• Journal of Internet Computing and Services
• /
• 제15권3호
• /
• pp.31-43
• /
• 2014

Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제24권1호
• /
• pp.145-154
• /
• 2014

In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

• Journal of Digital Contents Society
• /
• 제19권6호
• /
• pp.1177-1183
• /
• 2018

Recent developments in machine learning have attracted a lot of attention for techniques such as machine learning and deep learning that implement artificial intelligence. In this paper, binary malicious code using deep learning based R-CNN is imaged and the feature is extracted from the image to classify the family. In this paper, two steps are used in deep learning to image malicious code using CNN. And classify the characteristics of the family of malicious codes using R-CNN. Generate malicious code as an image, extract features, classify the family, and automatically classify the evolution of malicious code. The detection rate of the proposed method is 93.4% and the accuracy is 98.6%. In addition, the CNN processing speed for image processing of malicious code is 23.3 ms, and the R-CNN processing speed is 4ms to classify one sample.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제20권7호
• /
• pp.1290-1295
• /
• 2016

Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제28권2호
• /
• pp.397-405
• /
• 2018

Blacklist-based tools are most commonly used to effectively detect suspected malicious processes. The blacklist-based tool compares the malicious code extracted from the existing malicious code with the malicious code. Therefore, it is most effective to detect known malicious codes, but there is a limit to detecting malicious code variants. In order to solve this problem, the necessity of a white list-based tool, which is the opposite of black list, has emerged. Whitelist-based tools do not extract features of malicious code processes, but rather collect reliable processes and verify that the process that checks them is a trusted process. In other words, if malicious code is created using a new vulnerability or if variant malicious code appears, it is not in the list of trusted processes, so it can effectively detect malicious code. In this paper, we propose a method for effectively building a whitelist through research that collects reliable processes in the macOS operating system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제30권3호
• /
• pp.481-491
• /
• 2020

The malicious URLs which can be used for sending malicious codes and illegally acquiring private information is one of the biggest threat of information security field. Particularly, recent prevalence of smart-phone increases the possibility of the user's exposing to malicious URLs. Since the way of hiding the URL from the user is getting more sophisticated, it is getting harder to detect it. In this paper, after conducting a survey of the user experiences related to malicious URLs, we are proposing the rule-based malicious URL detection method. In addition, we have developed java library which can be applied to any other applications which need to handle the malicious URL. Each class of the library is implementation of a rule for detecting a characteristics of a malicious URL and the library itself is the set of rule which can have the chain of rule for deteciing more complicated situation and enhancing the accuracy. This kinds of rule based approach can enhance the extensibility considering the diversity of malicious URLs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제30권3호
• /
• pp.429-442
• /
• 2020

The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.

• Radiation Oncology Journal
• /
• 제13권3호
• /
• pp.225-231
• /
• 1995

Malignant fibrous histiocytoma(MFH) of the maxilla is a rare malignant bone tumor Seven percents of all MFH occur in the head and neck. Approximately $12{\%}$ of these tumors occur in the maxilla. Local recurrence or distant metastasis was reported in $55{\%}$ of cases of maxillary MFH. The mean survival time of 30 months was reported from a review of 14 MFHs in the maxilla, mandible and oral soft tissues. MFH of the maxilla is best treated surgically but radical neck dissection does not appear to be indicated unless there is clinical evidence of lymph node metastases Although the use of radiation therapy for head and neck MFH has not been studied for a series of cases, individual cases of regression or histological change have been reported. Other authors have reported numbers of cases who received radiation therapy without benefit. Response to combination chemotherapy has been reported in $33{\%}$ of 23 patients with recurrent or metastatic MFH. We report here a case of MFH occurring in the maxilla with a review of literature about the clinical behavior and treatment of these lesions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제29권4호
• /
• pp.775-784
• /
• 2019

Malware infringement attacks are continuously increasing in various environments such as mobile, IOT, windows and mac due to the emergence of new and variant malware, and signature-based countermeasures have limitations in detection of malware. In addition, analytical performance is deteriorating due to obfuscation, packing, and anti-VM technique. In this paper, we propose a system that can detect malware based on machine learning by using similarity hashing-based pattern detection technique and static analysis after file classification according to packing. This enables more efficient detection because it utilizes both pattern-based detection, which is well-known malware detection, and machine learning-based detection technology, which is advantageous for detecting new and variant malware. The results of this study were obtained by detecting accuracy of 95.79% or more for benign sample files and malware sample files provided by the AI-based malware detection track of the Information Security R&D Data Challenge 2018 competition. In the future, it is expected that it will be possible to build a system that improves detection performance by applying a feature vector and a detection method to the characteristics of a packed file.

• Journal of Digital Convergence
• /
• 제16권12호
• /
• pp.197-206
• /
• 2018

The harmful effects of online malicious comments are continuously increasing. Many previous studies have confirmed that neutralization of malicious comments is a key predictor. Neutralization is theoretically composed of seven multidimensional concepts, and the significance of neutralization factors varies depending on the type of deviant behavior. This study focuses on the fact that the malicious comment researches have considered the neutralization techniques in a single dimension as opposed to demonstrating the multidimensional neutralization techniques in the deviant behavior research. On the other hand, the role of arbitrator in deviant behavior can contribute to restraining deviant behavior, but the research of intervention intention is relatively lacking in malicious comments research. This study, composed of two complementary studies, tried to find out the related factors of malicious comments and intervention intention. As a result of study, This study revealed that malicious commentator uses the neutralization techniques of condemn the condemners and denial of responsibility. In addition, we found that affective empathy has a significant effect on the intervention intention in malicious comments.