Browse > Article
http://dx.doi.org/10.33778/kcsa.2020.20.3.021

A Study on Hacking E-Mail Detection using Indicators of Compromise  

Lee, Hoo-Ki (건양대학교/사이버보안공학과)
Publication Information
Convergence Security Journal / v.20, no.3, 2020 , pp. 21-28 More about this Journal
Abstract
In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.
Keywords
Hacking E-Mail; Indicators Of Compromise (IOC); Artifact; Digital Forensic; E-Mail;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Tae-Kyung Kim, "The study of detection methods for malicious code", Journal of Security Engineering, vol 9, no 5, pp.387-400, 2012.
2 Yoon-Jae Park, Myung-Sin Chae, "A Research on the Effectiveness of the Vulnerability Detection Against Leakage of Proprietary Informatio Using Digital Forensic Methods", Journal of the Korea Academia-Industrial Cooperation Society, vol 18, no 9, pp.462-472, 2017.
3 Lee Min Wook, Yoon Jong Seong, Lee Sang Jin, "Digital Forensic Indicators of Compromise Format(DFIOC) and It's Application, KIPS Transactions on Computer and Communication Systems", vol 5, no 4, pp.95-102, 2016.   DOI
4 https://securelist.com/kaspersky-security-bulletin-spam-and-phishing-in-2016/77483/, Feb 20 2017.
5 Jun-Hyung Lee, Jung-Won Cho, 'The World of Digital Forensic', InfoTheBooks, 2014.
6 Sang-Duk Jeong, Dong-Sook Hong, Ki-Jun Han, "Technology Trends and Prospects of Digital Forensic", National Information Society Agency, 2006.
7 Stephen Larson, "Book Review: The Basics of Digital Forensics: The Primer For Getting Started in Digital Forensics", Journal of Digital Forensics, Security and Law, Vol.9, No.1, pp.83-85, 2014.
8 Simson Garfinkel, "Digital forensics XML and the DFXML toolset". Vol.8. pp.161-174, 2012.   DOI
9 Seong-Ho Kim, "A method to indicator compromise utilization for the effective infringement accident analysis", May 2015.
10 Chris Alberts, Audrey Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek, "Defining Incident Management Processes for CSIRTs : A Workin Progress", CMU SEI(Carnegie Mellon University Software Engineering Institute), Oct 2004.
11 Karen Scarfone, Tim Grance, Kelly Masone, "Special Publication 800-61 Revision 1 Computer Security Incident Handling Guide(Recommendations of the National Institute of Standards and Technology)", Computer Security Division Information Technology Laboratory National Institute of Standards and Technology, Mar 2008.
12 https:/www.rfc-editor.org/rfc/rfc2822.txt, Apr 2001.