• Journal of Internet Computing and Services
• /
• v.22 no.3
• /
• pp.75-83
• /
• 2021

With the development of the IT industry and the increase of cultural activities, the demand for works increases, and they can be used easily and conveniently in an online environment. Accordingly, copyright infringement is seriously occurring due to the ease of copying and distribution of works. Some special types of Online Service Providers (OSP) use filtering-based technology to protect copyrights, but they can easily bypass them, and there are limits to blocking all illegal works, making it increasingly difficult to protect copyrights. Recently, most of the distributors of illegal works are a certain minority, and profits are obtained by distributing illegal works through many OSP and majority ID. In this paper, we propose a profiling technique for heavy uploader, which is a major analysis target based on illegal works. Creates a feature containing information on overall illegal works and identifies major heavy uploader. Among these, clustering technology is used to identify heavy uploader that are presumed to be the same person. In addition, heavy uploaders with high priority can be analyzed through illegal work Distributor tracking and behavior analysis. In the future, it is expected that copyright damage will be minimized by identifying and blocking heavy uploader that distribute a large amount of illegal works.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.8
• /
• pp.1581-1588
• /
• 2017

Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.376-379
• /
• 2017

전 세계적으로 악성코드는 하루 100만개 이상이 새롭게 발견되고 있으며, 악성코드 발생량은 해마다 증가하고 있는 추세이다. 공격자는 보안장비에서 악성코드가 탐지되는 것을 우회하기 위해 기존 악성코드를 변형한 변종 악성코드를 주로 이용한다. 변종 악성코드는 자동화된 제작도구나 기존 악성코드의 코드를 재사용하므로 비교적 손쉽게 생성될 수 있어 최근 악성코드 급증의 주요 원인으로 지목되고 있다. 본 논문에서는 대량으로 발생하는 악성코드의 효과적인 대응을 위한 행위기반 악성코드 프로파일링 시스템 프로토타입을 제안한다. 동일한 변종 악성코드들은 실제 행위가 유사한 특징을 고려하여 악성코드가 실행되는 과정에서 호출되는 API 시퀀스 정보를 이용하여 악성코드 간 유사도 분석을 수행하였다. 유사도 결과를 기반으로 대량의 악성코드를 자동으로 그룹분류 해주는 시스템 프로토타입을 구현하였다. 악성코드 그룹별로 멤버들 간의 유사도를 전수 비교하므로 그룹의 분류 정확도를 객관적으로 제시할 수 있다. 실제 유포된 악성코드를 대상으로 악성코드 그룹분류 기능과 정확도를 측정한 실험에서는 평균 92.76%의 분류 성능을 보였으며, 외부 전문가 의뢰에서도 84.13%로 비교적 높은 분류 정확도를 보였다.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.8
• /
• pp.163-170
• /
• 2012

Nowadays Internet is the greatest and most participating media of prompting expression with 37 million users in Korea. Internet enables collective communications between social members and contributes to form sound public opinions and to develop democracy while it has negative aspect to distribute massively crime by illegal posting which is forbidden by the Criminal Act. Criminal actors who involve to diffuse information on Internet consist of three categories of information provider, user and internet service provider. Illegal posting generated on Internet is originated from IP and the criminal regulation on it is useless and meaningless because of its countless of users and ambiguous boundary with liberty for expression. Accordingly, the only criminal policy means to prevent danger by illegal posting on Internet is to regulate ISP which saves illegal posting and mediates contacts among users. In spite of it, legislation to regulate ISP is unprepared. The prudent legislative review should be done. And it should be accordance with the doctrines of propriety and vagueness of the principle of "nulla poena sine lege".