• Journal of Digital Convergence
• /
• v.15 no.4
• /
• pp.285-293
• /
• 2017

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.458-460
• /
• 2021

The provision and application of public safety network in Korea is still insufficient for security response to the mobile app of public safety network in the stages of development, initial construction, demonstration, and initial service. The available terminals on the Disaster Safety Network (PS-LTE) are open, Android-based, dedicated terminals that potentially have vulnerabilities that can be used for a variety of mobile malware, requiring preemptive responses similar to FirstNet Certified in U.S and Google's Google Play Protect. In this paper, before listing the application service app on the public safety network mobile app store, we construct a data set for malicious and normal apps, extract features, select the most effective AI model, perform static and dynamic analysis, and analyze Based on the result, if it is not a malicious app, it is suggested to list it in the App Store. As it becomes essential to provide a service that blocks malicious behavior app listing in advance, it is essential to provide authorized authentication to minimize the security blind spot of the public safety network, and to provide certified apps for disaster safety and application service support. The safety of the public safety network can be secured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.145-154
• /
• 2014

In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.6
• /
• pp.1311-1326
• /
• 2010

Peer-to-peer (P2P) networks consume the most bandwidth in the current Internet and file sharing accounts for the majority of the P2P traffic. Thus it is important for a P2P file sharing application to be efficient in bandwidth consumption. Bandwidth consumption as much as downloaded file sizes is inevitable, but those in file search and bad downloads, e.g. wrong, corrupted, or malicious file downloads, are overheads. In this paper, we target to reduce these overheads even in the presence of high volume of malicious users and their bad files. Sybil attacks are the example of such hostile environment. Sybil attacker creates a large number of identities (Sybil nodes) and unfairly influences the system. When a large portion of the system is subverted, either in terms of the number of users or the number of files shared in the system, the overheads due to the bad downloads rapidly increase. We propose ELiSyR, a file search protocol that can tolerate such a hostile environment. ELiSyR uses social networks for P2P file search and finds benign files in 71% of searches even when more than half of the users are malicious. Furthermore, ELiSyR provides similar success with less bandwidth than other general efforts against Sybil attacks. We compare our algorithm to SybilGuard, SybilLimit and EigenTrust in terms of bandwidth consumption and the likelihood of bad downloads. Our algorithm shows lower bandwidth consumption, similar chances of bad downloads and fairer distribution of computation loads than these general efforts. In return, our algorithm takes more rounds of search than them. However the time required for search is usually much less than the time required for downloads, so the delay in search is justifiable compared to the cost of bad downloads and subsequent re-search and downloads.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.499-505
• /
• 2014

According to the increasing use of smart devices such as smart phones and tablets, the service that targets mobile office, finance and e-government for convenience of usage and productivity has emerged significantly. As a result, important information is treated with the smart devices and also, the malicious activity that targets smart devices is increasing steadily. In particular, the damage case by harmful sites, malware distribution sites and phishing sites that targets smart devices has occurred steadily and it has emerged as a social issue. In the case of smart devices, the Android platform is occupied the 90% in Korea, 2013 therefore the method of device block level is required to resolve the social issues of smart devices. In this paper, we propose a method that can be effectively blocked when you try to access an illegal site to Web browser on the Android platform and develop the application and also analyze the wrong site block function.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.53-58
• /
• 2018

MANET transmits data by hop-by-hop method because it is composed of mobile nodes without support of any infrastructure. Its structure is very similar to a block chain. However, it is exposed to various threats such as data tampering or destruction by malicious nodes because of transmission method. So, ensuring the integrity of transmitted data is an important complement to MANET. In this paper, we propose a method to apply the block chain technique in order to protect the reliability value of the nodes consisting the network from malicious nodes. For this, hierarchical structure of a cluster type is used. Only cluster head stores the reliability information of the nodes in a block and then, this can be spread. In addition, we applied block generation difficulty automatic setting technique using the number of nodes selecting cluster head and the reliability of cluster head to prevent the spread of wrong blocks. This can prevent block generation and spread by malicious nodes. The superior performance of the proposed technique can be verified by comparing experiments with the SAODV technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.89-98
• /
• 2007

We have come a long way in the information age. Thanks to the advancement of such technologies as the internet, we have discovered new ways to convey information on a broader scope. However, negative aspects exist as is with anything else. These may include invasion of privacy over the web, or identity theft over the internet. What is more alarming is that malwares so called 'maliciouscodes' are rapidly spreading. Its intent is very destructive which can result in hacking, phishing and as aforementioned, one of the most disturbing problems on the net, invasion of privacy. This thesis describes the technology of how you can effectively analyze and detect these kind of malicious codes. We propose sequencial hybrid analysis for API calls that are hooked inside user-mode and kernel-level of Windows. This research explains how we can cope with malicious code more efficiently by abstracting malicious function signature and hiding attribute.

• Journal of Positioning, Navigation, and Timing
• /
• v.12 no.4
• /
• pp.437-445
• /
• 2023

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)'s standard documents, former U.S. President Trump's executive orders, and presents risk management activities. This paper also explores cybersecurity's tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.4
• /
• pp.1529-1547
• /
• 2015

Establishment of trust is important in wireless sensor networks for security enhancement and successful collaboration. Basically, a node establishes trust with other nodes by estimating a trust value based on monitored behavior of the other nodes. Since a malicious/misbehaving node might launch different attack strategies and might demonstrate random misbehavior, a trust estimation method should be robust against such attacks and misbehavior. Otherwise, the operation of trust establishment will be meaningless, and performance of an application that runs on top of trust establishment will degrade. In this paper, we propose a robust and novel trust estimation method. Unlike traditional trust estimation methods, we consider not only the weight of misbehavior but also the frequency of misbehavior. The frequency-of-misbehavior component explicitly demonstrates how frequently a node misbehaves during a certain observed time period, and it tracks the behavior of nodes more efficiently, which is a main factor in deriving an accurate trust value. In addition, the weight of misbehavior is comprehensively measured to mitigate the effect of an on-off attack. Frequency and weight of misbehavior are comprehensively combined to obtain the trust value. Evaluation results show that the proposed method outperforms other trust estimation methods under different attacks and types of misbehavior.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.217-226
• /
• 2005

In today's cyberworld, network performance is affected not only by an increased demand for legitimate content request, but also by an increase in malicious activity. In this Paper, we research that network performance was affected by an increase in malicious Hacker who make DoS Attack, DDoS Attack, SYN Flooding, IP Spoofing, etc. in using TCP/IP. We suggest that Packet filtering in Network Level, Gateway Level, Application Level against to Protect by Hacker's attack. Also, we suggest that content distribution in Web Server approaches to mitigate Hacker's activity using Cache Sever, Mirror Sever, CDN. These suggests are going to use useful Protection methode of Hacker's attack.