• Journal of the Korea Society of Computer and Information
• /
• v.29 no.5
• /
• pp.1-10
• /
• 2024

Attackers tend to use similar vulnerabilities when finding their next target IT assets. They also continuously search for new attack targets. Therefore, it is essential to find the potential targets of attackers in advance. Our method proposes a novel approach for efficient vulnerable asset management and zero-day response. In this paper, we propose the ability to detect the IT assets that are potentially infected by the recently discovered vulnerability based on clustering and similarity results. As the experiment results, 86% of all collected assets are clustered within the same clustering. In addition, as a result of conducting a similarity calculation experiment by randomly selecting vulnerable assets, assets using the same OS and service were listed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.734-738
• /
• 2022

코로나 시대에서의 비접촉 기조 확산으로 인해서, 전자상거래 업계는 ux/ui를 보다 소비자친화적으로 변화시킴으로써 성장을 도모하고 있다. 전자상거래 시장은 몇년간 엄청난 성장을 거듭해왔고, 혁신에 혁신을 거듭하여 간편결제의 보편화를 이끌었다. 하지만 현재 IT업계에서는 loger4j 그리고 크로니움 브라우저 관련 제로데이 공격이 만연한 만큼, 보안에 대한 관심도가 높아진 상태이다. 전자상거래 상에서의 간편결제에서 보안이슈는 돈과 직결된 이슈이며, 그렇기 때문에 단순히 그의 UX/UI를 사용자 편의성 측면에서만 보아야하는가에 대해서 많은 의견이 있으며, 이는 이미 업계의 화두이다. 따라서 우리는 업계의 현황에 대해서 알아보면서, 사회적으로 이를 어떻게 바라보는지 그리고 이 이슈는 왜 어떻게 발생했고, 쉽게 해결될 수 없는지에 대해서 알아본다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.254-257
• /
• 2020

최근 악성코드에 의한 피해사례가 매년 증가하고 있다. 전통적인 시그니처 기반 안티바이러스 솔루션은 제로데이 공격이나 랜섬웨어처럼 전례가 없는 새로운 위협에 속수무책일 정도로 취약하다. 그럼에도 불구하고 많은 기업이 다중 엔드포인트 보안 전략의 일환으로 시그니처 기반 안티바이러스 솔루션을 유지하고 있다. 이에 응하고자 다양한 악성코드 분석기술이 출현해왔으며, 최근의 연구들은 부분 머신러닝을 이용하여 기존에 진행했던 시그니쳐 기반의 한계를 보완하고 노력하고 있다. 본 논문은 머신러닝을 이용한 바이러스 분석 모델과 머신러닝 알고리즘 중 GRU를 이용한 솔루션 시스템을 제안한다. 기존 DB Server를 통해 머신러닝을 학습 시키며 다양한 샘플과 형식을 이용하여 머신러닝을 학습하고 이를 이용해 새로운 악성코드, 변조된 악성코드의 탐지율을 높일 수 있다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.6
• /
• pp.863-871
• /
• 2013

Recently application of open protocols and external network linkage to the national critical infrastructure has been growing with the development of information and communication technologies. This trend could mean that the national critical infrastructure is exposed to cyber attacks and can be seriously jeopardized when it gets remotely operated or controlled by viruses, crackers, or cyber terrorists. In this paper virtual Honeynet model which can reduce installation and operation resource problems of Honeynet system is proposed. It maintains the merits of Honeynet system and adapts the virtualization technology. Also, virtual Honeynet model that can minimize operating cost is proposed with data analysis and collecting technique based on the verification of attack intention and focus-oriented analysis technique. With the proposed model, new type of attack detection system based on virtual Honeynet, that is Cybertrap, is designed and implemented with the host and data collecting technique based on the verification of attack intention and the network attack pattern visualization technique. To test proposed system we establish test-bed and evaluate the functionality and performance through series of experiments.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.2
• /
• pp.39-46
• /
• 2021

Damages by malware have recently been increasing. Conventional signature-based antivirus solutions are helplessly vulnerable to unprecedented new threats such as Zero-day attack and ransomware. Despite that, many enterprises have retained signature-based antivirus solutions as part of the multiple endpoints security strategy. They do recognize the problem. This paper proposes a solution using the blockchain and deep learning technologies as the next-generation antivirus solution. It uses the antivirus software that updates through an existing DB server to supplement the detection unit and organizes the blockchain instead of the DB for deep learning using various samples and forms to increase the detection rate of new malware and falsified malware.

• Journal of Digital Convergence
• /
• v.19 no.4
• /
• pp.133-139
• /
• 2021

Due to the rapid progress in network technology, many research on content security technologies is also being conducted in the mobile digital content sector. In the meantime, content protection has been immersed in preventing illegal copying, certifying, and issuance/management certificates, but still have many vulnerabilities in managing or authenticating confidential information. This study aims to strengthen confidential information about content based on dual management of content download rights through mobile phone numbers or device numbers. It also protect replay-attack by building a secure mobile DRM system where digital content is safely distributed based on a three-stage user authentication process. In addition, blockchain-based content security enhancements were studied during the primary/secondary process for user authentication for the prevention of piracy and copyright protection. In addition, the client authentication process was further improved through three final stages of authorization in the use of illegal content, considering that legitimate users redistributed their content to third-party.

• Journal of Korea Multimedia Society
• /
• v.13 no.5
• /
• pp.754-762
• /
• 2010

Nowadays, email-based targeted attacks using malcode-bearing documents have been steadily increased. To improve the success rate of the attack and avoid anti-viruses, attackers mainly employ zero-day exploits and relevant social engineering techniques. In this paper, we propose an architecture of the email vaccine cloud system to prevent targeted attacks using malcode-bearing documents. The system extracts attached document files from email messages, performs behavior analysis as well as signature-based detection in the virtual machine environment, and completely removes malicious documents from the messages. In the process of behavior analysis, the documents are regarded as malicious ones in cases of creating executable files, launching new processes, accessing critical registry entries, connecting to the Internet. The email vaccine cloud system will help prevent various cyber terrors such as information leakages by preventing email based targeted attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1043-1052
• /
• 2020

Signature-based malicious code detection methods share a common limitation; it is very hard to detect modified malicious codes or new malware utilizing zero-day vulnerabilities. To overcome this limitation, many studies are actively carried out to classify malicious codes using N-gram. Although they can detect malicious codes with high accuracy, it is difficult to identify malicious codes that uses very short codes such as Spectre. We propose a function level N-gram comparison algorithm to effectively identify the Spectre binary. To test the validity of this algorithm, we built N-gram data sets from 165 normal binaries and 25 malignant binaries. When we used Random Forest models, the model performance experiments identified Spectre malicious functions with 99.99% accuracy and its f1-score was 92%.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1003-1008
• /
• 2017

The Internet of Things has attracted considerable research attention in recent years. In order for the new IoT technology to be widely used, the reliability and protection of information is required. IoT systems are very vulnerable to physical security due to their easy accessibility. Along with the development of SoC technology, many operating systems have been developed and many new operating systems have been introduced. In this paper, we describe the vulnerability analysis results for operating systems running on the ARMv7 Thumb Architecture hardware platform. For the recently introduced "Windows 10 IoT Core" operating system, I implemented the Zero-Day Attack by implanting the penetration code developed through the research into a specific IoT system. The virus detection test for the resulting penetration code was validated by referral to the "virustotal" site.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1141-1149
• /
• 2020

Most of the industrial control network is an independent closed network, which is operated for a long time after installation, and thus the OS is not updated, so security threats increase and security vulnerabilities exist. The zero-day attack defense must be applied with the latest patch, but in a large-scale industrial network, it requires a higher level of real-time and non-disruptive operation due to the direct handling of physical devices, so a step-by-step approach is required to apply it to a live system. In order to solve this problem, utility-specific patch impact assessment is required for reliable patch application. In this paper, we propose a method to test and safely install the patch using the regression analysis technique and show the proven results. As a patch impact evaluation methodology, the maximum allowance for determining the safety of a patch was derived by classifying test types based on system-specific functions, performance, and behavior before and after applying the patch. Finally, we report the results of case studies applied directly to industrial control networks, the OS patch has been updated while ensuring 99.99% availability.