이러한 공격에는 공격자의 명령을 수행하는 많은 좀비 컴퓨터들이 필요하며 좀비 컴퓨터에는 안티바이러스 제품의 탐지를 우회하는 알려지지 않은 악성코드가 실행되어야한다. 그동안 시그니처로 탐지하던 안티바이러스 제품을 벗어나 알려지지 않은 악성코드 탐지에 많은 방법들이 제안되어 왔다. 본 논문은 디지털 포렌식 기법을 활용하여 알려지지 않은 악성코드 탐지 방법을 제시하고 정상 파일과 악성코드의 다양한 샘플들을 대상으로 수행한 실험 결과에 대하여 기술한다.

• 한국통신학회논문지
• /
• 제28권5B호
• /
• pp.381-387
• /
• 2003

정보통신 및 네트워크의 급격한 발전으로 인하여 정보보호분야의 중요성은 매우 증가하였다. 또한 사용자에 의한 서비스 수요가 증가하면서 개인정보보호에 대한 관심이 많아졌다. 해커와 크래커로부터 안전한 시스템의 유지를 위해서는 미상신호에 대한 특징을 파악하는 것이 매우 중요하다. 미상신호에 대한 검출대상은 바이러스, 내부침입 및 외부침입등이 있다. 기존 미상신호 검출방법은 바이러스와 내/외부 침입에 대하여 별개로 존재하기 때문에 시스템의 효율이 매우 낮으며 유지비용도 매우 높다. 그러므로 본 논문에서는 바이러스, 내/외부 침입에 대하여 하나의 시스템 내부에서 미상신호 검출이 가능하도록 하는 통합 IDS 시스템을 제안하였다. 제안된 통합 IDS는 독립적으로 존재하는 미상신호들을 하나의 시스템에 통합하여 관리함으로써 시스템 효율 및 비용을 현실화시키고자 하였다. 제안된 시스템의 설계는 Synopsys Ver. 1999.10과 VHDL을 이용하였다. 제안된 통합 IDS는 업데이트 데이터 정보에 대하여 순차적으로 비교동작을 수행하기 때문에 시스템 자원의 활용을 극대화할 것으로 사료된다.

• The Plant Pathology Journal
• /
• 제33권3호
• /
• pp.213-228
• /
• 2017

Plasmodesmata (PDs) are specialized intercellular channels that facilitate the exchange of various molecules, including sugars, ribonucleoprotein complexes, transcription factors, and mRNA. Their diameters, estimated to be 2.5 nm in the neck region, are too small to transfer viruses or viral genomes. Tobacco mosaic virus and Potexviruses are the most extensively studied viruses. In viruses, the movement protein (MP) is responsible for the PD gating that allows the intercellular movement of viral genomes. Various host factors interact with MP to regulate complicated mechanisms related to PD gating. Virus replication and assembly occur in viral replication complex (VRC) with membrane association, especially in the endoplasmic reticulum. VRC have a highly organized structure and are highly regulated by interactions among the various host factors, proteins encoded by the viral genome, and the viral genome. Virus trafficking requires host machineries, such as the cytoskeleton and the secretory systems. MP facilitates the virus replication and movement process. Despite the current level of understanding of virus movement, there are still many unknown and complex interactions between virus replication and virus movement. While numerous studies have been conducted to understand plant viruses with regards to cell-to-cell movement and replication, there are still many knowledge gaps. To study these interactions, adequate research tools must be used such as molecular, and biochemical techniques. Without such tools, virologists will not be able to gain an accurate or detailed understanding of the virus infection process.

• 한국정보과학회논문지:정보통신
• /
• 제29권6호
• /
• pp.663-673
• /
• 2002

서버 수준의 안티바이러스는 특정 도메인 내에 진입하는 악성코드를 진입점에서 감지하므로 모든 클라이언트를 완벽하게 통제하기 어려운 실제 상황에서 전자우편 서버 등에 유용하게 사용된다. 그러나, 알려지지 않은 악성 코드에 감지에 유용한 행위 감시 기법은 서버에 적용이 어려우므로, 현재의 서버용 안티바이러스들은 이미 알려진 악성 코드에 대한 시그너쳐 기반의 감지, 단순한 필터링 그리고 파일명 변경과 같은 기능만을 수행한다. 본 논문에서는 서버에서의 실행만으로 별도의 안티바이러스가 탑재되지 않은 클라이언트에서도 지속적인 행위 감시가 가능하도록 하는 악성 스크립트 감지 기법을 제안하고 그 구현에 관해 기술한다.

• 한국식물병리학회:학술대회논문집
• /
• 한국식물병리학회 1997년도 Proceedings of special lectures on Recent Research Trend of Plant Pathology
• /
• pp.5-21
• /
• 1997

Unique virus-like particles were associated with five eriophyid mite-borne plant diseases of unknown etiology; fig mosaic, redbud yellow ringspot, rose orsette, thistle mosaic, and high plains disease of corn and wheat. Quasi-spherical, double membrane-bound particles (DMPs), 120 - 200 nm in diameter, were observed in the cytoplasm of all cell types in symptomatic leaves of infected plants. No DMPs were observed in symptomless plants. The DMPs in symptomatic thistles were associated with two types of inclusions, electron-dense amorphous material and tubular aggregates. Similar amorphous inclusions were also found in corn and wheat with high plains disease, while tubular inclusions were observed in figs with mosaic symptoms. The particles and inclusions were similar in some aspects to immature particles associated with viroplasms of animal and insect poxviruses and also to the double-enveloped particles of tomato spotted wilt virus associated with viroplasms during early stages of infection, but were unique and unlike any known plant viruses. The DMPs and associated viroplasm-like inclusions in the high plains disease were specifically immunogold labeled in situ with the disease-specific antiserum. Thread-like structures, similar to tenuivirus particles, present in the partially purified virus preparations were also immunogold labeled with the antiserum. It is suggested that the thread-like structures are derived from the DMP. In many cells of symptomatic corn and wheat samples, DMPs occurred together with flexuous rod-shaped particles and cylindrical inclusions of wheat streak mosaic potyvirus (WSMV), suggesting that the disease is caused by a mixed infection of WSMV and the agent represented by the DMPs. Based on cytopathology, symptomatology and mite and/or graft-transmissibility, the five diseases described in this paper are potentially caused by virus(es) and the DMPs associated with these diseases may represent virus particles. If the DMPs are indeed viral in nature, they would comprise a new group of plant viruses.

• BMB Reports
• /
• 제37권6호
• /
• pp.726-734
• /
• 2004

White spot disease (WSD) is caused by the white spot syndrome virus (WSSV), which results in devastating losses to the shrimp farming industry around the world. However, the mechanism of virus entry and spread into the shrimp cells is unknown. A binding assay in vitro demonstrated VP28-EGFP (envelope protein VP28 fused with enhanced green fluorescence protein) binding to shrimp cells. This provides direct evidence that VP28-EGFP can bind to shrimp cells at pH 6.0 within 0.5 h. However, the protein was observed to enter the cytoplasm 3 h post-adsorption. Meanwhile, the plaque inhibition test showed that the polyclonal antibody against VP28 (a major envelope protein of WSSV) could neutralize the WSSV and block an infection with the virus. The result of competition ELISA further confirmed that the envelope protein VP28 could compete with WSSV to bind to shrimp cells. Overall, VP28 of the WSSV can bind to shrimp cells as an attachment protein, and can help the virus enter the cytoplasm.

• 한국임상수의학회지
• /
• 제30권4호
• /
• pp.236-240
• /
• 2013

A total of 170 litters (575 samples) of aborted and stillbirth fetuses submitted to the Gyeongsangbuk-Do Veterinary Service Laboratory (GVSL) between January 2006 and December 2010 from pig farms in Gyeongbuk province were studied to identify porcine abortion- and stillbirth-associated viruses such as Porcine parvovirus (PPV), Encephalomyocarditis Virus (EMCV), Japanese Encephalitis Virus (JEV), Porcine Reproductive and Respiratory Syndrome Virus (PRRSV), and Aujeszky's Disease Virus (ADV). Virus was not detected by PCR in 36 litters, but viral antibody was detected by HI and ELISA in 93 litters. The majority of etiological viruses were PPV (67 litters, 39.4%), EMCV (50 litters, 29.4%), PRRSV (15 litters, 8.8%), and JEV (11 litters, 6.5%); ADV was not detected by either PCR or ELISA. Single infection occurred in 52 litters (30.6%), co-infection occurred in 41 litters (24.1%), and unknown cases with no detection of any of the five viruses occurred in 77 litters (45.3%).

• 정보처리학회논문지B
• /
• 제14B권1호
• /
• pp.59-64
• /
• 2007

중요한 정보를 저장하고 있는 컴퓨터를 위협하는 바이러스는 점점 현실적인 문제로 대두되고 있다. 이를 위하여 바이러스 침입 발견을 위한 소프트웨어 기술 또한 계속 발전되고 있으나, 현재까지의 표준 기술은 알려진 바이러스의 시그내쳐 패턴을 저장하여 이를 매치 검색하면서 바이러스를 찾아내는 방식을 채택하고 있다. 이는 알려진 바이러스에 대해서는 효과적이지만 새로운 바이러스를 찾아내지 못하고 손실을 당한 후 에야 찾을 수 있는 단점을 가지고 있다. 이를 위하여 바이러스 정보 구축과 탐색에 학습기능을 도입함으로 새로 발생하는 바이러스를 찾아내어 대처할 수 있는 방법이 필요하다. 본 논문에서는 컴퓨터 바이러스를 위한 퍼지 진단 시스템 FDS를 제안한다. FDS에서는 FCM 알고리즘을 사용하여 알려진 정보의 클러스터를 형성하고 대표정보를 추출하고 여기에 전문가의 지식을 포함하는 지식베이스를 구축한다. 진단을 위한 컴퓨터 파일에 대하여 그 파일의 결정 상태를 확인하고 이미 저장된 지식베이스를 바탕으로 바이러스 침입에 대한 정보를 보고하도록 설계되어있다. 이 시스템은 이미 알려진 테스트 데이터와 이전에 알려지지 않은 새로운 테스트 데이터를 실험데이터로 준비하여 널리 알려진 분류 알고리즘-KNN, RF, SVM-과 함께 성능을 비교하였다. 제안된 시스템이 알려지지 않은 컴퓨터 바이러스를 효과적으로 진단할 수 있는 타당성을 보이고 있다.

• Journal of Microbiology and Biotechnology
• /
• 제29권11호
• /
• pp.1852-1859
• /
• 2019

Chikungunya virus (CHIKV) is a single-stranded positive-sense RNA virus, belonging to the genus Alphavirus of the Togaviridae family. It causes multiple symptoms, including headache, fever, severe joint and muscle pain, and arthralgia. Since CHIKV was first isolated in Tanzania in 1952, there have been multiple outbreaks of chikungunya fever. However, its pathogenesis and mechanisms of viral immune evasion have been poorly understood. In addition, the exact roles of individual CHIKV genes on the host innate immune response remain largely unknown. To investigate if CHIKV-encoded genes modulate the type I interferon (IFN) response, each and every CHIKV gene was screened for its effects on the induction of the IFN-β promoter. Here we report that CHIKV nsP2, E2 and E1 strongly suppressed activation of the IFN-β promoter induced by the MDA5/RIG-I receptor signaling pathway, suggesting that nsP2, E2, and E1 are the major antagonists against induction of IFN-β. Delineation of underlying mechanisms of CHIKV-mediated inhibition of the IFN-β pathway may help develop virus-specific therapeutics and vaccines.