Journal of KIISE:Computing Practices and Letters (한국정보과학회논문지:컴퓨팅의 실제 및 레터)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Software Montage: Filtering of Detecting Target of Similar Software for Digital Forensic Investigation

소프트웨어 몽타주: 디지털 포렌식 수사를 위한 유사 소프트웨어 탐지 대상의 필터링

  • Received : 2009.12.14
  • Accepted : 2010.02.10
  • Published : 2010.04.15
Download PDF
⟨ Previous Next ⟩

Abstract

A software montage means information that can be extracted quickly from software and includes inherent characteristics. If a montage is made from well-known programs, we can filter candidates of similar programs among the group of programs based on the montage. In this paper, we suggest software montages based on two characteristics: API calls and strings. To evaluate the proposed montages, we performed experiments to filter candidates of some similar programs to instant messenger programs. From the experiments, we confirmed that the proposed montages can be used as a forensic tool that filters a group of similar programs even when their functions are not known in advance.

소프트웨어 몽타주란 소프트웨어로부터 빠르게 추출 가능하고 내재된 특성을 함축하고 있는 정보를 의미한다. 잘 알려진 프로그램으로부터 몽타주를 작성하면 몽타주를 기반으로 유사 프로그램 탐지 대상을 필터링할 수 있다. 본 논문에서는 API 호출과 문자열 기반의 소프트웨어 몽타주를 제안한다. 제안된 몽타주를 평가하기 위해서 인스턴트 메신저 프로그램에 대한 유사 프로그램 탐지 대상의 필터링 실험을 하였다. 이 실험으로부터 제안된 몽타주가 잘 알려지지 않은 프로그램 탐지 대상을 필터링하는 포렌식 도구로 활용될 수 있다는 것을 확인하였다.

Keywords

References

  1. K. Lim, J. Park, S. Lee, "Trends and challenges of current digital forensics," Journal of Sec. Eng., vol.5, no.4, pp.47-59, Nov. 2008. (in Korean)
  2. EnCase, "Complete data collection solution," http://www.guidancesoftware.com.
  3. messenger analysis in digital forensic viewpoint," Proc. of the Info. Sec. & Crypt, vol.18, no.1, pp.450-453, 2008. (in Korean)
  4. K. Kim, S. Park, "Trends of current software reference data set," Journal of Korea Inst. of Info. Sec. & Crypt., vol.18, no.1, pp.70-77, Feb. 2008. (in Korean)
  5. NSRL, "National Software Reference Library," http://www.nsrl.nist.gov.
  6. K. Seo, K. Lim, S. Lee, "Detecting similar files for digital forensic investigation," Journal of Sec. Eng., vol.7, no.2, pp.182-190, Apr. 2009.(in Korean)
  7. MOSS, "A System for Detecting Software Plagiarism," http://theory.stanford.edu/~aiken/moss/.
  8. H. Tamada, M. Nakamura, A. Monden, K. Matsumoto, "Java birthmark -detecting the software theft-," IEICE Trans. on Info. & Syst, vol.E88-D, no.9, pp.2148-2158. Sept. 2005. https://doi.org/10.1093/ietisy/e88-d.9.2148
  9. W. Cho, H. Park, T. Han, "Fast and automatic classification of software," Proc. of the KIISE, vol.35, no.2, pp.59-60, Oct. 2008. (in Korean)
  10. C. Choi, S. Lee, "Computing Similarity between Montages and Facial Photos," Proc. of the KIISE, vol.33, no.2, pp.453-458, Oct. 2006. (in Korean)
  11. Nateon Messenger, http://nateon.nate.com.
  12. MSN Live Messenger, http://download.live.com.
  13. BuddyBuddy, http://messenger.buddybuddy.co.kr.
  14. Yahoo Messenger, http://messenger.yahoo.com.
  15. Google Talk, http://www.google.com/talk.
  16. Daum Messenger, http://messenger.daum.net.
  17. Sayclub Messenger, http://tachy.sayclub.com.
  18. Dreamwiz, http://www.dreamwiz.com/mgn.
  19. Misslee Messenger, http://www.misslee.net.
  20. ICQ Messenger, http://www.icq.com.
  21. AOL Messenger, http://www.aim.com.
  22. Skype, http://www.skype.com.