• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.796-798
• /
• 2003

바이러스로 시작된 악성 코드는 웜이라는 형태로 발전하였다. 인터넷 망의 고속화와 확장에 의해 웜의 전파 속도와 감염 범위는 증가하였지만, 아직까지 웜을 차단할 수 있는 획기적인 방법은 개발되지 않았고, 웜에 의한 피해는 갈수록 치명적인 결과를 낳고 있다. 본고에서는 Bloom Filter［1］를 이용한 content filtering 방법을 제안한다. 실험을 통해, 이미 알려진 웜에 대한 Bloom Filter의 성능을 검증하였으며, 알려지지 않은 웜에 대한 Bloom Filter의 적용 방법도 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.5
• /
• pp.1154-1159
• /
• 2013

Now we are facing various threats as side effects against the growth of smartphone markets. Malicious codes such as mobile worms may bring about disclosures of personal information and confusions to upset a national wireless backbone. In this paper, we examine the existed spreading models and try to describe the correct spread of mobile worms on smartphones. We also analyze the spreading effects, and simulate bluetooth, MMS and Wi-Fi worms by various experiments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.510-512
• /
• 2014

Malware Analysis tools are being main topic research for many mobile security companies, in this survey, we are trying to go through the most popular tools used to find out the malicious codes and suspected android programs through reverse engineering process. There are so many malware tools have been made and implemented and some of them are efficient enough and others are quite slow and consuming high processing, however we are going to compare briefly some of them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.165-172
• /
• 2006

There are various threats as side effects against the growth of information technology, and malicious codes such as Internet worms may bring about confusions to upset a national backbone network. In this paper, we examine the existed spreading models and propose a new worm spreading model on Internet environment. We also predict and analyze the spreading effects of high-speed Internet worms. The proposed model leads to a better prediction of the worm spreading since various factors are considered.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.9
• /
• pp.1227-1233
• /
• 2021

QR Code has been used in various forms such as simple business cards and URLs. Recently, the influence of Corona 19 Fundemik has led to the use of QR Codes to track travel routes through visits and entry / exit records, and QR Code usage has skyrocketed. In this way, most people have come to use it in the masses and are constantly under threat. In the case of QR Code, you do not know what you are doing until you execute it. Therefore, if you undoubtedly execute a QR Code with a malicious URL inserted, you will be directly exposed to security threats. Therefore, this paper provides a cloud-based malware QR Code detection system that can make a normal connection only when there is no abnormality after determining whether it is a malicious QR Code when scanning the QR Code.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.97-101
• /
• 2019

If the operating system's core file contains an Intel PT, the debugger can not only check the program state at the time of the crash, but can also reconfigure the control flow that caused the crash. We can also extend the execution trace scope to the entire system to debug kernel panics and other system hangs. The second-generation PT, the WinIPT library, includes an Intel PT driver with additional code to run process and core-specific traces through the IOCTL and registry mechanisms provided by Windows 10 (RS5). In other words, the PT trace information, which was limited access only by the first generation PT, can be executed by process and core by the IOCTL and registry mechanism provided by the operating system in the second generation PT. In this paper, we compare and describe methods for collecting, storing, decoding and detecting malicious codes of data packets in a window environment using 1/2 generation PT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.545-552
• /
• 2012

The rapid development of information technology is making large changes in our lives today. Also the infrastructure and services are combinding with information technology which predicts another huge change in our environment. However, the development of information technology brings various types of side effects and these side effects not only cause financial loss but also can develop into a nationwide crisis. Therefore, the detection and quick reaction towards these side effects is critical and much research is being done. Intrusion detection systems can be an example of such research. However, intrusion detection systems mostly tend to focus on judging whether particular traffic or files are malicious or not. Also it is difficult for intrusion detection systems to detect newly developed malicious codes. Therefore, this paper proposes a method which determines whether the present network model is normal or abnormal by comparing it with past network situations.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.2
• /
• pp.61-68
• /
• 2021

Recently, various technologies that use machine learning to classify malicious code have been studied. In order to enhance the effectiveness of machine learning, it is most important to extract properties to identify malicious codes and normal binaries. In this paper, we propose a feature extraction method for use in machine learning using recursive methods. The proposed method selects the final feature using recursive methods for individual features to maximize the performance of machine learning. In detail, we use the method of extracting the best performing features among individual feature at each stage, and then combining the extracted features. We extract features with the proposed method and apply them to machine learning algorithms such as Decision Tree, SVM, Random Forest, and KNN, to validate that machine learning performance improves as the steps continue.

• Journal of Convergence for Information Technology
• /
• v.12 no.4
• /
• pp.126-132
• /
• 2022

At present, due to the rapid spread of smartphones and activation of IoT, malicious codes are disseminated using SNS, or intelligent intrusions such as intelligent APT and ransomware are in progress. The damage caused by the intelligent intrusion is also becoming more consequential, threatening, and emergent than the previous intrusion. Therefore, in this paper, we propose an intelligent intrusion situation-aware reasoning system to detect transgression behavior made by such intelligent malicious code. The proposed system was used to detect and respond to various intelligent intrusions at an early stage. The anticipated system is composed of an event monitor, event manager, situation manager, response manager, and database, and through close interaction between each component, it identifies the previously recognized intrusive behavior and learns about the new invasive activities. It was detected through the function to improve the performance of the inference device. In addition, it was found that the proposed system detects and responds to intelligent intrusions through the state of detecting ransomware, which is an intelligent intrusion type.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.933-943
• /
• 2022

As the Internet develops and the utilization rate of computers increases, the threats posed by malware keep increasing. This leads to the demand for a system to automatically analyzes a large amount of malware. In this paper, an automatic malware analysis technique using a deep learning algorithm is introduced. Our proposed method uses CNN (Convolutional Neural Network) to analyze the malicious features represented as images. To reflect semantic information of malware for detection, our method uses the opcode frequency data of binary for image generation, rather than using bytes of binary. As a result of the experiments using the datasets consisting of 20,000 samples, it was found that the proposed method can detect malicious codes with 91% accuracy.