Browse > Article

An Email Vaccine Cloud System for Detecting Malcode-Bearing Documents  

Park, Choon-Sik (서울여자대학교 정보보호학과)
Publication Information
Journal of Korea Multimedia Society / v.13, no.5, 2010 , pp. 754-762 More about this Journal
Abstract
Nowadays, email-based targeted attacks using malcode-bearing documents have been steadily increased. To improve the success rate of the attack and avoid anti-viruses, attackers mainly employ zero-day exploits and relevant social engineering techniques. In this paper, we propose an architecture of the email vaccine cloud system to prevent targeted attacks using malcode-bearing documents. The system extracts attached document files from email messages, performs behavior analysis as well as signature-based detection in the virtual machine environment, and completely removes malicious documents from the messages. In the process of behavior analysis, the documents are regarded as malicious ones in cases of creating executable files, launching new processes, accessing critical registry entries, connecting to the Internet. The email vaccine cloud system will help prevent various cyber terrors such as information leakages by preventing email based targeted attacks.
Keywords
VM-Based Behavior Analysis; Malicious Document Detection; Email Vaccine Cloud;
Citations & Related Records
연도 인용수 순위
  • Reference
1 W. Li, S. Stolfo, A. Stavrou, E. Androulaki, and A. Kerornytis, "A Study of Malcode-Bearing Documents," In Conference on Detection of Intrusions and Malware & Vulnerability Assessment(DIMVA), pp.231-250, 2007.
2 이명박 대통령 사칭 해킹메일 조심!, 동아일보, 2008, 3, 14, http://news.donga.com/fbin/output?n=200803140410
3 OSSEC Hornepage, http://www.ossec.net/main/
4 Haiyan Qiao, Jianfeng Peng, Chuan Feng, and Jerzy W. Rozenblit, "Behavior Analysis-Based Learning Framework for Host Level Intrusion Detection," Proc. of the 14 th IEEE Intl. Conference and Workshops on the Engineering of Computer Based Systems (ECBS '07), pp. 441-447, Tucson, Arizona, March 2007.
5 S. Sidiroglou, J. Ioannidis, A. D. Keromvtis, and S. J. Stolfo, "An Email Worm Vaccine Architecture," In Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC), pp. 82-101, April 2005.
6 M. Masud, L. Khan, and B. Thuraisingham, "A hybrid model to detect malicious executables," IEEE International Conference on Communications 2007(ICC '07), pp. 1443-1448, 2007.
7 한국정보보호진흥원, "인터넷 침해사고 동향 및 분석월보-2008년 침해사고 동향 및 2009년 전망 특별 보고서," 한국정보보호진흥원 인터넷침해사고대응지원센터, 2008, 12.
8 MessageLabs Intelligence: 2008 Annual Security Report, 2008, http://www.messagelabs.com/mlireport/MLIReport_Annual_2008_FINAL.pdf
9 SANS Top-20 Security Risks, Nov., 2007, http://www.sans.org/top20/2007/top20.pdf
10 군.주한미군 장성 겨냥 北 해커 해킹메일 살포, 서울신문, 2009, 6, 17, http://www.seoul.co.kr/news/newsView.php?id=20090617004007
11 Targeted Trojan Email Attacks, http://www.us-cert.gov/cas/techalerts/TA05-189A.html