• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.366-367
• /
• 2015

최근 악성코드의 유포 동향을 살펴보면 APT 공격이 많다. 본 논문에서는 악성코드 은닉사이트를 통하여 악성코드가 유포되는 과정과 그 과정에서 공격자가 침투하는 경로나 대표적인 취약점들에 대하여 설명하고 그에 대한 대응책에 대하여 논하고자 한다.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.305-313
• /
• 2018

With the explosive growth of smart phones and efficiency, the Android of an open mobile operating system is gradually increasing in the use and the availability. Android systems has proven its availability and stability in the mobile devices, the home appliances's operating systems, the IoT products, and the mechatronics. However, as the usability increases, the malicious code based on Android also increases exponentially. Unlike ordinary PCs, if malicious codes are infiltrated into mobile products, mobile devices can not be used as a lock and can be leaked a large number of personal contacts, and can be lead to unnecessary billing, and can be cause a huge loss of financial services. Therefore, we proposed a method to detect and delete malicious files in real time in order to solve this problem. In this paper, we also designed a method to detect and delete malicious codes in a more effective manner through the process of installing Android-based applications and signature-based malicious code detection method. The method we proposed and designed can effectively detect malicious code in a limited resource environment, such as mobile environments.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.12
• /
• pp.1003-1007
• /
• 2009

Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.

• Journal of Convergence Society for SMB
• /
• v.5 no.4
• /
• pp.37-42
• /
• 2015

Due to the advance of ICT, a variety of attacks have been developing and active. Recently, APT attacks using malicious codes have frequently occurred. Advanced Persistent Threat means that a hacker makes different security threats to attack a certain network of a company or an organization. Exploiting malicious codes or weaknesses, the hacker occupies an insider's PC of the company or the organization and accesses a server or a database through the PC to collect secrets or to destroy them. The paper suggested a countermeasure to cope with APT attacks through an APT attack process. It sought a countermeasure to delay the time to attack taken by the hacker and suggested the countermeasure able to detect and remove APT attacks.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.43-50
• /
• 2013

File identification and analysis is an important process of computer forensics, since the process determines which subjects are necessary to be collected and analyzed as digital evidence. An efficient file classification aids in the file identification, especially in case of copyright infringement where we often have huge amounts of files. A lot of file classification methods have been proposed by far, but they have mostly focused on classifying malicious behaviors based on known information. In copyright infringement cases, we need a different approach since our subject includes not only malicious codes, but also vast number of normal files. In this paper, we propose an efficient file classification method that relies on undocumented information in the header of the PE format files. Out method is useful in copyright infringement cases, being applied to any sort of PE format executable file whether the file is malicious, packed, mutated, transformed, virtualized, obfuscated, or not.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.10
• /
• pp.4661-4680
• /
• 2016

Cognitive radio (CR) technology is an effective solution to the spectrum scarcity issue. Collaborative spectrum sensing is known as a promising technique to improve the performance of spectrum sensing in cognitive radio networks (CRNs). However, collaborative spectrum sensing is vulnerable to spectrum data falsification (SSDF) attack, where malicious users (MUs) may send false sensing data to mislead other secondary users (SUs) to make an incorrect decision about primary user (PUs) activity, which is one of the key adversaries to the performance of CRNs. In this paper, we propose a coalition based malicious users detection (CMD) algorithm to detect the malicious user in CRNs. The proposed CMD algorithm can efficiently detect MUs base on the Geary'C theory and be modeled as a coalition formation game. Specifically, SSDF attack is one of the key issues to affect the resource allocation process. Focusing on the security issues, in this paper, we analyze the power allocation problem with MUs, and propose MUs detection based power allocation (MPA) algorithm. The MPA algorithm is divided into two steps: the MUs detection step and the optimal power allocation step. Firstly, in the MUs detection step, by the CMD algorithm we can obtain the MUs detection probability and the energy consumption of MUs detection. Secondly, in the optimal power allocation step, we use the Lagrange dual decomposition method to obtain the optimal transmission power of each SU and achieve the maximum utility of the whole CRN. Numerical simulation results show that the proposed CMD and MPA scheme can achieve a considerable performance improvement in MUs detection and power allocation.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.59-67
• /
• 2006

Recently the Personal Computer hacking and game hacking for the purpose of gaining an economic profit is increased in Windows system. Malicious code often uses methods which inject dll or code into memory in target process for using covert channel for communicating among them, bypassing secure products like personal firewalls and obtaining sensitive information in system. This paper analyzes the technique for injecting and executing code into memory area in target process. In addition, this analyzes the PE format and IMPORT table for extracting injected dll in running process in affected system and describes a method for extracting and analyzing explicitly loaded dll files related with running process. This technique is useful for finding and analyzing infected processes in affected system.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.1-9
• /
• 2021

Traditionally, most malicious codes have been analyzed using feature information extracted by domain experts. However, this feature-based analysis method depends on the analyst's capabilities and has limitations in detecting variant malicious codes that have modified existing malicious codes. In this study, we propose a ResNet-Variational AutoEncder-based variant malware classification method that can classify a family of variant malware without domain expert intervention. The Variational AutoEncoder network has the characteristics of creating new data within a normal distribution and understanding the characteristics of the data well in the learning process of training data provided as input values. In this study, important features of malicious code could be extracted by extracting latent variables in the learning process of Variational AutoEncoder. In addition, transfer learning was performed to better learn the characteristics of the training data and increase the efficiency of learning. The learning parameters of the ResNet-152 model pre-trained with the ImageNet Dataset were transferred to the learning parameters of the Encoder Network. The ResNet-Variational AutoEncoder that performed transfer learning showed higher performance than the existing Variational AutoEncoder and provided learning efficiency. Meanwhile, an ensemble model, Stacking Classifier, was used as a method for classifying variant malicious codes. As a result of learning the Stacking Classifier based on the characteristic data of the variant malware extracted by the Encoder Network of the ResNet-VAE model, an accuracy of 98.66% and an F1-Score of 98.68 were obtained.

• Journal of Communications and Networks
• /
• v.9 no.1
• /
• pp.56-66
• /
• 2007

Mobile ad-hoc networks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. In this paper, we propose a novel approach to address these problems. With the proposed technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. As a result, overall network performance is greatly enhanced. This approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost.

• Journal of Advanced Navigation Technology
• /
• v.14 no.6
• /
• pp.838-844
• /
• 2010

This paper introduces Stuxnet, a malicious ware that presently stimulates severity of the cyber warfare worldwide, analyses how it propagates and what it affects if infected and proposes a process to cure infected systems according to its organization. Malicious wares such as Stuxnet secretes themselves within the system during propagation and it is required to analyze file hiding techniques they use to detect and remove them. According to the result of the analysis in this paper, Stuxnet uses the library hooking technique and the file system filter driver technique on both user level and kernel level, respectively, to hide its files. Therefore, this paper shows the results of the Stuxnet's file hiding approach and proposes an idea for countermeasure to neutralize it. A pilot implementation of the idea afterward shows that the stealthing techniques of Stuxnet are removed by the implementation.