• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.10
• /
• pp.251-258
• /
• 2018

Ransomware, a malicious software that requires a ransom by encrypting a file, is becoming more threatening with its rapid propagation and intelligence. Rapid detection and risk analysis are required, but real-time analysis and reporting are lacking. In this paper, we propose a ransomware infection detection system using social big data mining technology to enable real-time analysis. The system analyzes the twitter stream in real time and crawls tweets with keywords related to ransomware. It also extracts keywords related to ransomware by crawling the news server through the news feed parser and extracts news or statistical data on the servers of the security company or search engine. The collected data is analyzed by data mining algorithms. By comparing the number of related tweets, google trends (statistical information), and articles related wannacry and locky ransomware infection spreading in 2017, we show that our system has the possibility of ransomware infection detection using tweets. Moreover, the performance of proposed system is shown through entropy and chi-square analysis.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.5
• /
• pp.7-19
• /
• 2019

Ransomware is a malicious program that requires the cost of decryption after encrypting files on the user's desktop. Since the frequency and the financial damage of ransomware attacks are increasing each year, ransomware prevention, detection and recovery system are needed. Baek et al. proposed SSD-Insider, an algorithm for detecting ransomware within SSD. In this paper, we propose an AdvanSSD-Insider algorithm that substitutes a hash table used for the overwriting check with a bloom filter in the SSD-Insider. Experimental results show that the AdvanSSD-Insider algorithm reduces memory usage by up to 90% and execution time by up to 77% compared to the SSD-Insider algorithm and achieves the same detection accuracy. In addition, the AdvanSSD-Insider algorithm can monitor 10 times longer than the SSD-Insider algorithm in same memory condition. As a result, detection accuracy is increased for some ransomware which was difficult to detect using previous algorithm.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.25-29
• /
• 2021

The strip binary is a binary from which debug symbol information has been deleted, and therefore it is difficult to analyze the binary through techniques such as reverse engineering. Traditional binary analysis tools rely on debug symbolic information to analyze binaries, making it difficult to detect or analyze malicious code with features of these strip binaries. In order to solve this problem, the need for a technology capable of effectively extracting the information of the strip binary has emerged. In this paper, focusing on the fact that the byte code of the binary file is generated very differently depending on compiler version, optimazer level, etc. For effective compiler version extraction, the entire byte code is read and imaged as the target of the stripped binaries and this is applied to the convolution neural network. Finally, we achieve an accuracy of 93.5%, and we provide an opportunity to analyze stripped binary more effectively than before.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.67-75
• /
• 2018

According to Symantec's Internet Security Threat Report(2018), Internet security threats such as Cryptojackings, Ransomwares, and Mobile malwares are rapidly increasing and diversifying. It means that detection of malwares requires not only the detection accuracy but also versatility. In the past, malware detection technology focused on qualitative performance due to the problems such as encryption and obfuscation. However, nowadays, considering the diversity of malware, versatility is required in detecting various malwares. Additionally the optimization is required in terms of computing power for detecting malware. In this paper, we present Stream Order(SO)-CNN and Incremental Coordinate(IC)-CNN, which are malware detection schemes using CNN(Convolutional Neural Network) that effectively detect intelligent and diversified malwares. The proposed methods visualize each malware binary file onto a fixed sized image. The visualized malware binaries are learned through GoogLeNet to form a deep learning model. Our model detects and classifies malwares. The proposed method reveals better performance than the conventional method.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.39-53
• /
• 2023

Non-installation program (hereinafter referred to as "portable program") is a program that can be used without an installation process, unlike general software. Since there is no separate installation process, portable programs have high mobility and are used in various ways. For example, when initial setup of multiple PCs is required, a portable program can be stored on one USB drive to perform initial setup. Alternatively, when a problem occurs with the PC and it is difficult to boot normally, Windows PE can be configured on the USB drive and portable programs can be stored for PC recovery. And the portable program does not directly affect PC settings, such as changing registry values, and does not leave a trace. This means that the portable program has high security. If a portable program is deleted after using it, it is difficult to analyze behavior in a general way. If a user used a portable program for malicious behavior, analysis in a general way has limitations in collecting evidence. Therefore, portable programs must have a new way of behavioral analysis that is different from ordinary installation software. In this paper, after installing the Windows 10 operating system on a virtual machine, we proceed with the scenario with a portable program of Opera and Notepad++. And we analyze this in various ways such as file analysis of the operating system and memory forensics, collect information such as program execution time and frequency, and conduct specific behavioral analysis of user.

• Progress in Medical Physics
• /
• v.9 no.2
• /
• pp.77-88
• /
• 1998

Wedge shaped isodoses are desired in a number of clinical situations. Hard wedge filters have provided nominal angled isodoses with dosimetric consequences of beam hardening, increased peripheral dosing, nonidealized gradients at deep depths along with the practical consequendes of filter handling and placement problems. Dynamic wedging uses a combination of a moving collimator and changing monitor dose to achieve angled isodoses. The segmented treatment tables(STT) that monitor unit setting by every distance of moving collimator, was induced by numerical formular. The characteristics of dynamic wedge by STT compared with real dosimetry. Methods and Materials : The accelerator CLINAC 2100C/D at Yonsei Cancer Center has two photon energies (6MV and 10MV), currently with dynamic wedge angles of 15$^{\circ}$, 30$^{\circ}$, 45$^{\circ}$ and 60$^{\circ}$. The segmented treatment tables(STT) that drive the collimator in concert with a changing monitor unit are unique for field sizes ranging from 4.0cm to 20.0cm in 0.5cm steps. Transmission wedge factors were measured for each STT with an standard ion chamber. Isodose profiles, isodose curves, percentage depth dose for dynamic wedge filters were measured with film dosimetry. Dynamic wedge angle by STT was well coincident with film dosimetry. Percent depth doses were found to be closer to open field but more shallow than hard wedge filter. The wedge transmission factor were decreased by increased the wedge angle and more higher than hard wedge filters. Dynamic wedging probided more consistent gradients across the field compared with hard wedge filters. Dynamic wedging has practical and dosimetric advantages over hard filters for rapid setup and keeping from table collisions. Dynamic wedge filters are positive replacement for hard filters and introduction of dynamic conformal radiotherapy and intensity modulation radiotherapy in a future.