Browse > Article

Development of an open source-based APT attack prevention Chrome extension  

Kim, Heeeun (아주대학교, 사이버보안학과)
Shon, Taeshik (아주대학교, 사이버보안학과)
Kim, Duwon (아주대학교, 사이버보안학과)
Han, Gwangseok (아주대학교, 사이버보안학과)
Seong, JiHoon (아주대학교, 사이버보안학과)
Publication Information
Journal of Platform Technology / v.9, no.3, 2021 , pp. 3-17 More about this Journal
Abstract
Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.
Keywords
APT; Dangerzone; malware; Ad block; Virus total; open source; Chrome extension;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Pyhwp module, https://pythonhosted.org/pyhwp/ko/
2 Wikipedia, "APT" https://ko.wikipedia.org/wiki/%EC%A7%80%EB%8A%A5%ED%98%95_%EC%A7%80%EC%86%8D_%EA%B3%B5%EA%B2%A9
3 McAfee Webadvisor, https://www.mcafee.com/en-us/safe-browser/mcafee-webadvisor.html
4 Development of an open source-based document-type malware blocking program, 2020, Seo Minjeong, Ko Heesoo, Yang Hyungji, Kang Nimjoo, Kim Kwanyoung.
5 Yong Chanho, "Go ahead! Docker/Kubernetes: Managed containers easily understand with kind explanations", Wikibooks, 2020
6 VirusTotal API, https://www.virustotal.com/
7 wkhtmltopdf module, https://wkhtmltopdf.org/
8 Jiransecurity SaniTOX, https://www.jiransecurity.com/products/sanitox
9 Park Eungyong, "Jump to django", easy publishing, 2021
10 Chrome extension API, https://developer.chrome.com/docs/extensions/reference
11 Dangerzone github, https://github.com/firstlookmedia/dangerzone-converter
12 Boannews "The most frequently discovered malicious code in the first week of February, No. 1 information-stealing type 'Agent Tesla'", https://www.boannews.com/media/view.asp?idx=94881&page=1&kind=1