• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.4
• /
• pp.405-414
• /
• 2010

According to the statistics of SecurityFocus in 2008, client-side attacks through the Microsoft Internet Explorer have increased by more than 50%. In this paper, we have implemented a behavior-based malicious web page detection system and a blacklist-based malicious web page filtering system. To do this, we first efficiently collected the target URLs by constructing a crawling system. The malicious URL detection system, run on a specific server, visits and renders actively the collected web pages under virtual machine environment. To detect whether each web page is malicious or not, the system state changes of the virtual machine are checked after rendering the page. If abnormal state changes are detected, we conclude the rendered web page is malicious, and insert it into the blacklist of malicious web pages. The malicious URL filtering system, run on the web client machine, filters malicious web pages based on the blacklist when a user visits web sites. We have enhanced system performance by automatically handling message boxes at the time of ULR analysis on the detection system. Experimental results show that the game sites contain up to three times more malicious pages than the other sites, and many attacks incur a file creation and a registry key modification.

• Journal of KIISE:Information Networking
• /
• v.35 no.1
• /
• pp.67-75
• /
• 2008

In this paper, we propose an efficient URL lookup algorithm for URL list-based web contents filtering systems. Converting a URL list into URL prefix form and building a hash tree representation of them, the proposed algorithm performs tree searches for URL lookups. It eliminates redundant searches of hash table method. Experimental results show that proposed algorithm is $62%{\sim}210%$ faster, depending on the number of segment, than conventional hash table method.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.17 no.6
• /
• pp.849-854
• /
• 2007

It is difficult that we collect only target documents from the Innumerable Web documents. One of solution to the problem is that we select target documents on the Web site which services many documents of target domain. In this paper, we will propose an intelligent crawling method collecting needed documents based on URL pattern script defined by XML. Proposed crawling method will efficiently apply to the sites which service structuralized information of a piece with database. In this paper, we collected 50 thousand Web documents using our crawling method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.135-148
• /
• 2004

Recently, it is difficult to block the spam mail that changes variously with past spam distinction method by words. To solve such problem, This paper propose the method of generating spam distinction rule using URL frequency analysis. It is consist of collecting spam, drawing URL that get into characteristic from collected spam mail. URL noonalizing, generating spam distinction rule by time frequency, and blocking mail. It can effectively block various types of spam mail and various forms of spam mail that change.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.437-439
• /
• 2000

현대 생활에서 필수가 된 웹은 많은 정보를 쉽게 얻을 수 있다는 장점이 있지만 음란물의 유혹과 업무시간의 주식투자 등의 부작용들도 속속 나타나고 있다. 이러한 문제를 해결하기 위한 방안으로서 웹 필터링 시스템이 활용되고 있다. 본 논문에서는 시스템의 성능 저하와 사용자의 웹 접속 지연 시간을 최소화하면서 차단 여부를 신속히 판별할 수 있는 URL 탐색기법을 제안한다.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2007.11a
• /
• pp.41-44
• /
• 2007

특정 분야별로 구축되는 온톨로지에 관하여 그 언스턴스를 쉽고 빠르게 구축하기 위해서는 구조화된 문서를 이용하는 것이 효율적이다. 그러나, 일반적인 웹 문서는 모든 분야에 대하여 다양한 형식으로 표현되어 존재하기 때문에, 대상이 되는 구조 문서를 자동으로 수집하기는 쉽지 않다. 본 논문에서는 웹사이트의 URL 패턴을 XML 기반의 스크립트로 정의하여, 필요한 웹 문서만을 지능적으로 수집하는 방안을 제안한다. 제안하는 수집 방안은 구조화된 형태로 정보를 제공하는 사이트에 대해서 매우 빠르고 효율적으로 적용될 수 있다. 본 논문에서는 제안하는 방법을 적용하여 5만개 이상의 웹 문서를 수집하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.721-723
• /
• 2004

As the Internet use has been spreading worldwide, illegal and harmful contents have been increasing on the Internet, which has become a very serious social problem. To prevent children form exposing themselves to such illegal and harmful contents on the Internet, harmful information protection systems have been developed. We examine component technologies of harmful information protection systems including text and image-based filtering solutions as well as url-based filtering solution. Also we examine the related trends and strategies which effectively prevent access to the harmful contents.

• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.1
• /
• pp.13-20
• /
• 2006

In this paper, we constructed a spam-mail filtering system based on the lexical and conceptual information. There are two kinds of information that can distinguish the spam mail from the legitimate mil. The definite information is the mail sender's information, URL, a certain spam keyword list, and the less definite information is the word lists and concept codes extracted from the mail body. We first classified the spam mail by using the definite information, and then used the less definite information. We used the lexical information and concept codes contained in the email body for SVM learning. According to our results the spam precision was increased if more lexical information was used as features, and the spam recall was increased when the concept codes were included in features as well.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.10
• /
• pp.1808-1814
• /
• 2008

In addition to RBL function, which is used to applying for spam e-mail filtering, as an effective way to deal with the recently widespread spam types, this paper proposes how to extract URL that was comprised in the original e-mail, apply it to RBL, and expand it. The BotNet, which is used to using for sending spam mails these days, has a problem that it is not able to solve with the distributed addresses of sent mails in spam e-mails. In general, as these spam e-mails are sent from the infected Zombi PC of individual user, the sent address itself is not efficient and is meaningless to use in RBL. As an effective way to filter spam e-mail sent by BotNet, this paper analyzes URLs that contained in the original spam e-mail and proposes how to effectively improve filter rate, based on the distribution data of URL site tempting users. This paper proposes the sending mechanism of spam e-mails from BotNet and the methods to realize those types of spam e-mails. In order to gather analyzable spam e-mails, this paper also carries out an experiment by configuring trap system of spam e-mail. By analyzing spam e-mails, which have been received during the certain period of experiment, this paper shows that the expanded RBL method, using URLs that contained in spam e-mails, is effective way to improve the filter distribution of spam e-mail.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.433-435
• /
• 2003

엄청난 양의 정보를 제공하는 인터넷은 사람들에게 편의성을 제공해 주고 있다. 그러나 다른 한편으로는 인터넷으로 인하여 청소년들이 유해한 정보에 무방비로 노출되고, 회사에서는 업무와 관련이 없는 인터넷 사용으로 업무 능률이 저하되며 네트워크 자원이 낭비되는 등의 여러 가지 문제가 발생하고 있다. 본 논문에서는 이러한 문제를 해결하기 위해 개인별로 인증을 받은 후에 각 개인에 따라 설정된 필터링 정책에 의해 인터넷을 사용하는 시스템을 제안한다. 기존의 시스템은 시스템 구성 및 성능, 사용자 관리의 어려움 등의 문제로 ISP 등의 대단위 네트워크에 적용하기 어렵다. 본 논문에서는 대단위 네트워크에 적용 가능하고 사용자 관리가 용이한 URL 필터링 시스템을 제안한다. 이러한 시스템을 사용하면 학교나 가정 및 직장에서 개인별로 다양한 필터링 정책을 적용할 수 있어 유해한 정보로부터 청소년을 보호할 수 있으며, 업무 능률의 상승과 네트워크 자원을 효율적으로 활용할 수 있는 장점이 있다.