• Journal of IKEEE
• /
• v.9 no.2 s.17
• /
• pp.108-114
• /
• 2005

While E-mail has become an important way of communications in IT societies, it creates various social problems due to increase of spam mails. Even though many organizations and corperations have been doing researches to develop spam mail blocking technologies, more cost and system complexities are required because of varieties of blocking technologies. In case of adopting spam blocking technologies, system reliability largely relies on the False-positive error rate with the order of employing spam blocking filters. In this paper, a False-positive mail recovery technique based on privacy information is proposed and implemented in order to improve the reliability of spam locking filters. Through the implemented prototype, recovery procedure for False-positive mails is verified and the results are summarized and analyzed.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.70-72
• /
• 2002

전자우편(E-Mail)은 아주 편리한 통신수단이지만, 무분별한 광고성 스팸메일(Spam-Mail)의 침입과 무단으로 타인의 메일을 가로채거나 변조할 수 있기 때문에 메일의 신뢰성이 문제가 되고 있다. 본 연구에서는 이와 같은 문제를 해결하기 위하여 메일의 제목과 내용의 문자열을 분석하여 자동으로 스팸메일을 구분할 뿐만 아니라 보안도구인PGP(Pretty Good Privacy)를 이용하여 메일을 암호화하고 인증하여 근본적으로 스팸메일을차단하는 시스템을 개발한다.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.143-151
• /
• 2005

As the internet and I-commerce have been developing. a novel method for marketing is needed. A new advertisement using E-mail is becoming popular, because it has characteristics with low costs and relative efficiency. However. as the spam mails are increasing rapidly, mail service companies and users are deeply damaged in their mind and economically. In this paper, we design a hierarchical spam mail blocking policy through cooperation of all the participants-user, administrator, ISP to cut off the spam mail efficiently and Propose an efficient model to block and manage the spam mails based on the Policy. Also we prove the efficiencies and effectiveness of the proposed model through evaluation process .

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1043-1046
• /
• 2003

정보화 사회가 도래하고 우편이나 통신체계도 물리적인 공간에서 인터넷(Internet)이라는 가상 공간으로 점차 옮겨져 광범위하게 사용되고 있다. 전자우편의 중요성이 대두되면서 스팸 메일 (Spam-Mail)로 인한 여러 가지 피해들이 속출하고 있다 특히, 많은 사람들이 성인광고 스팸메일로 인해 상당히 곤혹스러운 경우를 경험을 하고 있다. 본 논문에서는 PGP(Pretty Good Privacy)의 개념을 이용해서 사용자 인증(User Authentication) 기능을 수행하고, 인증되지 않는 사용자가 보낸 메일에 대해서는 텍스트 분석뿐만이 아니라 이미지와 동영상을 처리해서 성인광고 메일 여부를 판단하는 메일 시스템을 제안한다. 우리의 조사에 의하면, 성인광고메일을 차단하는 메일시스템에 관한 연구는 거의 발표되지 않고 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.568-570
• /
• 2005

인터넷의 급속한 성장으로 인터넷과 E-mail의 사용자가 증가하게 되면서, E-mail은 많은 사람들이 정보를 주고 받는 대표적인 통신수단의 하나로 자리 잡게 되었다. 그러나, 편리하고 비용이 거의 들지 않기 때문에 개인이나 업체들의 광고 수단으로 악용되고 있으며, 이에 따라 스팸 메일로 인한 시간과 비용의 낭비가 크게 증가하고 있다. 본 논문에서는 메시지 규칙에 기반을 둔 필터링 방식이 아닌 동보 전송 형태의 스팸 메일을 차단할 수 있는 방법을 연구한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.1981-1984
• /
• 2003

최근에 유포되고 있는 악의적인 소프트웨어로 Melissa와 Love letter와 같은 전자우편 바이러스가 있는데, 이들은 단순히 전자우편을 열기 만해도 메일 주소록에 등록된 모든 사용자에게 자신을 유포함으로써 막대한 피해를 유발시킨다 본 논문에서는 메일 주소 변형모듈 및 복원모듈을 전자우편 송신부에 추가 도입함으로써 전자우편 바이러스에 의한 바이러스 전파를 차단하는 시스템을 제안한다. 변형모듈은 송신자 행위에 의해서만 수행되어 수신자의 메일 주소를 변형하며, 복원모듈은 송신부의 서버 단에서 전자우편 전송 시마다 수행되어 역변형 과정을 거쳐 메일 주소를 복구한다. 변형모듈은 전자우편 바이러스에 의해서는 실행되지 않도록 구현되며, 전자우편 수신부에서는 추가로 하는 작업이 전혀 없다. 제안한 시스템에서는 새로운 전자우편 바이러스 공격에 대응하기 위해서, 다형성(polymorphism) 기법도 적용한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.835-846
• /
• 2020

BEC (Business Email Compromise) attacks are frequently occurring by impersonating accounts or management through e-mail and stealing money or sensitive information. This type of attack accounts for the largest portion of the recent trade fraud, and the FBI estimates that the estimated amount of damage in 2019 is about $17 billion. However, if you look at the response status of the companies compared to this, it relies on the traditional SPAM blocking system, so it is virtually defenseless against the BEC attacks that social engineering predominates. To this end, we will analyze the types and methods of BEC accidents and propose ways to effectively counter BEC attacks by companies through AI(Artificial Intelligence).

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.3-17
• /
• 2021

Advanced persistent threat (APT) attacks are attacks aimed at a particular entity as a set of latent and persistent computer hacking processes. These APT attacks are usually carried out through various methods, including spam mail and disguised banner advertising. The same name is also used for files, since most of them are distributed via spam mail disguised as invoices, shipment documents, and purchase orders. In addition, such Infostealer attacks were the most frequently discovered malicious code in the first week of February 2021. CDR is a 'Content Disarm & Reconstruction' technology that can prevent the risk of malware infection by removing potential security threats from files and recombining them into safe files. Gartner, a global IT advisory organization, recommends CDR as a solution to attacks in the form of attachments. There is a program using CDR techniques released as open source is called 'Dangerzone'. The program supports the extension of most document files, but does not support the extension of HWP files that are widely used in Korea. In addition, Gmail blocks malicious URLs first, but it does not block malicious URLs in mail systems such as Naver and Daum, so malicious URLs can be easily distributed. Based on this problem, we developed a 'Dangerzone' program that supports the HWP extension to prevent APT attacks, and a Chrome extension that performs URL checking in Naver and Daum mail and blocking banner ads.