• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.2
• /
• pp.301-308
• /
• 2017

With the popularization of smart phones and the development of the Internet, many people use smart phones to conduct identity verification procedures. smart phones are easier and faster to authenticate than personal desktop computers. However, as Internet hacking technology and malicious code distribution technology rapidly evolve and attack types become more diverse, authentication methods suitable for mobile environment are required. As authentication methods, there are methods such as possessive-based authentication, knowledge-based authentication, biometric-based authentication, pattern-based authentication, and multi-element authentication. In this paper, we propose a user authentication mechanism that uses collected information as authentication factor using smart phone. Using the proposed authentication mechanism, it is possible to use the smart phone information and environment information of the user as a hidden authentication factor, so that the authentication process can be performed without being exposed to others. We implemented the user authentication system using the proposed authentication mechanism and evaluated the effectiveness based on applicability, convenience, and security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.519-529
• /
• 2019

Nowadays, intelligent Android malware applies anti-analysis techniques to hide malicious behaviors and make it difficult for anti-virus vendors to detect its presence. Malware can use background components to hide harmful operations, use activity-alias to get around with automation script, or wipe the logcat to avoid forensics. During our study, several static analysis tools can not extract these hidden components like main activity, and dynamic analysis tools also have problem with code coverage due to partial execution of android malware. In this paper, we design and implement a system to analyze intelligent malware that uses anti-analysis techniques to improve detection rate of evasive malware. It extracts the hidden components of malware, runs background components like service, and generates all the intent events defined in the app. We also implemented a real-time logging system that uses modified logcat to block deleting logs from malware. As a result, we improve detection rate from 70.9% to 89.6% comparing other container based dynamic analysis platform with proposed system.

• Journal of Convergence Society for SMB
• /
• v.6 no.1
• /
• pp.17-23
• /
• 2016

Recently, Internet services via various devices including smartphone have become available. Because of the development of ICT, numerous hacking incidents have occurred and most of those attacks turned out to be APT attacks. APT attack means an attack method by which a hacker continues to collect information to achieve his goal, and analyzes the weakness of the target and infects it with malicious code, and being hidden, leaks the data in time. In this paper, we examine the information collection method the APT attackers use to invade the target system in a short time using big data, and we suggest and evaluate the countermeasure to protect against the attack method using big data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.869-882
• /
• 2012

With the growth of Web services and the development of web exploit toolkits, web-based malware has increased dramatically. Using Javascript Obfuscation, recent web-based malware hide a malicious URL and the exploit code. Thus, pattern matching for network intrusion detection systems has difficulty of detecting malware. Though various methods have proposed to detect Javascript malware on a users' web browser, the overall detection is needed to counter advanced attacks such as APTs(Advanced Persistent Treats), aimed at penetration into a certain an organization's intranet. To overcome the limitation of previous pattern matching for network intrusion detection systems, a novel deobfuscating method to handle obfuscated Javascript is needed. In this paper, we propose a framework for effective hidden malware detection through an automated deobfuscation regardless of advanced obfuscation techniques with overriding JavaScript functions and a separate JavaScript interpreter through to improve jsunpack-n.