Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.1.93

A Study on the Analysis and Detection Method for Protecting Malware Spreading via E-mail  

Yang, Kyeong-Cheol (Information Management and Security CIST, Korea University)
Lee, Su-Yeon (Information Management and Security CIST, Korea University)
Park, Won-Hyung (Information Security, Kyonggi University)
Park, Kwang-Cheol (Information Management and Security CIST, Korea University)
Lim, Jong-In (Information Management and Security CIST, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.1, 2009 , pp. 93-101 More about this Journal
Abstract
This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.
Keywords
Malicious Code; Detection Method; IDS; SNORT; Security Policy; Encrypted traffic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 서해지방경찰청, "E-메일 해킹관련 조치사항," http://wh.kcg.go.kr
2 Didier Stevens, XORSearch Tool, http://blog.didierstevens.com/programs/xorsearch/
3 국가사이버안전센터, "Monthly Cyber Security," pp. 28-38. 2008년 4월
4 Microsoft Corporation, "Bitwise Exclusive OR Operator," http://msdn. microsoft.com/fr-fr/library/3akey979.aspx
5 J. Beale, Snort 2.0 Intrusion Detection, 2th Ed., Syngress Media Inc., May 2004
6 Ahnlab, "알려지지 않은 악성코드 탐지 기법," http://kr.ahnlab.com/securityinfo/infoView.ahn? seq=9532&category=01