• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.4
• /
• pp.1471-1492
• /
• 2015

The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.5
• /
• pp.27-33
• /
• 2019

One of serious security threats is a botnet-based attack. A botnet in general consists of numerous bots, which are computing devices with networking function, such as personal computers, smartphones, or tiny IoT sensor devices compromised by malicious codes or attackers. Such botnets can launch various serious cyber-attacks like DDoS attacks, propagating mal-wares, and spreading spam e-mails over the network. To establish a botnet, attackers usually inject malicious URLs into web source codes stealthily by using data hiding methods like Javascript obfuscation techniques to avoid being discovered by traditional security systems such as Firewall, IPS(Intrusion Prevention System) or IDS(Intrusion Detection System). Meanwhile, it is non-trivial work in practice for software developers to manually find such malicious URLs which are hidden in numerous web source codes stored in web servers. In this paper, we propose a security defense system to discover such suspicious, malicious URLs hidden in web source codes, and present experiment results that show its discovery performance. In particular, based on our experiment results, our proposed system discovered 100% of URLs hidden by Javascript encoding obfuscation within sample web source files.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06c
• /
• pp.332-335
• /
• 2007

이메일은 누구나 쉽게 정보를 교환할 수 있는 편리함 때문에 인터넷에서 가장 중요한 수단으로 사용되고 있다. 그러나 순수한 의사소통의 수단이 아닌 스팸메일의 범람은 성인뿐만 아니라, 어린이 청소년에게도 무차별적으로 전송됨으로써 심각한 부작용을 낳고 있다. 본 논문은 점차 지능화 되는 신 유형의 음란 스팸메일로부터 청소년을 보호하기 위하여 새로운 방법의 음란메일 차단시스템을 제안하고자 한다. 기존의 스팸메일 차단시스템은 사용자가 직접 음란한 메일이라고 판단되는 메일에 대해 일일이 키워드를 설정하거나, 메일 내용 중에 텍스트만을 추출하여 패턴 매칭방법으로 분류하는 것이 대부분이었지만, 본 논문은 기존 방법의 문제점을 해결하기 위하여 이미지 내 Skin-Color분포의 Human Detection 알고리즘과 웹 로봇 에이전트의 하이퍼링크 분석기법을 사용하였다. 성능 측정결과, 형태소 분석과 Human Detection 알고리즘을 병합하여 적용한 경우 성능 측정에서 90% 정도의 F-measure를 보였지만, 추가적으로 웹 로봇 에이전트의 하이퍼링크 분석기법을 병합하여 적용한 경우 97% 이상의 F-measure를 보이며, 신뢰성이 높은 음란스팸메일 차단 시스템을 구현할 수 있다는 것을 증명하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.51-61
• /
• 2009

Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2878-2884
• /
• 2015

Twitter, one of online social network services, is one of the most popular micro-blogs, which generates a large number of automated programs, known as tweet bots because of the open structure of Twitter. While these tweet bots are categorized to legitimate bots and malicious bots, it is important to detect tweet bots since malicious bots spread spam and malicious contents to human users. In the conventional work, temporal information was utilized for the classficiation of human and bot. In this paper, by utilizing geo-tagged tweets that provide high-precision location information of users, we first identify both Twitter users' exact location. Then, we propose a new tweet bot detection algorithm by using both an entropy based on geographic variable of each user and device information of each user. As a main result, the proposed algorithm shows superior bot detection and false alarm probabilities over the conventional result which only uses temporal information.

• The Korean Journal of Applied Statistics
• /
• v.30 no.5
• /
• pp.681-690
• /
• 2017

Various imbalanced binary classification problems exist such as fraud detection in banking operations, detecting spam mail and predicting defective products. Several sampling methods such as over sampling, under sampling, SMOTE have been developed to overcome the poor prediction performance of binary classifiers when the proportion of one group is dominant. In order to overcome this problem, several sampling methods such as over-sampling, under-sampling, SMOTE have been developed. In this study, we investigate prediction performance of logistic regression, Lasso, random forest, boosting and support vector machine in combination with the sampling methods for binary imbalanced data. Four real data sets are analyzed to see if there is a substantial improvement in prediction performance. We also emphasize some precautions when the sampling methods are implemented.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.69-74
• /
• 2018

Recently, personal information leakage has caused phishing and spam. Previously developed systems focus on preventing personal information leakage. Therefore, there is a problem that the leakage of personal information can not be discriminated if there is already leaked personal information. In this paper, we propose a personal information hazard classification system based on web document analysis that calculates the hazard. The system collects web documents from the Twitter server and checks whether there are any user-entered search terms in the web documents. And we calculate the hazard classification weighting of the personal information leaked in the web documents and confirm the authority of the Twitter account that distributed the personal information. Based on this, the hazard can be derived and the user can be informed of the leakage of personal information of the web document.

• Database Research
• /
• v.34 no.3
• /
• pp.3-13
• /
• 2018

Text classification is one of the text mining technologies that classifies a given textual document into its appropriate categories and is used in various fields such as spam email detection, news classification, question answering, emotional analysis, and chat bot. In general, the text classification system utilizes machine learning algorithms, and among a number of algorithms, naïve Bayes and support vector machine, which are suitable for text data, are known to have reasonable performance. Recently, with the development of deep learning technology, several researches on applying deep neural networks such as recurrent neural networks (RNN) and convolutional neural networks (CNN) have been introduced to improve the performance of text classification system. However, the current text classification techniques have not yet reached the perfect level of text classification. This paper focuses on the fact that the text data is expressed as a vector only with the word dimensions, which impairs the semantic information inherent in the text, and proposes a neural network architecture based upon the semantic tensor space model.