Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.859

Secure File Transfer Method and Forensic Readiness by converting file format in Network Segmentation Environment  

Han, Jaehyeok (Institute of Cyber Security & Privacy (ICSP), Korea University)
Yoon, Youngin (Institute of Cyber Security & Privacy (ICSP), Korea University)
Hur, Gimin (Institute of Cyber Security & Privacy (ICSP), Korea University)
Lee, Jaeyeon (Hanwha Systems Co., Ltd.)
Choi, Jeongin (Hanwha Systems Co., Ltd.)
Hong, SeokJun (Hanwha Systems Co., Ltd.)
Lee, Sangjin (Institute of Cyber Security & Privacy (ICSP), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 859-866 More about this Journal
Abstract
Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.
Keywords
file format conversion; CDR; forensic readiness; network separation; malware; APT;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Eun-hye Han and In-seok Kim, "Efficient Operation Model for Effective APT Defense." Journal of The Korea Institute of information Security & Cryptology, 27(3), pp. 501-519, June. 2017.   DOI
2 AhnLab, "Beware of APT Attacks Using E-mail", https://asec.ahnlab.com/814, June. 2012.
3 KISA, "Ransomware Guidelines.", 2018.
4 C. Tankard. "Advanced Persistent threats and how to monitor and deter them." Network security, Vol. 2011. Issue 8, pp. 16-19. Aug. 2011.   DOI
5 Byeong-joo Cho, Jang-ho Yun, Kyeong-ho Lee, "Study of effectiveness for the network separation policy of financial companies." Journal of The Korea Institute of information Security & Cryptology, 25(1), pp. 181-195, Feb. 2015   DOI
6 McAfee, "McAfee Advanced Threat Defense: Detect advanced malware", Nov. 2018.
7 Gartner, "Spamina recognized in the Market Guide for Secure Email Gateways", 2017.
8 Je-Seong Jeong, Kwangjo Kim, "A Study on Detection of Evasive Malware in Cuckoo Sandbox", CISC-S'15, June. 2015.
9 Eunkwang Kim, Sangjun Jeon, Jaehyeok Han, Minwook Lee, Sangjin Lee, "An effective detection method for hiding data in compound- document files." Journal of The Korea Institute of information Security & Cryptology, 25(6), pp. 1485-1494, Dec. 2015.   DOI
10 Kiwon Hong, Jongsung Kim, "Improved Data Concealing and Detecting Methods for OOXML Document." Journal of The Korea Institute of information Security & Cryptology, 27(3), pp. 489-499, June. 2017.   DOI
11 Jungeun Jee and Yongtae Shin, "A Logical Network Partition Scheme for Cyber Hacking and Terror Attacks." Journal of KIISE, 39(1), pp. 95-101, Feb. 2012.
12 Choon Sik Park, "An Email Vaccine Cloud System for Detecting Malcode-Bearing Documents", Journal of Korea Multimedia Society 13(5), pp. 754-762, May. 2010.
13 NIST, "National Software Reference Library (NSRL).", https://www.nist.gov/software-quality-group/national-software-reference-library-nsrl