• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.835-846
• /
• 2020

BEC (Business Email Compromise) attacks are frequently occurring by impersonating accounts or management through e-mail and stealing money or sensitive information. This type of attack accounts for the largest portion of the recent trade fraud, and the FBI estimates that the estimated amount of damage in 2019 is about $17 billion. However, if you look at the response status of the companies compared to this, it relies on the traditional SPAM blocking system, so it is virtually defenseless against the BEC attacks that social engineering predominates. To this end, we will analyze the types and methods of BEC accidents and propose ways to effectively counter BEC attacks by companies through AI(Artificial Intelligence).

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of Internet Computing and Services
• /
• v.18 no.6
• /
• pp.35-46
• /
• 2017

Recently, attackers using malicious code in cyber security have been increased by attaching malicious code to a mail and inducing the user to execute it. Especially, it is dangerous because it is easy to execute by attaching a document type file. The author analysis is a research area that is being studied in NLP (Neutral Language Process) and text mining, and it studies methods of analyzing authors by analyzing text sentences, texts, and documents in a specific language. In case of attack mail, it is created by the attacker. Therefore, by analyzing the contents of the mail and the attached document file and identifying the corresponding author, it is possible to discover more distinctive features from the normal mail and improve the detection accuracy. In this pager, we proposed IADA2(Intelligent Attack mail Detection based on Authorship Analysis) model for attack mail detection. The feature vector that can classify and detect attack mail from the features used in the existing machine learning based spam detection model and the features used in the author analysis of the document and the IADA2 detection model. We have improved the detection models of attack mails by simply detecting term features and extracted features that reflect the sequence characteristics of words by applying n-grams. Result of experiment show that the proposed method improves performance according to feature combinations, feature selection techniques, and appropriate models.

• Journal of Advanced Navigation Technology
• /
• v.13 no.3
• /
• pp.419-425
• /
• 2009

The amount of incoming e-mails is increasing rapidly due to the wide usage of Internet. Therefore, it is more required to classify incoming e-mails efficiently and accurately. Currently, the e-mail classification techniques are focused on two way classification to filter spam mails from normal ones based mainly on Bayesian and Rule. The clustering method has been used for the multi-way classification of e-mails. But it has a disadvantage of low accuracy of classification and no category labels. The classification methods have a disadvantage of training and setting of category labels by user. In this paper, we propose a novel multi-way e-mail hierarchy classification method that uses PCA for automatic category generation and dynamic category hierarchy for high accuracy of classification. It classifies a huge amount of incoming e-mails automatically, efficiently, and accurately.

• Journal of Internet Computing and Services
• /
• v.20 no.1
• /
• pp.1-10
• /
• 2019

Since big-data text mining extracts many features and data, clustering and classification can result in high computational complexity and low reliability of the analysis results. In particular, a term document matrix obtained through text mining represents term-document features, but produces a sparse matrix. We designed an advanced genetic algorithm (GA) to extract features in text mining for detection model. Term frequency inverse document frequency (TF-IDF) is used to reflect the document-term relationships in feature extraction. Through a repetitive process, a predetermined number of features are selected. And, we used the sparsity score to improve the performance of detection model. If a spam mail data set has the high sparsity, detection model have low performance and is difficult to search the optimization detection model. In addition, we find a low sparsity model that have also high TF-IDF score by using s(F) where the numerator in fitness function. We also verified its performance by applying the proposed algorithm to text classification. As a result, we have found that our algorithm shows higher performance (speed and accuracy) in attack mail classification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.129-137
• /
• 2008

In this paper, we propose an improved Bayesian Filtering mechanism to reduce the False Positives that occurs in the existing Bayesian Filtering mechanism. In the existing Bayesian Filtering mechanism, the same Bayesian Filtering DB trained at the e-mail server is applied to each e-mail user. Also, the training method using receiving e-mails only could not provide the high quality of ham DB. Due to these problems, the existing Bayesian Filtering mechanism can produce the False Positives which misclassify the ham e-mails into the spam e-mails. In the proposed mechanism, the sending e-mails of the user are treated as the high quality of ham information, and are trained to the Bayesian ham DB automatically. In addition, by providing a different Bayesian DB to each e-mail user respectively, more efficient e-mail filtering service is possible. Our experiments show the improvement of filtering accuracy by 3.13%, compared to the existing Bayesian Filtering mechanism.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.235-237
• /
• 2005

인터넷 사용의 증가로 않은 사람들이 기존의 편지나 엽서를 사용하던 것을 전자 메일(e-mail)로 대체하고 있다. 전자 메일은 텍스트뿐만 아니라 그림, 음성, 동영상까지 전송이 가능하여 필요한 문서들도 첨부가 가능하여 많은 사람들에게 호응을 얻고 있지만 광고 메일이나 음란 사이트 홍보 메일로 사용되면서 많은 전자 메일 사용자들에게 정신적 피해를 주고 있으며 메일링 서비스를 하고 있는 업체들에게 큰 유해를 끼치고 있다. 본 논문에서는 사용자가 요구하지 않은 광고성 스팸 메일을 OTP(One Time Password)를 이용하여 효과적으로 차단하는 모듈을 제안, 설계한다. 기존의 차단 방식은 메일 서버에 저장된 메일들을 삭제하는 방식으로 메일 서버에 많은 과부하를 주며 메일 서버의 저장 용량을 낭비하여 사용자로 하여금 곡 필요한 메일들을 송, 수신 하지 못할 수도 있었다. 본 논문에서 제안하는 시스템은 스팸 메일로 분류된 메일들을 메일 서버 자체에 저장하지 않는 방식을 사용하여서 기존의 문제점을 해결하였다.

• The Journal of Engineering Research
• /
• v.4 no.1
• /
• pp.5-22
• /
• 2002

With the rapid advance of internet service and the corresponding migration of service environment from the text-based one to WWW (World Wide Web) environment, the number of internet users is growing rapidly due to its easy usage. Accordingly, usage of internet as services for sending electronic mails to the other party over the network is becoming increasingly prevalent. Web-based electronic mailing system is comprised of a server and a client. The former provides the users with e-mail accounts and services, while the latter serves as a user interface. In other words, it enables those public users who dos not own e-mail accounts on the existing mail server to have an access to the mailing service through the web. In this paper, we designed a effective web-based electronic mailing system which is based on the internet explorer and linux operating system, which overcomes limitations of the existing e-mail systems and meets the need of a cost-efficient alternative. Our electronic mailing system also supports the convenience of users through appropriate handling of preregistered spam e-mails and multiple e-mails, and this facilitates the development of a stable e-mail system by being able to avoiding the low system performance due to the bursty characteristics of e-mail messages and the increasing number of users

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04c
• /
• pp.552-554
• /
• 2003

전자우편은 기존 우편 기능을 대체하는 대표적인 정보 전달 수단으로 자리 잡고 있다. 전자매일 사용자의 증가에 따라 망은 기업들은 전자 메일을 통해 광고를 하게 되었다. 이에 따라 전자매일 사용자들은 인터넷 상에 개인 전자메일 주소가 노출됨으로 많은 스팸메일을 수신하게 되는데, 이것은 전자메일 사용자에게 많은 부담이 되고있다. 본 논문은 전자우편 문서내의 단어들을 대상으로 통계적 방법의 SVM을 이용하여 스팸메일을 필터링 하였으며, 학습 단계에서 단어 자질공간의 축소를 위해 DF값 변화에 따른 학습을 통하여 분류의 성능을 비교하였다. SVM의 성능 평가를 위해 확률적 방법의 나이브 베이지안과 벡터 모텔을 이용한 분류기와 성능을 비교함으로써 SVM 방법이 우수한 성능을 보임을 검증하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06c
• /
• pp.389-394
• /
• 2007

스팸 메일의 비율은 지속적으로 증가하여 최근 전체 이메일의 92.6%가 스팸 메일인 것으로 드러났다. 본 논문에서는 시간의 경과에 따른 사용자의 액션 패턴을 기반으로 사용자의 관심에 따른 가중치를 적용하여 스팸 메일 여부를 가리는 방법을 다룬다. 액션간의 관계와 액션 사이의 시간에 따라 가중치를 차별화함으로써 얼마나 높은 필터링 성능을 보일 수 있는 지, 또한 학습 속도 향상에 얼마나 기여할 수 있는지를 측정할 것이다. 실험에서는 실제 메일 데이터를 이용하여 베이지안 분류자, 가중치가 부여된 베이지안 분류자와 본 논문이 제안하는 시스템의 학습 성능의 향상 속도를 비교할 것이다. 또한 제안된 시스템이 Concept Drift와 적응 학습, 그리고 개인화를 어떻게 다룰 지를 보일 것이다.