• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.254-255
• /
• 2016

최근 IT 기술이 눈에 띄게 발전해 가고 있는 가운데 그 중에서도 사물인터넷 또한 많은 발전을 해오고 있다. 그러나 사물인터넷은 보안에 매우 취약한 단점이 있다. 그 중에서도 요즈음 사물인터넷을 대상으로 한 랜섬웨어 공격이 기승을 부린다고 전해진다. 그 중 웹에 접속하여 파일을 다운받는 경로가 가장 많이 감염되는 경우이다. 이처럼 사용자가 원치 않게 악성코드가 다운되는 경우가 급격히 증가하고 있다. 본 논문에서는 이러한 경우를 고려하여 IoT 기기를 통해 파일을 다운 받거나 위험성이 있는 사이트에 방문 시 빅데이터를 사용하여 데이터를 먼저 분석하여 위험성 있는 구문을 삭제하거나 차단하여 안전한 데이터들만 사용자에게 전송하는 프로그램을 만들어 사용자의 디바이스를 보호하는 방향을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.360-361
• /
• 2017

The infrastructure of the country and society is connected to cyberspace. Malicious codes that steal financial information from websites such as plastic surgeons, dentists, and hospitals that are confirmed as IP in Daegu South Korea area are spreading In particular, financial information is an important privacy target. Takeover of financial information leads to personal financial loss. In this paper, we analyze the recent pharming malicious code that takes financial information. Attack files with social engineering methods are spread as executables in the banner, disguised as downloaders. When the user selects the banner, the attack file infects the PC with malicious code to the user. The infected PC takes users to the farming site and seizes financial information and personal security card information. The fraudulent financial information causes a financial loss to the user. The research in this paper will contribute to secure financial security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.5
• /
• pp.309-316
• /
• 2014

It is easy to reverse engineer an Android app package file(APK) and get its decompiled source code. Therefore, attackers obtains economic benefits by illegally using the decompiled source code, or modifies an app by inserting malware. To address these problems in Android, we propose an APK overwrite scheme that protects apps against illegal modification of themselves by using a new anti-reverse engineering technique. In this paper, the targets are the apps which have been written by any programmer. For a target app (original app), server system (1) makes a copy of a target app, (2) encrypts the target app, (3) creates a stub app by replacing the DEX (Dalvik Executable) of the copied version with our stub DEX, and then (4) distributes the stub app as well as the encrypted target app to users of smartphones. The users downloads both the encrypted target app and the corresponding stub app. Whenever the stub app is executed on smartphones, the stub app and our launcher app decrypt the encrypted target app, overwrite the stub app with the decrypted target one, and executes the decrypted one. Every time the target app ends its execution, the decrypted app is deleted. To verify the feasibility of the proposed scheme, experimentation with several popular apps are carried out. The results of the experiment demonstrate that our scheme is effective for preventing reverse engineering and tampering of Android apps.

• Journal of Platform Technology
• /
• v.6 no.4
• /
• pp.69-77
• /
• 2018

In the case of personal information files containing personal information, there is insufficient awareness of personal information protection in end-point areas such as personal computers, smart terminals, and personal storage devices. In this study, we use Diffie-Hellman method to securely retrieve personal information files generated by web crawler. We designed SEED and ARIA using hybrid slicing to protect against attack on personal information file. The encryption performance of the personal information file collected by the Web crawling method is compared with the encryption decryption rate according to the key generation and the encryption decryption sharing according to the user key level. The simulation was performed on the personal information file delivered to the external agency transmission process. As a result, we compared the performance of existing methods and found that the detection rate is improved by 4.64 times and the information protection rate is improved by 18.3%.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.45-52
• /
• 2008

In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.17-24
• /
• 2016

Many companies and organizations are building a mobile office environment using the LTE network, the national disaster network and Air Force LTE network are built for public safety and national defense. However the recent threats on information security have been evolving from information leakage to DDoS attacks to neutralize the service. Especially, the type of device such as Smart phones, smart pad, tablet PC, and the numbers are growing exponentially and As performance of mobile device and speed of line develop rapidly, DDoS attacks in the mobile environment is becoming a threat. So far, universal countermeasure to DDoS attacks has been interception the network and server step, Yet problem regarding DDoS attack traffic on mobile network and expenditure of network resources still remains. Therefore, this paper analyzes the traffic type distributed in the private mobile network such as the National Disaster Network, and Air Force LTE network in order to preemptively detect DDoS attacks on terminal step. However, as direct analysis on traffic distributed in the National Disaster Network, and Air Force LTE network is restricted, transmission traffics in Minecraft and uploading video file upload which exhibit similar traffic information are analyzed in time series, thereby verifing its effectiveness through establishment of DDoS attacks standard in mobile network and application that detects and protects DDoS attacks

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1021-1026
• /
• 2015

Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.259-263
• /
• 2015

The vulnerabilities related to Flash player which is widely used in internet browsers and office programs are gradually increased. To detect Flash malwares, previous work focuses on predefined features of ActionScript. However above work cannot detect new/mutated Flash malwares, since predefined features could not cover the new patterns of new/mutated Flash mawares. To solve this problem, we propose a Flash malware detection method that uses machine learning to learn Flash Tag patterns and classify Flash by using machine learning.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.170-173
• /
• 2019

Windows는 UAC(User Account Control)를 통해 사용자의 동의를 얻은 프로세스에게만 관리자 권한을 부여한다. 관리자 권한을 부여받은 프로세스는 시스템 파일 변경, 환경 변수 변경 등 표준 권한을 가진 프로세스가 수행하지 못하는 작업을 수행할 수 있다. 일부 악성코드들은 사용자 동의 없이 관리자 권한을 획득하기 위해 UAC Bypass 기법을 이용한다. 그러나 UACMe에 공개된 56개의 UAC Bypass 기법 중 20개의 기법에 대한 보안 패치가 현재까지 이루어지지 않고 있다. 따라서 본 논문에서는 현재 Windows 시스템의 UAC Bypass에 대한 안전성 수준을 분석하기 위해 시스템 디렉터리 내부 82개의 프로그램을 대상으로 UAC Bypass가 가능한 DLL Hijacking 취약점을 분석한다. 또한 UAC Bypass에 악용 가능한 50개의 신규 취약점을 발견하고 악용 시나리오에 따른 공격가능성을 보인다.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.884-893
• /
• 2009

Recently, malicious attacks for Windows operate through Window API hooking in the Windows Kernel. This paper presents the API hooking attack and protection techniques based on Windows kernel. Also this paper develops a detection tool for Windows API hooking that enables to detect dll files which are operated in the kernel. Proposed tool can detect behaviors that imports from dll files or exports to dll files such as kernel32.dll, snmpapi.dll, ntdll.dll and advapidll.dll, etc.. Test results show that the tool can check name, location, and behavior of API in testing system.