한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제25권9호
  • /
  • Pages.1227-1233
  • /
  • 2021
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

클라우드 기반 악성 QR Code 탐지 시스템

Cloud-based malware QR Code detection system

  • Kim, Dae-Woon (Department of Information Security, Dong-Shin University) ;
  • Jo, Young-Tae (Department of Information Security, Dong-Shin University) ;
  • Kim, Jong-Min (Department of Information Security, Dong-Shin University)
  • 투고 : 2021.07.28
  • 심사 : 2021.08.23
  • 발행 : 2021.09.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

QR코드는 간단한 명함이나 URL 등 다양한 형태로 사용되어 왔다. 최근 코로나19 팬데믹의 영향으로 방문 및 출입 기록을 통한 이동 경로를 추적하기 위해 QR코드를 사용하게 되면서 QR코드의 사용량이 급증하였다. 이렇듯 대부분의 사람들이 대중적으로 사용하게 되면서 위협에 항상 노출되어 있다. QR코드의 경우 실행을 하기 전까지 어떠한 행위를 하는지 알 수 없다. 그렇기 때문에 악성URL이 삽입된 QR코드를 아무 의심없이 실행을 하게 되면 보안 위협에 바로 노출되게 된다. 따라서 본 논문에서는 QR코드를 스캔할 때 악성 QR코드인지를 판단한 후 이상이 없을 경우에만 정상적인 접속을 할 수 있는 클라우드 기반 악성 QR코드 탐지 시스템을 제안한다.

QR Code has been used in various forms such as simple business cards and URLs. Recently, the influence of Corona 19 Fundemik has led to the use of QR Codes to track travel routes through visits and entry / exit records, and QR Code usage has skyrocketed. In this way, most people have come to use it in the masses and are constantly under threat. In the case of QR Code, you do not know what you are doing until you execute it. Therefore, if you undoubtedly execute a QR Code with a malicious URL inserted, you will be directly exposed to security threats. Therefore, this paper provides a cloud-based malware QR Code detection system that can make a normal connection only when there is no abnormality after determining whether it is a malicious QR Code when scanning the QR Code.

키워드

참고문헌

  1. QR Code standardization / standardization [Internet]. Available: https://www.qrcode.com/ko/about/standards.html.
  2. E. C. Kim and S. I. Kim, "A Study on the the User Experience of Smartphone Camera Application," Journal of the Korea Convergence Society, vol. 8, no. 12, pp. 221-226, 2017. https://doi.org/10.15207/JKCS.2017.8.12.221
  3. E. Y. Oh. "A study on non-storage data recording system and non-storage data providing method by smart QR code," Journal of Convergence for Information Technology, vol. 9, no. 4, pp. 14-20, 2019. https://doi.org/10.22156/CS4SMB.2019.9.4.014
  4. QR Code information amount / version [Internet]. Available: https://www.qrcode.com/ko/about/version.html.
  5. H. K. Yang, "A Study of Security Weaknesses of QR Codes and Its Countermeasures," The Journal of the Institute of Internet, Broadcasting and Communication, vol. 12, no. 1, pp. 83-89, 2012. https://doi.org/10.7236/JIWIT.2012.12.1.83
  6. K. H. Bahn, J. W. Jung, and D. H. Won, "Counterplan of the XSS Attack to QR Code," Proceedings of the Korean Information Science Society Conference, vol. 38, no. 1, pp. 102-104, 2011.
  7. T. S. Hur, "Database PasS web service system using Docker," Journal of the Korea Society of Computer and Information, vol. 25, no. 11, pp. 51-58, 2020. https://doi.org/10.9708/JKSCI.2020.25.11.051
  8. H. S. Kim and S. J. Lee, "Method of Digital Forensic Investigation of Docker-Based Host," Korea Information Processing Society, vol. 6, no. 2, pp. 75-86, 2017.
  9. M. S. Lee, M. S. Kang, I. H. Kim, and J. H. Kim, "Design and Performance Comparison of Docker Container Based Deep Learning Model Management System for Real-Time Analysis," Journal of Korean Institute of Communications and Information Sciences, vol. 46, no. 2, pp. 390-400, 2021. https://doi.org/10.7840/kics.2021.46.2.390
  10. Kubernetes Guide [Internet]. Available: https://subicura.com/2017/01/19/docker-guide-for-beginners-1.html.