• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.353-357
• /
• 2011

U.S. Obama government is submit a motion to consider cyber attacks on State as a war. 7.7DDoS attack in Korea in 2009 and 3.4 DDoS attacks 2011, the country can be considered about cyber attacks. China hackers access a third country, bypassing South Korea IP by hacking the e-commerce sites with fake account, that incident was damaging finance. In this paper, for WiBro service, DDoS attacks, hackers, security incidents and vulnerabilities to the analysis. From hacker's attack, WiBro service's prognostic relevance by analyzing symptoms and attacks, in real time, Divide Red, Orange, Yellow, Green belonging to the risk rating. For hackers to create a blacklist, to defend against attacks in real-time air-conditioning system is the study of security. WiBro networks for incident tracking and detection after the packets through the national incident response should contribute to the development of technology.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.4
• /
• pp.405-414
• /
• 2010

According to the statistics of SecurityFocus in 2008, client-side attacks through the Microsoft Internet Explorer have increased by more than 50%. In this paper, we have implemented a behavior-based malicious web page detection system and a blacklist-based malicious web page filtering system. To do this, we first efficiently collected the target URLs by constructing a crawling system. The malicious URL detection system, run on a specific server, visits and renders actively the collected web pages under virtual machine environment. To detect whether each web page is malicious or not, the system state changes of the virtual machine are checked after rendering the page. If abnormal state changes are detected, we conclude the rendered web page is malicious, and insert it into the blacklist of malicious web pages. The malicious URL filtering system, run on the web client machine, filters malicious web pages based on the blacklist when a user visits web sites. We have enhanced system performance by automatically handling message boxes at the time of ULR analysis on the detection system. Experimental results show that the game sites contain up to three times more malicious pages than the other sites, and many attacks incur a file creation and a registry key modification.

• Journal of IKEEE
• /
• v.26 no.3
• /
• pp.380-388
• /
• 2022

The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1513-1526
• /
• 2016

Since finance companies started e-banking services, those services have been diversified and use of them has continued to increase. Finance companies are implementing financial security policy for safe e-banking services, but e-Banking incidents are continuing to increase and becoming more intelligent. Along with the rise of internet banks and boosting Fintech industry, financial supervisory institutes are not only promoting user convenience through improving e-banking regulations such as enforcing Non-face-to-face real name verification policy and abrogating mandatory use of public key certificate or OTP(One time Password) for e-banking transactions, but also recommending the prevention of illegal money transfer incidents through upgrading FDS(Fraud Detection System). In this study, we assessed a blacklist based auto detection method suitable for overall situations for finance company, a real-time based suspicious transaction detection method linking with blacklist statistics model by each security level, and an alternative FDS model responding to typical transaction patterns of which information were collected from previous e-Banking incidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.285-288
• /
• 2010

Chinese hackers hack the e-commerce site by bypass South Korea IP to connect to the third country, finance damaging a violation incident that fake account. 7.7.DDoS attack was the case of a hacker attack that paralyzed the country's main site. In this paper, the analysis is about vulnerabilities that breaches by hackers and DDoS attacks. Hacker's attacks and attacks on the sign of correlation analysis is share the risk rating for in real time, Red, Orange, Yellow, Green. Create a blacklist of hackers and real-time attack will be studied security and air conditioning systems that attacks and defend. By studying generate forensic data and confirmed in court as evidence of accountability through IP traceback and detection about packet after Incident, contribute to the national incident response and development of forensic techniques.

• The Korean Journal of Air & Space Law and Policy
• /
• v.27 no.2
• /
• pp.193-209
• /
• 2012

China's airline industry is experiencing a booming development as one hand, on the other hand the incidents involving unruly behaviour on board aircraft also becomes a growing concern for the whole industry. The thesis examines the basic issues concerning the unruly behaviour, such as definition of unruly behaviour, the impact and root causes of unruly behaviour. Then it focuses on the China's legal sources governing the problem of unruly behaviour. Generally speaking, China's legislation with this respect is systematic and self-contained, except some minor shortcomings which need to be revised. Finally the thesis holds the view that the preventative measures jointly contributed by all the parties concerned are something more important than the legislation itself.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.10
• /
• pp.732-742
• /
• 2016

This study suggests methods of defense against low-level high-bandwidth DDoS attacks by adding a solution with a time limit factor (TLF) to an existing high-bandwidth DDoS defense system. Low-level DDoS attacks cause faults to the service requests of normal users by acting as a normal service connection and continuously positioning the connected session. Considering this, the proposed method makes it possible for users to show a down-related session by considering it as a low-level DDoS attack if the abnormal flow is detected after checking the amount of traffic. However, the service might be blocked when misjudging a low-level DDoS attack in the case of a communication fault resulting from a network fault, even with a normal connection status. Thus, we made it possible to reaccess the related information through a certain period of blocking instead of a drop through blacklist. In a test of the system, it was unable to block the session because it recognized sessions that are simply connected with a low-level DDoS attack as a normal communication.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.156-159
• /
• 2019

The damage from voice phishing reaches one trillion won in the past 5 years following report of Business Korea on August 28, 2018. Voice phishing and mobile phone scams are recognized as a top concern not only in Korea but also in over the world in recent years. In this paper, we propose an efficient system to identify the caller and alert or prevent of dangerous to users. Our system includes a mobile application and web server using client and server architecture. The main purpose of this system is to automatically display the information of unidentified callers when a user receives a call or message. A mobile application installs on a mobile phone to automatically get the caller phone number and send it to the server through web services to verify. The web server applies a machine learning to a global phone book with Blacklist and Whitelist to verify the phone number getting from the mobile application and returns the result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.537-544
• /
• 2012

With wireless network infrastructure, the number of smart-phone users is remarkably increasing in the world and the amounts of damage due to the smart-phone malwares are also raised. Many security solutions for wireless network have come into the market but these solutions are for companies or large enterprises, therefore, the public users of smart-phone don't feel easy to select as their solutions and it is difficult to detect unknown malwares. In this paper, we propose the mobile security diagnostic system for public smart-phone users, which provides functions like smart-phone system check, comparison with blacklist of applications and collecting malwares.