• Title/Summary/Keyword: White-List

Search Result 63, Processing Time 0.023 seconds

HAS-Analyzer: Detecting HTTP-based C&C based on the Analysis of HTTP Activity Sets

  • Kim, Sung-Jin;Lee, Sungryoul;Bae, Byungchul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.5
    • /
    • pp.1801-1816
    • /
    • 2014
  • Because HTTP-related ports are allowed through firewalls, they are an obvious point for launching cyber attacks. In particular, malware uses HTTP protocols to communicate with their master servers. We call this an HTTP-based command and control (C&C) server. Most previous studies concentrated on the behavioral pattern of C&Cs. However, these approaches need a well-defined white list to reduce the false positive rate because there are many benign applications, such as automatic update checks and web refreshes, that have a periodic access pattern. In this paper, we focus on finding new discriminative features of HTTP-based C&Cs by analyzing HTTP activity sets. First, a C&C shows a few connections at a time (low density). Second, the content of a request or a response is changed frequently among consecutive C&Cs (high content variability). Based on these two features, we propose a novel C&C analysis mechanism that detects the HTTP-based C&C. The HAS-Analyzer can classify the HTTP-based C&C with an accuracy of more than 96% and a false positive rate of 1.3% without using any white list.

Association between Global Cortical Atrophy, Medial Temporal Atrophy, White Matter Hyperintensities and Cognitive Functions in Korean Alzheimer's Disease Patients (알츠하이머병 환자의 전반적 피질 위축, 내측두엽 위축, 백질 고강도 신호와 인지기능의 연관성)

  • Choi, Leen;Joo, Soo-Hyun;Lee, Chang-Uk;Paik, In-Ho
    • Korean Journal of Biological Psychiatry
    • /
    • v.22 no.3
    • /
    • pp.140-148
    • /
    • 2015
  • Objectives The aim of this study is to investigate the correlation between degenerative changes in brain [i.e., global cortical atrophy (GCA), medial temporal atrophy (MTA), white matter hyperintensities (WMH)] and neurocognitive dysfunction in Korean patients with Alzheimer's disease. Methods A total of 62 elderly subjects diagnosed with Alzheimer's disease were included in this study. The degenerative changes in brain MRI were rated with standardized visual rating scales (GCA or global cortical atrophy, MTA or medial temporal atrophy, and Fazekas scales) and the subjects were divided into two groups according to the degree of degeneration for each scale. Cognitive function was evaluated with Korean version of the Consortium to Establish a Registry for Alzheimer's Disease (CERAD-K) and several clinical features, including apolipoprotein E ${\varepsilon}4$ status, lipid profile and thyroid hormones, were also examined. Chi-square test and Fisher's exact test were performed to analyze the relationship between the degree of cerebral degeneration and neurocognitive functions. Results Demographic and clinical features, except for the age, did not show any significant difference between the two groups divided according to the degree of cerebral degenerative changes. However, higher degree of GCA was shown to be associated with poorer performance in verbal fluency test, word list recall test, and word list recognition test. Higher degree of MTA was shown to be associated with poorer performance in Mini-Mental State Examination in the Korean Version of CERAD Assessment Packet (MMSE-KC), word list recognition test and construction praxis recall test. Higher degree of white matter hyperintensities was shown to be associated with poorer performance in MMSE-KC. Conclusions Our results suggest that severe brain degeneration shown in MRI is associated with significantly poorer performance in neurocognitive tests in patients with Alzheimer's disease. Moreover, the degree of GCA, MTA and white matter hyperintensities, represented by scores from different visual rating scales, seems to affect certain neurocognitive domains each, which would provide useful information in clinical settings.

Evaluation of Historic Breeding Habitats with a View to the Potential for Reintroduction of the Oriental White Stork (Ciconia boyciana) and Crested Ibis (Nipponia nippon) in Korea

  • Park, Shi-Ryong;Kim, Su-Kyung;Sung, Ha-Cheol;Choi, Yu-Sung;Cheong, Seok-Wan
    • Animal Systematics, Evolution and Diversity
    • /
    • v.26 no.3
    • /
    • pp.191-196
    • /
    • 2010
  • The Oriental White Stork (Ciconia boyciana) and the Crested Ibis (Nipponia nippon) are wetland species listed as "Endangered" on the IUCN Red List of Threatened Species. The two species were once common on the Korean peninsula, but have experienced a severe population reduction in the past decades. Currently, they are officially extinct in Korea. At present, reintroduction programs to release the birds to the wild are in progress in Korea as well as in Japan. In this study, we surveyed the historic breeding sites of the two species using the literature and face-to-face interviews with local people as a step toward determining appropriate breeding habitats for reintroduction. We found 26 historic breeding sites for the Oriental White Stork in Chungcheong-do and Gyeonggi-do, but did not find any breeding sites for the Crested Ibis. These findings suggest that the Oriental White Stork was resident, while the Crested Ibis was a winter visitor to Korea. Based on these results, we discuss the possibilities for successful reintroduction of the two species in Korea.

Comparison of Anatomical Characteristics of White Jabon and Red Jabon Grown in Indonesia (인도네시아산 White Jabon과 Red Jabon의 해부학적 특성 비교)

  • Kim, Jong-Ho;Jang, Jae-Hyuk;Ryu, Jae-Yun;Hwang, Won-Joung;Febrianto, Fauzi;Kim, Nam-Hun
    • Journal of the Korean Wood Science and Technology
    • /
    • v.41 no.4
    • /
    • pp.327-336
    • /
    • 2013
  • Anatomical characteristics of White Jabon (Arthocephalus cadamba) and Red Jabon (Arthocephalus macrophyllus) were investigated by IAWA hardwood feature list. Both species were diffuse-porous, and radial multiple pore with 2~3 rows was mostly observed. Tangential diameter of vessel lumina was 100 to $200{\mu}m$, and vessels per square millimeter were 5 to 20. White Jabon has more vessels than Red Jabon. The number of solitary pore per square millimeter in both species was similar, but more pore multiple was observed in White Jabon. Axial parenchyma diffuse was observed in both species, but axial parenchyma of White Jabon was hardly identified on the cross section. Rays were classified into "body ray cells procumbent with over 4 rows of upright/square marginal cells" type and partly "all ray cells upright and/or square" type on radial section. Ray width 1 to 3 cells and 1 to 2 cells observed in White Jabon and Red Jabon, respectively. Ray height of White Jabon was $420{\mu}m$ and Red Jabon $474{\mu}m$. Fiber length was the range of 900 to $1,600{\mu}m$ in both species, and it showed a tendency to increase from pith to bark. Consequently, it is considered that pore multiple, ray width and axial parenchyma are to be suggested the keys for identification of both species.

Risk Assessment Tools for Invasive Alien Species in Japan and Europe (일본과 유럽의 침입외래생물 생태계위해성평가 기법)

  • Kil, Jihyon;Mun, Saeromi;Kim, Chang-Gi
    • Ecology and Resilient Infrastructure
    • /
    • v.2 no.3
    • /
    • pp.191-197
    • /
    • 2015
  • Invasive alien species are considered to be one of the main factors that cause biodiversity loss. Establishment of management strategies through continuous monitoring and risk assessment is a key element for invasive alien species management policy. In the present study, we introduce examples of ecological risk assessment tools developed in Japan, Germany-Austria and Belgium. Invasive alien species have been designated in Japan based on the assessment of risks to ecosystems, human health and primary industry. German-Austrian Black List Information System categorized alien species into Black List, White List and Grey List according to their risks to biodiversity. In the Harmonia Information System developed in Belgium, invasiveness, adverse impacts on native species and ecosystem functions and invasion stages were assessed and alien species were categorized into Black List, Watch List and Alert List. These international risk assessment tools may be helpful to improve our national risk assessment protocol for the prioritization of invasive alien species management.

Study to detect and block leakage of personal information : Android-platform environment (개인정보 유출 탐지 및 차단에 관한 연구 : 안드로이드 플랫폼 환경)

  • Choi, Youngseok;Kim, Sunghoon;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.4
    • /
    • pp.757-766
    • /
    • 2013
  • The Malicious code that targets Android is growing dramatically as the number of Android users are increasing. Most of the malicious code have an intention of leaking personal information. Recently in Korea, a malicious code 'chest' has appeared and generated monetary damages by using malicious code to leak personal information and try to make small purchases. A variety of techniques to detect personal information leaks have been proposed on Android platform. However, the existing techniques are hard to apply to the user's smart-phone due to the characteristics of Android security model. This paper proposed a technique that detects and blocks file approaches and internet connections that are not allowed access to personal information by using the system call hooking in the kernel and white-list based approach policy. In addition, this paper proved the possibility of a real application on smart-phone through the implementation.

A Study of Information Leakage Prevention through Certified Authentication in Phishing, Vishing, SMiShing Attacks (Phishing, Vishing, SMiShing 공격에서 공인인증을 통한 정보침해 방지 연구)

  • Park, Dea-Woo;Seo, Jeong-Man
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.2 s.46
    • /
    • pp.171-180
    • /
    • 2007
  • The financial crime that used morale anger Phishing, Pharming, Vishing, SMiSing etc. will gain during recent cyber crimes. We are study systematically whether or not leakage of information and infringement can how easily occur to Phishing, Vishing, SMiSing using a social engineering technique and VoIP at these papers through experiment. A hacker makes Phishing, Vishing site, and test an information infringement process of a user through PiSing mail and a virus, a nasty code, Vishing, a SMiSing character, disarmament of Keylogger prevention S/W etc. as establish server. Information by Phishing, Vishing, SMiSing is infringed with leakage in the experiment results, and confirm, and test certified certificate and White List and a certified authentication mark, plug-in program installation etc. to prevention, and security becomes, and demonstrate. Technical experiment and prevention regarding Phishing of this paper and Vishing attack reduce the damage of information infringement, and be education for Ubiquitous information security will contribute in technical development.

  • PDF

Detecting Malicious Scripts in Web Contents through Remote Code Verification (원격코드검증을 통한 웹컨텐츠의 악성스크립트 탐지)

  • Choi, Jae-Yeong;Kim, Sung-Ki;Lee, Hyuk-Jun;Min, Byoung-Joon
    • The KIPS Transactions:PartC
    • /
    • v.19C no.1
    • /
    • pp.47-54
    • /
    • 2012
  • Sharing cross-site resources has been adopted by many recent websites in the forms of service-mashup and social network services. In this change, exploitation of the new vulnerabilities increases, which includes inserting malicious codes into the interaction points between clients and services instead of attacking the websites directly. In this paper, we present a system model to identify malicious script codes in the web contents by means of a remote verification while the web contents downloaded from multiple trusted origins are executed in a client's browser space. Our system classifies verification items according to the origin of request based on the information on the service code implementation and stores the verification results into three databases composed of white, gray, and black lists. Through the experimental evaluations, we have confirmed that our system provides clients with increased security by effectively detecting malicious scripts in the mashup web environment.

THE NEW ECLIPSING POST COMMON-ENVELOPE BINARY SDSS J074548.63+263123.4

  • HEMHA, NIWAT;SANGUANSAK, NUANWAN;IRAWATI, PUJI;DHILLON, VIK;MARSH, TOM R.
    • Publications of The Korean Astronomical Society
    • /
    • v.30 no.2
    • /
    • pp.201-204
    • /
    • 2015
  • The common-envelope process is a complicated phase in binary evolution. A lot of effort has been dedicated to study the common-envelope stage, but many questions related to this process are yet to be answered. If one member of the binary survives the common-envelope phase, the binary will emerge as a white dwarf accompanied by a low-mass main sequence star in close orbit, often referred as a post common-envelope binary (PCEB). SDSS J0745+2631 is among the list of newly found PCEBs from the Sloan Digital Sky Survey (SDSS). This star is proposed to be a strong eclipsing system candidate due to the ellipsoidal modulation in its light curve. In this work, we aim to confirm the eclipsing nature of SDSS J0745+2631 and to determine the stellar and orbital parameters using the software Binary Maker 3.0 (BM3.0). We detected the primary eclipse in the light curve of SDSS J0745+2631 in our follow-up observation from January 2014 using the ULTRASPEC instrument at the Thai National Observatory. The data obtained on 7th and 8th January 2014 in g filter show an evident drop in brightness during the eclipse of the white dwarf, but this eclipse is less prominent in the data taken on the next night using a clear filter. According to our preliminary model, we find that SDSS J0745+2631 hosts a rather hot white dwarf with an effective temperature of 11500K. The companion star is a red dwarf star with a temperature of 3800K and radius of 0.3100 $R_{\odot}$. The red dwarf star almost fills its Roche lobe, causing a large ellipsoidal modulation. The mass ratio of the binary given by the Binary Maker 3.0 (BM3.0) model is M2/M1 = 0.33.

A Method to Collect Trusted Processes for Application Whitelisting in macOS (macOS 운영체제에서 화이트리스트 구축을 위한 신뢰 프로세스 수집 연구)

  • Youn, Jung-moo;Ryu, Jae-cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.397-405
    • /
    • 2018
  • Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.