• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.101-115
• /
• 2011

A botnet is a huge network of hacked zombie PCs. Recognizing the fact that the majority of email spam is sent out by botnets, a system that is capable of detecting botnets and zombie PCS will be designed in this study by analyzing email spam. In this study, spam data collected in "an email spam trail system", Korea's national spam collection system, were used for analysis. In this study, we classified the spam groups by the URLs or attached files, and we measured how much the group has the characteristics of botnet and how much the IPs have the characteristics of zombie PC. Through the simulation result in this study, we could extract 16,030 zombie suspected PCs for one hours and it was verified that email spam can provide considerably useful information in tracing zombie PCs.

• Journal of KIISE:Software and Applications
• /
• v.37 no.5
• /
• pp.378-385
• /
• 2010

The explosive increase in the use of email has made to need email classification efficiently and accurately. Current work on the email classification method have mainly been focused on a binary classification that filters out spam-mails. This methods are based on Support Vector Machines, Bayesian classifiers, rule-based classifiers. Such supervised methods, in the sense that the user is required to manually describe the rules and keyword list that is used to recognize the relevant email. Other unsupervised method using clustering techniques for the multi-category classification is created a category labels from a set of incoming messages. In this paper, we propose a new automatic email multi-category classification method using NMF for automatic category label construction method and dynamic category hierarchy method for the reorganization of email messages in the category labels. The proposed method in this paper, a large number of emails are managed efficiently by classifying multi-category email automatically, email messages in their category are reorganized for enhancing accuracy whenever users want to classify all their email messages.

• Journal of Advanced Navigation Technology
• /
• v.13 no.3
• /
• pp.419-425
• /
• 2009

The amount of incoming e-mails is increasing rapidly due to the wide usage of Internet. Therefore, it is more required to classify incoming e-mails efficiently and accurately. Currently, the e-mail classification techniques are focused on two way classification to filter spam mails from normal ones based mainly on Bayesian and Rule. The clustering method has been used for the multi-way classification of e-mails. But it has a disadvantage of low accuracy of classification and no category labels. The classification methods have a disadvantage of training and setting of category labels by user. In this paper, we propose a novel multi-way e-mail hierarchy classification method that uses PCA for automatic category generation and dynamic category hierarchy for high accuracy of classification. It classifies a huge amount of incoming e-mails automatically, efficiently, and accurately.

• Journal of Internet Computing and Services
• /
• v.20 no.1
• /
• pp.1-10
• /
• 2019

Since big-data text mining extracts many features and data, clustering and classification can result in high computational complexity and low reliability of the analysis results. In particular, a term document matrix obtained through text mining represents term-document features, but produces a sparse matrix. We designed an advanced genetic algorithm (GA) to extract features in text mining for detection model. Term frequency inverse document frequency (TF-IDF) is used to reflect the document-term relationships in feature extraction. Through a repetitive process, a predetermined number of features are selected. And, we used the sparsity score to improve the performance of detection model. If a spam mail data set has the high sparsity, detection model have low performance and is difficult to search the optimization detection model. In addition, we find a low sparsity model that have also high TF-IDF score by using s(F) where the numerator in fitness function. We also verified its performance by applying the proposed algorithm to text classification. As a result, we have found that our algorithm shows higher performance (speed and accuracy) in attack mail classification.

• The Journal of the Korea Contents Association
• /
• v.10 no.6
• /
• pp.43-48
• /
• 2010

Useful emails influence on consumers' purchase behavior and activate them to visit retail stores. Regular contact with consumers by e-mail has positive effects on brand loyalty. However, email marketing has a limitation. Spam now accounts for over half of all e-mail traffic. The increase of email users has resulted in the dramatic increase of spam emails during the past few years. In this paper, we proposed an ontology-based system offering personalized email services to overcome such limitation. Our method is not the ontology-driven spam filtering, but a personalized content service considering personal interests and relations among people by using FOAF and domain ontologies. Our system was successfully tested in email marketing domain.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.37 no.5
• /
• pp.125-131
• /
• 2000

In this paper, we proposed conditional access algorithm for data confidential using smart card. This algorithm is constructed smart card and E-mail gateway for restricting of user's illegal confidential data transmission. After processing of certification procedure in smart card, each E-mail forwarded to E-mail gateway(EG). The EG selects outgoing E-mail and it is sent to fire-wall E-mail processing program, it is checked attached file in transmission mail and if it is attached file, it writes to database. This time, it can be used evidence data about user's illegal confidential data transmission, because of using registered content and smart card certification data in database. in addition to, we can get psychologically effect of prevention to send illegally, and this system can prevent spam mail in EG, also.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.765-772
• /
• 2005

In this paper, we propose E-mail sending-server authorization method using a distance estimation algorithm between W addresses to check whether the E-mail sending server is registered in the domain of mail sending server or belongs to the domain for filtering spam mail. This method utilizes the distance between the IP address of sending server and IP addresses registered in the DNS to figure out that the E-mail sending server exists in the domain to filter spam mail. The experimental result of applying the proposed algorithm to sample E-mails gathered in a large size laboratory says that 88 percents of legitimate E-mails and only 10 percents of spam mails are sent by servers in the same domains of senders. The algorithm may be effectively used to block spam mails sent by servers outside of the domains of mail senders. It may be also hired as a temporary E-mail protecting system until the standard E-mail authorization protocol is fully deployed.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Review of KIISC
• /
• v.19 no.6
• /
• pp.22-31
• /
• 2009

최근의 컴퓨터 통신 기술은 인터넷 기반으로 이루어지고 있으며 정치 경제 문화 등 사회 전 분야에 있어서 주요 기반 인프라를 구축하는데 없어서는 안 되는 핵심 요소 기술로 자리 잡았다. 이러한 인터넷상에서 기존의 악성코드와는 차별화되는 외부 공격자의 명령 제어를 받는 악성 네트워크인 봇넷이 인터넷 서비스의 보안 위협으로 등장하게 되었다. 최근의 봇넷은 매우 빠르게 진화하고 있으며 봇넷을 이용한 스팸 메일, 개인 정보 탈취, 금품 갈취형 분산 서비스 거부 공격 등은 사이버상의 공격을 주도하는 주요 이슈로 부상하였다. 본 연구에서는 이러한 봇넷의 악성 행위 동향과 함께 이에 대응할 수 있는 기술에 대해서 방향을 제시하고자 한다.

• Journal of Information Technology Services
• /
• v.2 no.1
• /
• pp.25-34
• /
• 2003

Spam mail is one of the side effect of the development and improvement of the internet that restrains the privacy of the individual on line. However indiscriminate application of Spam mail blocking can also cause significant violation on freedom of doing business to the fluent commercial transactions on line. Therefore this research looks at the exact understanding of the concept of Spam mail and inquiry on Its issues. Also it looks at the case studies of its institutional solutions in USA and Europe as well as the advantage and disadvantage of the case studies on its technical solution. Finally, the research inquires into overall prevention of Spam mail, which considers both technical and institutional soiution. With this research, limitations of current Spam mail prevention system and technology are pointed out and more effective course of overall Spam mail prevention solution is studied.