• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.835-846
• /
• 2020

BEC (Business Email Compromise) attacks are frequently occurring by impersonating accounts or management through e-mail and stealing money or sensitive information. This type of attack accounts for the largest portion of the recent trade fraud, and the FBI estimates that the estimated amount of damage in 2019 is about $17 billion. However, if you look at the response status of the companies compared to this, it relies on the traditional SPAM blocking system, so it is virtually defenseless against the BEC attacks that social engineering predominates. To this end, we will analyze the types and methods of BEC accidents and propose ways to effectively counter BEC attacks by companies through AI(Artificial Intelligence).

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.97-108
• /
• 2012

In this study, we analysis the distributing malware using email on the korean defense service and defense industry as the social engineering attack. E-mail attack distributes the document files with the malware. Using the malware, attacker get the Information of the targeted people and devices. we proposed expected new types of attacks by analysis and transformation. And, expect the new email attack agendas which will be tried.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.277-283
• /
• 2022

Email phishing has become very prevalent especially now that most of our dealings have become technical. The victim receives a message that looks as if it was sent from a known party and the attack is carried out through a fake cookie that includes a phishing program or through links connected to fake websites, in both cases the goal is to install malicious software on the user's device or direct him to a fake website. Today it is difficult to deploy robust cybersecurity solutions without relying heavily on machine learning algorithms. This research seeks to detect phishing emails using high-accuracy machine learning techniques. using the WEKA tool with data preprocessing we create a proposed methodology to detect emails phishing. outperformed random forest algorithm on Naïve Bayes algorithms by accuracy of 99.03 %.

• Journal of Korea Multimedia Society
• /
• v.13 no.5
• /
• pp.754-762
• /
• 2010

Nowadays, email-based targeted attacks using malcode-bearing documents have been steadily increased. To improve the success rate of the attack and avoid anti-viruses, attackers mainly employ zero-day exploits and relevant social engineering techniques. In this paper, we propose an architecture of the email vaccine cloud system to prevent targeted attacks using malcode-bearing documents. The system extracts attached document files from email messages, performs behavior analysis as well as signature-based detection in the virtual machine environment, and completely removes malicious documents from the messages. In the process of behavior analysis, the documents are regarded as malicious ones in cases of creating executable files, launching new processes, accessing critical registry entries, connecting to the Internet. The email vaccine cloud system will help prevent various cyber terrors such as information leakages by preventing email based targeted attacks.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.12
• /
• pp.2753-2762
• /
• 2013

Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.1
• /
• pp.90-99
• /
• 2003

Java applets are downloaded from web server through internet and executed in Java Virtual Machine of clients' browser. Before execution of java applets, JVM checks bytecode program with bytecode verifier and performs runtime tests with interpreter. However, these tests will not protect against undesirable runtime behavior of java applets, such as denial of service attack, email forging attack, URL spoofing attack, and annoying sound attack. In order to protect malicious applets, a technique used in this paper is java bytecode modification. This technique is used to restrict applet behavior or insert code appropriate to profiling or other monitoring efforts. Java byte modification is divided into two general forms, class-level modification involving subclassing non-final classes and method-level modification used when control over objects from final classes or interface. This paper showed that malicious applets are controlled by java bytecode modification using proxy server. This implementation does not require any changes in the web sever, JVM or web browser.