• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.111-117
• /
• 2011

Advances in encryption technology to secret communication and information security has been strengthened. Cryptovirus is the advent of encryption technology to exploit. Also, anyone can build and deploy malicious code using windows CAPI. Cryptovirus and malicious code using windows CAPI use the normal windows API. So vaccine software and security system are difficult to detect and analyze them. This paper examines and make hooking tool against Crytovirus and malicious code using windows CAPI.

• Journal of Advanced Navigation Technology
• /
• v.13 no.6
• /
• pp.884-893
• /
• 2009

Recently, malicious attacks for Windows operate through Window API hooking in the Windows Kernel. This paper presents the API hooking attack and protection techniques based on Windows kernel. Also this paper develops a detection tool for Windows API hooking that enables to detect dll files which are operated in the kernel. Proposed tool can detect behaviors that imports from dll files or exports to dll files such as kernel32.dll, snmpapi.dll, ntdll.dll and advapidll.dll, etc.. Test results show that the tool can check name, location, and behavior of API in testing system.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.2
• /
• pp.297-304
• /
• 2015

Zeus is one of the will-published malwares. Generally, it infects PC by executing a specific binary file downloaded on the internet. When infected, try to hook a particular Windows API of the currently running processes. If process runs hooked API, this API executes a particular code of Zeus and your private information is leaked. This paper describes techniques to detect and hook Windows API. We believe the technique should be able to detect modern P2P Zeus.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06d
• /
• pp.135-136
• /
• 2012

윈도우기반 게임 프로그램의 엔진은 대부분 DirectX를 사용하고 있다. 이는 게임 프로세스를 탐지하는데에 있어서 수많은 게임의 이름을 알고 있지 않아도, DirectX의 사용여부로 게임 프로세스를 탐지할 수 있음을 의미한다. 본 논문은 유저모드 후킹 Windows Message Hooking과 Direct3D Hooking을 이용하여 게임 프로세스를 탐지하는 방법을 제안하고자 한다.

• The KIPS Transactions:PartB
• /
• v.11B no.1
• /
• pp.45-52
• /
• 2004

We propose ESS_WMCE. This paper explains the design and implementation of the EDSS running on ESS_WMCE. EDSS is a synchronization error control system for web based multimedia collaboration environment. We have an error detection approach by using hooking method. The technique of an error transmission is a mended model of utilizing an application sharing system. DOORAE is a good framework model for supporting development on application for computer supported cooperated works. It has primitive service functions. Service functions are implemented with an object oriented concept. It is a system that is suitable for detecting and sharing a software error rapidly occurring on web based multimedia collaboration environment by using software techniques. It is able to share an error as well as providing URL synchronization to access shared objects. When an error occurs, this system detects an error by using hooking methods in MS-Windows API(Application Program Interface) function. If an error is found, it is able to provide an error sharing to access shared objects.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.51-60
• /
• 2005

The riles or intellectual property on computer systems have increasingly been exposed to such threats that they can be flowed out by internal users or outer attacks through the network. The File Outflow Monitoring System monitors file outflows at server by making the toe when users copy files on client computers into storage devices or print them, The monitoring system filters I/O Request packet by I/O Manager in kernel level if files are flowed out by copying, while it uses Win32 API hooking if printed. As a result, it has exactly made the log and monitored file outflows, which is proved through testing in Windows 2000 and XP.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.5
• /
• pp.1330-1340
• /
• 2000

Multimedia isn ow applied to various real world areas. In particular, the focus on multimedia system and CSCW(Computer Supported Cooperative Work) has increased. In spite of this current trend, however, the study of fault tolerance for CSCW has not yet fully progressed. We propose EDR_MSCW. It is a system that is suitable for detecting ad recovering software error based on multimedia computer supported cooperative work as DOORAE by using software techniques. DOORAE is a framwork for supporting development on multimedia applications for computer-based collaborative works. When an error occurs, EDR_MCSCW detects an error by using hooking methods in MS-Windows API(Application Program Interface) function. If an error is found, we present a checkpointing and recovery algorithm which has the removal function of the domino-effect for recovering multimedia and CSCW by using stack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1871-1890
• /
• 2021

The transition toward a contactless society has been rapidly progressing owing to the recent COVID-19 pandemic. As a result, the IT environment of organizations and enterprises is changing rapidly; in particular, data security is expanding to the private sector. To adapt to these changes, organizations and companies have started to securely transfer confidential data to residential PCs and personally owned devices of employees working from home or from other locations. Therefore, organizations and companies are introducing streaming data services, such as the virtual desktop infrastructure (VDI) or cloud services, to securely connect internal and external networks. These methods have the advantage of providing data without the need to download to a third terminal; however, while the data are being streamed, attacks such as screen shooting or capturing are performed. Therefore, there is an increasing interest in prevention techniques against screen capture threats that may occur in a contactless environment. In this study, we analyze possible screen capture methods in a PC and a mobile phone environment and present techniques that can protect the screens against specific attack methods. The detection and defense for screen capture of PC applications on Windows OS and Mac OS could be solved with a single agent using our proposed techniques. Screen capture of mobile devices can be prevented by applying our proposed techniques on Android and iOS.