• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1385-1397
• /
• 2015

The Proxy DLL is a mechanism using a normal characteristics of Windows. Specific malware is executed via this mechanism after intrusion into a system which is targeted. If a intrusion of malware is successful, malware should be executed at least once. For execution, malware is disguised as a Windows Library. The malware of Winnti group is a good case for this. Winnti is a group of Chinese hacking groups identified by research in the fall of 2011 at Kaspersky Lab. Winnti group activities was negatively over the years to target the online video game industry, in this process by making a number of malware infected the online gaming company. In this paper, we perform research on detection techniques of Proxy DLL malware which is disguised as a Windows library through Winnti group case. The experiments that are undertaken to target real malware of Winnti show reliability of detection techniques.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.357-368
• /
• 2013

Our society has evolved into a fully connected society in a mixed reality environment enabling various knowledge sharing / management / control / creation due to the expansion of broadband ICT infrastructure, smart devices, cloud services and social media services. Therefore cyber threats have increased with the convenience. The society of the future can cause more complex and subtle problems, if you do not have an effective response to cyber threats, due to fusion of logical space and physical space, organic connection of the smart object and the universalization of fully connected society. In this paper, we propose the strategy to build knowledge-base as the basis to actively respond to new cyber threats caused by future various environmental changes and the universalization of fully connected society.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.707-714
• /
• 2023

The Internet of Things, which is the key factor of the 4th industrial revolution, are apt to apply to many systems. The existing security mechanism cannot be realized with limited resources such as low capacity of devices and sensors. In order to apply IoT system, a new structure and ultra-lightweight encryption is required. In this paper, we analyzed security issues that can operate in Internet-based smart home networks, and to solve the critical issues against these attacks, technologies for device protection between heterogeneous devices. Security requirements are required to protect from attacks. Therefore, we analyzed the demands and requirements for its application by analyzing the security architecture and features in smart home network.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.1-10
• /
• 2018

Network threats such as Internet worms and computer viruses have been significantly increasing. In particular, APTs(Advanced Persistent Threats) and ransomwares become clever and complex. IDSes(Intrusion Detection Systems) have performed a key role as information security solutions during last few decades. To use an IDS effectively, IDS rules must be written properly. An IDS rule includes a key signature and is incorporated into an IDS. If so, the network threat containing the signature can be detected by the IDS while it is passing through the IDS. However, it is challenging to find a key signature for a specific network threat. We first need to analyze a network threat rigorously, and write a proper IDS rule based on the analysis result. If we use a signature that is common to benign and/or normal network traffic, we will observe a lot of false alarms. In this paper, we propose a scheme that analyzes a network threat and extracts key signatures corresponding to the threat. Specifically, our proposed scheme quantifies the degree of correspondence between a network threat and a signature using the LDA(Latent Dirichlet Allocation) algorithm. Obviously, a signature that has significant correspondence to the network threat can be utilized as an IDS rule for detection of the threat.