• Title/Summary/Keyword: 제로 데이 공격

Search Result 32, Processing Time 0.018 seconds

A Study on Similarity Comparison for File DNA-Based Metamorphic Malware Detection (파일 DNA 기반의 변종 악성코드 탐지를 위한 유사도 비교에 관한 연구)

  • Jang, Eun-Gyeom;Lee, Sang Jun;Lee, Joong In
    • Journal of the Korea Society of Computer and Information
    • /
    • v.19 no.1
    • /
    • pp.85-94
    • /
    • 2014

  • This paper studied the detection technique using file DNA-based behavior pattern analysis in order to minimize damage to user system by malicious programs before signature or security patch is released. The file DNA-based detection technique was applied to defend against zero day attack and to minimize false detection, by remedying weaknesses of the conventional network-based packet detection technique and process-based detection technique. For the file DNA-based detection technique, abnormal behaviors of malware were splitted into network-related behaviors and process-related behaviors. This technique was employed to check and block crucial behaviors of process and network behaviors operating in user system, according to the fixed conditions, to analyze the similarity of behavior patterns of malware, based on the file DNA which process behaviors and network behaviors are mixed, and to deal with it rapidly through hazard warning and cut-off.

  • https://doi.org/10.9708/jksci.2014.19.1.085 인용 PDF KSCI

A Study on Hacking E-Mail Detection using Indicators of Compromise (침해지표를 활용한 해킹 이메일 탐지에 관한 연구)

  • Lee, Hoo-Ki
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.21-28
    • /
    • 2020

  • In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

  • https://doi.org/10.33778/kcsa.2020.20.3.021 인용 PDF KSCI