• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.26-37
• /
• 2021

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.197-212
• /
• 2020

With the advent of virtual currency and electronic wallets creating a way to make financial gains based on anonymity, malicious code dissemination using malicious mail has continued to increase. In order to minimize the damage, the human factors, security awareness and the ability to respond, which are technical factors, should be improved evenly, which can be improved through malicious mail training. This study presented a model considering the performance of malicious mail training, such as practice. It was classified as a training for enhancing awareness of security for employees and detection and response to improve their ability to respond to malicious mail. A training system suitable for the purpose, the core functions of malware training, implementation and camouflage skills, and bypass techniques were described. Based on the above model, the training data conducted over three years were collected and the effectiveness of the training was studied through analysis of the results according to the number of training sessions, training themes and camouflage techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.107-122
• /
• 2015

Many defensive mechanisms have been evolved as new attack methods are developed. However, APT attacks using e-mail are still hard to detect and prevent. Recently, many organizations in the government sector or private sector have been hacked by malicious e-mail based APT attacks. In this paper, first, we built hacking e-mail database based on the real e-mail data which were used in attacks on the Korean government organizations in recent years. Then, we extracted features from the hacking e-mails for profiling them. We design a case vector that can describe the specific characteristics of hacking e-mails well. Finally, based on case based reasoning, we made an algorithm for retrieving the most similar case from the hacking e-mail database when a new hacking e-mail is found. As a result, hacking e-mails have common characteristics in several features such as geo-location information, and these features can be used for classifying benign e-mails and malicious e-mails. Furthermore, this proposed case based reasoning algorithm can be useful for making a decision to analyze suspicious e-mails.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.93-101
• /
• 2009

This paper proposes the detection method of spreading mails which hacker injects malicious codes to steal the information. And I developed the 'Analysis model' which is decoding traffics when hacker's encoding them to steal the information. I researched 'Methodology of intrusion detection techniques' in the computer network monitoring. As a result of this simulation, I developed more efficient rules to detect the PCs which are infected malicious codes in the hacking mail. By proposing this security policy which can be applicable in the computer network environment including every government or company, I want to be helpful to minimize the damage by hacking mail with malicious codes.

• Journal of IKEEE
• /
• v.25 no.4
• /
• pp.672-678
• /
• 2021

New malware continues to increase and become advanced by every year. Although various studies are going on executable files to diagnose malicious codes, it is difficult to detect attacks that internalize malicious code threats in emails by exploiting non-executable document files, malicious URLs, and malicious macros and JS in documents. In this paper, we introduce a method of analyzing malicious code for email security through proactive detection and blocking of malicious email attacks, and propose a method for determining whether a non-executable document file is malicious based on AI. Among various algorithms, an efficient machine learning modeling is choosed, and an ML workflow system to diagnose malicious code using Kubeflow is proposed.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.338-340
• /
• 2003

Certified E-mail 프로토콜은 공정한 교환(fair exchange)을 보장하기 위하여 신뢰된 제 3자 (Trusted Third Party, TTP)톨 사용한다. 그러므로, Certified E-mail을 사용하는 유저들은 원격지의 TTP를 완전히 신뢰(fully-trust)해야 한다. 만약 TTP가 훼손되거나 유저와 공모하여 악위적인 행동을 한다면 Certified E-mail 프로토콜의 공정성(fairness)은 붕괴된다. 본 논문에서는 Threshold secret sharing을 사용하여 TTP의 신뢰성을 분산시킨 강건한 Certified E-mail 프로토콜을 제안한다. 분산된 TTP(Distributed TTP, DTTP)를 사용하므로써 유저가 공모하는 악위적인(malicious) TTP에 대한 공격을 막을 수 있으며 어느 한 DTTP가 훼손되더라도 전체 프로토콜에 영향을 주지 못한다.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.361-368
• /
• 2005

Internet mail has become a common communication method around the world because of tremendous Internet service usage increment. In other respect, Most Internet users' mail addresses are exposed to spammer, and the damage of Junk mail is growing bigger and bigger. These days, Junk mail delivery problem is becoming more serious, because this is used for an attack or propagation scheme of malicious code. It's a most dangerous dominant cause for computer system accident. This paper shows the Junk mail filtering model and implementation which is based on FQDN (Fully Qualified Domain Name) check and evaluates it for proposing advanced scheme against Junk mail.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.183-189
• /
• 2008

E-mail's role has been increased due to its merit which is sending demanded information in real-time anywhere, anytime. However, Today's E-mail security threats have being changed intelligently to attack against the specific agency. The threat is a limit to respond. Therefore precise definition and development of security technology is needed to analyze changing environment and technologies of e-mail so that remove fundamental security threat. we proposed Next Generation E-mail System Security Structure and the Next Generation fusion System using authentication As a result, in this study, we development of Next Generation E-mail System Security Structure. This system can protect E-mail user from social engineering hacking technique, spam, virus, malicious code and fabrication.