• Proceedings of the Korean Society of Computer Information Conference
• /
• 2014.07a
• /
• pp.365-367
• /
• 2014

최근 웹 서비스의 증가와 악성코드는 그 수를 판단 할 수 없을 정도로 빠르게 늘어나고 있다. 매년 늘어나는 악성코드는 금전적 이윤 추구가 악성코드의 주된 동기가 되고 있으며 이는 공공기관 및 보안 업체에서도 악성코드를 탐지하기 위한 연구가 활발히 진행되고 있다. 본 논문에서는 실시간으로 패킷을 분석할수 있는 필터링과 웹 크롤링을 통해 도메인 및 하위 URL까지 자동적으로 탐지할 수 있는 악성코드 탐지 시스템을 제안한다.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.52-56
• /
• 2021

There is no assurance that malware could only cause virtual damage to computer programs and data as its potential is endless. However, legal provisions were earlier developed to cater to either a physical damage caused by a physical action or a virtual damage caused by a virtual action. When crossovers occur, it becomes quite uncertain as to how viable the current laws are in handling this matter. The author seeks to address the issue from the perspective of the laws of Malaysia.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.2
• /
• pp.47-54
• /
• 2015

The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.8
• /
• pp.1457-1471
• /
• 2011

A method to detect Trojan horses in messaging and Bluetooth in mobile phones by means of monitoring the events produced by the infections is presented in this paper. The structure of the detection approach is split into two modules: the first is the Monitoring module which controls connection requests and sent/received files, and the second is the Graphical User module which shows messages and, under suspicious situations, reports the user about a possible malware. Prototypes have been implemented on different mobile operating systems to test its feasibility on real cellphone malware. Experimental results are shown to be promising since this approach effectively detects various known malware.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.304-306
• /
• 2016

In the recent years ransomware has become one of the most popular malware used by criminals. This particular type of malware is notorious for locking users' data or systems and unscrambling it only after the victims pay a fee. With more and more individuals, companies and public agencies being targeted and the ransom being as high as $17,000, the need for countermeasures against this kind of malware is greater than ever. This paper explores how the malware infects and encrypts its victims. Then, it suggests mitigation techniques based on how the ransomware spreads, making special emphasis on countermeasures in order to protect end-users.

• ETRI Journal
• /
• v.42 no.6
• /
• pp.965-975
• /
• 2020

This paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously independent devices are becoming accessible through new hardware and software attack vectors, and the existing taxonomies governing the development and deployment of honeypots are inadequate for evolving malicious programs and their variants. Malware-propagation and compromise methods are highly automated and repetitious. These automated and repetitive characteristics can be exploited by using embedded reinforcement learning within a honeypot. A honeypot for automated and repetitive malware (HARM) can be adaptive so that the best responses may be learnt during its interaction with attack sequences. HARM deployments can be agile through periodic policy evaluation to optimize redeployment. The necessary enhancements for adaptive, agile honeypots require a new development and deployment framework.

• International journal of advanced smart convergence
• /
• v.11 no.3
• /
• pp.23-27
• /
• 2022

In this paper, we explore a new type of Android evasive malware based on the Sequential Probability Ratio Test (SPRT) that does not perform malicious task when it discerns that dynamic analyzer is input generator. More specifically, a new type of Android evasive malware leverages the intuition that dynamic analyzer provides as many inputs within a certain amount of time as possible to Android apps to be tested, while human users generally provide necessary inputs to Android apps to be used. Under this intuition, it harnesses the SPRT to discern whether dynamic analyzer runs in Android system or not in such a way that the number of inputs per time slot exceeding a preset threshold is regarded as evidence that inputs are provided by dynamic analyzer, expediting the SPRT to decide that dynamic analyzer operates in Android system and evasive malware does not carry out malicious task.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.172-180
• /
• 2022

Crypto-mining malware (known as crypto-jacking) is a novel cyber-attack that exploits the victim's computing resources such as CPU and GPU to generate illegal cryptocurrency. The attacker get benefit from crypto-jacking by using someone else's mining hardware and their electricity power. This research focused on the possibility of detecting the potential crypto-mining malware in an environment by analyzing both static and dynamic approaches of deep learning. The Program Executable (PE) files were utilized with deep learning methods which are Long Short-Term Memory (LSTM). The finding revealed that LTSM outperformed both SVM and RF in static and dynamic approaches with percentage of 98% and 96%, respectively. Future studies will focus on detecting the malware using larger dataset to have more accurate and realistic results.

• Journal of Internet Computing and Services
• /
• v.24 no.1
• /
• pp.17-26
• /
• 2023

A smart city is a massive internet of things (IoT) environment, where all terminal devices are connected to a network to create and share information. In accordance with massive IoT environments, millions of IoT devices are connected, and countless data are generated in real time. However, since heterogeneous IoT devices are used, collecting the logs for each IoT device is difficult. Due to these issues, when an IoT device is invaded or is engaged in malicious behavior, such as infection with malware, it is difficult to respond quickly, and additional damage may occur due to information leakage or stopping the IoT device. To solve this problem, in this paper, we propose identifying the attack technique used for initial access to IoT devices through MITRE ATT&CK, collect the logs that can be generated from the identified attack technique, and use them to identify the cause of malware infection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.294-297
• /
• 2024

Malware detection has become increasingly critical with the proliferation of end devices. To improve detection rates and efficiency, the research focus in malware detection has shifted towards leveraging machine learning and deep learning approaches. This shift is particularly relevant in the context of the widespread adoption of end devices, including smartphones, Internet of Things devices, and personal computers. Machine learning techniques are employed to train models on extensive datasets and evaluate various features, while deep learning algorithms have been extensively utilized to achieve these objectives. In this research, we introduce TabNet, a novel architecture designed for deep learning with tabular data, specifically tailored for enhancing malware detection techniques. Furthermore, the Synthetic Minority Over-Sampling Technique is utilized in this work to counteract the challenges posed by imbalanced datasets in machine learning. SMOTE efficiently balances class distributions, thereby improving model performance and classification accuracy. Our study demonstrates that SMOTE can effectively neutralize class imbalance bias, resulting in more dependable and precise machine learning models.