• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2881-2894
• /
• 2018

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.17 no.3
• /
• pp.310-315
• /
• 2007

When a mail was given to users, each user's response could be different according to his or her preference. This paper presents a solution for this situation by constructing a u!;or preferred ontology for anti-spam systems. To define an ontology for describing user behaviors, we applied associative classification mining to study preference information of users and their responses to emails. Generated classification rules can be represented in a formal ontology language. A user preferred ontology can explain why mail is decided to be spam or non-spam in a meaningful way. We also suggest a nor rule optimization procedure inspired from logic synthesis to improve comprehensibility and exclude redundant rules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.693-700
• /
• 2016

Analyzing characteristics of spam text messages had limitations since spam datasets are typically difficult to obtain publicly and previous studies focused on spam email. Although existing studies, such as through the use of spam e-mail characterization and utilization of data mining techniques, there are limitations that influence is limited to high spam detection techniques using a single word character. In this paper, we reveal the characteristics of the spam SMS based on experiment and analysis from different perspectives and propose coward analysis based spam SMS detection scheme with a publicly disclosed spam SMS from the University of Singapore. With the extensive performance evaluations, we show false positive and false negative of the proposed method is less than 2%.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.61-69
• /
• 2020

Since spear-phishing mail attacks focus on a particular target persistently to collect and take advantage of information, it can incur severe damage to the target as a part of the intelligent and new attacks such as APT attacks and social engineering attacks. The usual spam filtering services can have limits in countering spear-phishing mail attacks because of different targets, goals, and methods. In this paper, we analyze mail security services of several enterprises hosted by midium and small-sized enterprises with relatively security vulnerabilities in order to see whether their services can effectively respond spear-phishing mail attacks. According to the analysis result, we can say that most of mail security hosting services lack in responding spear-phishing mail attacks by providing functions for mainly managing mails including spam mail. The analysis result can be used as basic data to extract the effective and systematic countermeasure.

• Journal of Information Processing Systems
• /
• v.19 no.3
• /
• pp.289-301
• /
• 2023

Due to the development and dissemination of modern technology, anyone can easily communicate using services such as social network service (SNS) through a personal computer (PC) or smartphone. The development of these technologies has caused many beneficial effects. At the same time, bad effects also occurred, one of which was the spam problem. Spam refers to unwanted or rejected information received by unspecified users. The continuous exposure of such information to service users creates inconvenience in the user's use of the service, and if filtering is not performed correctly, the quality of service deteriorates. Recently, spammers are creating more malicious spam by distorting the image of spam text so that optical character recognition (OCR)-based spam filters cannot easily detect it. Fortunately, the level of transformation of image spam circulated on social media is not serious yet. However, in the mail system, spammers (the person who sends spam) showed various modifications to the spam image for neutralizing OCR, and therefore, the same situation can happen with spam images on social media. Spammers have been shown to interfere with OCR reading through geometric transformations such as image distortion, noise addition, and blurring. Various techniques have been studied to filter image spam, but at the same time, methods of interfering with image spam identification using obfuscated images are also continuously developing. In this paper, we propose a deep learning-based spam image detection model to improve the existing OCR-based spam image detection performance and compensate for vulnerabilities. The proposed model extracts text features and image features from the image using four sub-models. First, the OCR-based text model extracts the text-related features, whether the image contains spam words, and the word embedding vector from the input image. Then, the convolution neural network-based image model extracts image obfuscation and image feature vectors from the input image. The extracted feature is determined whether it is a spam image by the final spam image classifier. As a result of evaluating the F1-score of the proposed model, the performance was about 14 points higher than the OCR-based spam image detection performance.

• The KIPS Transactions:PartB
• /
• v.10B no.7
• /
• pp.853-862
• /
• 2003

Many more use e-mail purely on a personal basis and the pool of e-mail users is growing daily. Also, the amount of mails, which are transmitted in electronic commerce, is getting more and more. Because of its convenience, a mass of spam mails is flooding everyday. And yet automated techniques for learning to filter e-mail have yet to significantly affect the e-mail market. This paper suggests Web Mail Filtering Agent for Personalized Classification, which automatically manages mails adjusting to the user. It is based on web mail, which can be logged in any time, any place and has no limitation in any system. In case new mails are received, it first makes some personal rules in use of the result of observation ; and based on the personal rules, it automatically classifies the mails into categories according to the contents of mails and saves the classified mails in the relevant folders or deletes the unnecessary mails and spam mails. And, we applied Bayesian Algorithm using Dynamic Threshold for our system's accuracy.

• 한국데이터정보과학회:학술대회논문집
• /
• 2002.06a
• /
• pp.139-139
• /
• 2002

• Journal of Scientific & Technological Knowledge Infrastructure
• /
• s.1
• /
• pp.33-35
• /
• 2000

• Journal of Information Management
• /
• v.38 no.4
• /
• pp.48-67
• /
• 2007

The economic burden which our society has to take exceeds the benefit that it becomes by the free circulation of information. Problems such as inconvenience or inequality between people can also occur since the regulation task of spam e-mail or SMS is imposed on two organs; the Department of Information and Communication and Free Trade Commission. The dualization of regulation separates related laws, which makes exception according to the $\ulcorner$Law on Information Communication Usage and Information Protection$\lrcorner$ or poses double regulation toward the same case. The spam prevention activity at free hands of information communication network provider such as portal site or mobile communication has many limitations along with comparison and analysis of spam regulations abroad. Therefore, examinations on legal obligation such as service restriction, identification and technical measure to spam prevention is needed. This study focuses on making the scope of spam regulation clear by considering the domestic related laws and the general environment of industry, on enacting law which regulates spam including advertisement and on deducting essential facts in enacting or modifying related laws and thus, deducting the form and contents of spam regulation law which is most decent in our domestic environment.

• Journal of Advanced Navigation Technology
• /
• v.15 no.2
• /
• pp.287-297
• /
• 2011

As electronic mails are being widely used for facility and speedness of information communication, as the amount of spam mails which have malice and advertisement increase and cause lots of social and economic problem. A number of approaches have been proposed to alleviate the impact of spam. These approaches can be categorized into pre-acceptance and post-acceptance methods. Post-acceptance methods include bayesian filters, collaborative filtering and e-mail prioritization which are based on words or sentances. But, spammers are changing those characteristics and sending to avoid filtering system. In the case of Korean, the abnormal usages can be much more than other languages because syllable is composed of chosung, jungsung, and jongsung. Existing formal expressions and learning algorithms have the limits to meet with those changes promptly and efficiently. So, we present an methods for recognizing Korean abnormal language(Koral) to improve accuracy and efficiency of filtering system. The method is based on syllabic than word and Smith-waterman algorithm. Through the experiment on filter keyword and e-mail extracted from mail server, we confirmed that Koral is recognized exactly according to similarity level. The required time and space costs are within the permitted limit.