• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.871-883
• /
• 2014

New types of attacks that mainly compromise the public, portal and financial websites for the purpose of economic profit or national confusion are being emerged and evolved. In addition, in case of 'drive by download' attack, if a host just visits the compromised websites, then the host is infected by a malware. Website falsification detection system is one of the most powerful solutions to cope with such cyber threats that try to attack the websites. Many domestic CERTs including NCSC (National Cyber Security Center) that carry out security monitoring and response service deploy it into the target organizations. However, the existing techniques for the website falsification detection system have practical problems in that their time complexity is high and the detection accuracy is not high. In this paper, we propose website falsification detection system based on image and code analysis for improving the performance of the security monitoring and response service in CERTs. The proposed system focuses on improvement of the accuracy as well as the rapidity in detecting falsification of the target websites.

• The KIPS Transactions:PartC
• /
• v.19C no.3
• /
• pp.185-190
• /
• 2012

The recent trends in malwares show the most widely used for the distribution of malwares that the targeted computer is infected while the user is accessing to the website, without being aware of the fact that, in which the harmful codes are concealed. In this thesis, we propose a new malicious web page detection system based on a real time analysis of normal/abnormal behaviors in client-side. By means of this new approach, it is not only the limitation of conventional methods can be overcome, but also the risk of infection from malwares is mitigated.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.37 no.3
• /
• pp.57-68
• /
• 2012

The recent proliferation of various smart devices like the smartphone, tablet PC, and smart TV enables consumers to download various applications from the network and to access private files stored in their desktop server at any time and at any place. The trend of ubiquitous access seems to have become stronger and more diversified toward a ubiquitous network computing environment with the aggressive deployment of commercial cloud services. Recently, many Korean network service providers launched commercial B2C public cloud services, which were widely adopted by smart device users. They include Daum cloud, N drive, ucloud, and uplus box, mostly provided by major Korean telecom companies and portals. This paper aims to explore consumers' adoption behaviors toward the B2C public cloud services that were recently deployed in the Korean market. In order to achieve the goal, we identified key influencing factors that affect the consumers' adoption behaviors, based on an extension of the technology acceptance model (TAM). Several hundred smart device users were surveyed to test the generic regression model with the extended set of TAM variables.

• Journal of KIISE
• /
• v.45 no.1
• /
• pp.1-8
• /
• 2018

Recently, distribution of malicious codes using the Internet has been one of the most serious cyber threats. Technology of malicious code distribution with detection bypass techniques has been also developing and the research has focused on how to detect and analyze them. However, obfuscated malicious JavaScript is almost impossible to detect, because the existing malicious code distributed web page detection system is based on signature and another limitation is that it requires constant updates of the detection patterns. We propose to overcome these limitations by means of an intelligent malicious code distributed web page detection system using a real browser that can analyze and detect intelligent malicious code distributed web sites effectively.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.5
• /
• pp.223-229
• /
• 2017

This paper proposes the Global Clipboard System and presents a preliminary study on it. The clipboard is a temporary storage used to copy and paste some contents between application programs in Windows Operating System. The proposed Global Clipboard is a contents delivery system that extends the concept of the existing local clipboard to Internet. The Global Clipboard System operates in two steps. An application user can upload selected contents to the Global Clipboard by typing consecutive keys of Ctrl-C and Ctrl-Shift-C easily. And other users can download and utilize the contents from the Global Clipboard by typing Ctrl-Shift-V and Ctrl-V keys consecutively. The proposed Global Clipboard can deal almost data like simple texts, screen capture images, files, and directories. In this paper, we developed a global clipboard server, a Windows application, and an Android application. We have conducted experiments about functions of the Global Clipboard and also compared delay times between 4 applications such as e-mail, Kakao, Google Drive, and the Global Clipboard. The results of the evaluation show that the time delay spending in sending and receiving contents is shortest when the Global Clipboard is used.

• Journal of Convergence for Information Technology
• /
• v.8 no.1
• /
• pp.139-145
• /
• 2018

Ransomeware is a kind of malware. Computers infected with Ransomware have limited system access. It is a malicious program that must provide a money to the malicious code maker in order to release it. On May 12, 2017, with the largest Ransomware attack ever, concerns about the Internet security environment are growing. The types of Ransomware and countermeasures to prevent cyber terrorism are discussed. Ransomware, which has a strong infectious nature and has been constantly attacked in recent years, is typically in the form of Locky, Petya, Cerber, Samam, and Jigsaw. As of now, Ransomware defense is not 100% free. However, it can counter to Ransomware through automatic updates, installation of vaccines, and periodic backups. There is a need to find a multi-layered approach to minimize the risk of reaching the network and the system. Learn how to prevent Ransomware from corporate and individual users.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.11
• /
• pp.127-133
• /
• 2014

In order to protect information asset from various malicious code, Honeypot system is implemented. Honeypot system is designed to elicit attacks so that internal system is not attacked or it is designed to collect malicious code information. However, existing honeypot system is designed for the purpose of collecting information, so it is designed to induce inflows of attackers positively by establishing disguised server or disguised client server and by providing disguised contents. In case of establishing disguised server, it should reinstall hardware in a cycle of one year because of frequent disk input and output. In case of establishing disguised client server, it has operating problem such as procuring professional labor force because it has a limit to automize the analysis of acquired information. To solve and supplement operating problem and previous problem of honeypot's hardware, this thesis suggested hybrid honeypot. Suggested hybrid honeypot has honeywall, analyzed server and combined console and it processes by categorizing attacking types into two types. It is designed that disguise (inducement) and false response (emulation) are connected to common switch area to operate high level interaction server, which is type 1 and low level interaction server, which is type 2. This hybrid honeypot operates low level honeypot and high level honeypot. Analysis server converts hacking types into hash value and separates it into correlation analysis algorithm and sends it to honeywall. Integrated monitoring console implements continuous monitoring, so it is expected that not only analyzing information about recent hacking method and attacking tool but also it provides effects of anticipative security response.