• Journal of Convergence Society for SMB
• /
• v.5 no.1
• /
• pp.13-18
• /
• 2015

The malware, as hackers generic name of executable code that is created for malicious purposes, depending on the presence or absence of a self-replicating ability infected subjects, and are classified as viruses, worms, such as the Trojan horse. Mainly Web page search and P2P use, such as when you use a shareware, has become penetration is more likely to occur in such a situation. If you receive a malware attack, whether the e-mail is sent it is automatically, or will suffer damage such as reduced system performance, personal information leaks. While introducing the current malware, let us examine the measures and describes the contents related to the malicious code.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.85-88
• /
• 2020

최근 악성코드의 발전은 사이버 위협의 전방면에 걸쳐 영향을 주고 있다. DDoS, APT를 포함한 스팸 발송 등과 같은 사이버 공격은 악성코드를 기반으로 한다. 또한 이에 대응하기 위해 다양한 형태의 악성코드 솔루션이 존재하고 있다. 악성코드 솔루션은 오픈소스와 상업용 프로그램으로 나눌 수 있는데 상업용 프로그램은 악성코드뿐만 아니라 PC관리의 전반적인 부분을 담당하고 있다. 악성코드를 탐지하는 방법은 시그니처 방식과 해시DB를 이용한 방식 등 다양한 방식이 있다. 본 논문에서는 오픈소스기반 악성코드 솔루션을 비교하여 어떠한 방식이 더 효과적인가를 분석하였다. 이를 통해 악성코드 방지 프로그램을 개발하려는 개발자가 비용효과적인 악성코드 탐지 방법을 잘 선택할 수 있는 가이드라인을 제공한다.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.3-8
• /
• 2012

Smartphones have all the recent technology integration and NFC (Near Field Communication) Technology is one of them and become an essential these days. Despite using smartphones with NFC technology widely, not many security vulnerabilities have been discovered. This paper attempts to identify characteristics and various services in NFC technology, and to present a wide range of security vulnerabilities, prevention, and policies especially in NFC Contactless technology. We describe a security vulnerability and an possible threat based on human vulnerability and traditional malware distribution technic using Peer-to-Peer network on NFC-Enabled smartphones. The vulnerability is as follows: An attacker creates a NFC tag for distributing his or her malicious code to unspecified individuals and apply to hidden spot near by NFC reader in public transport like subway system. The tag will direct smartphone users to a certain website and automatically downloads malicious codes into their smartphones. The infected devices actually help to spread malicious code using P2P mode and finally as traditional DDoS attack, a certain target will be attacked by them at scheduled time.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.33-40
• /
• 2009

Ever since the network-based malicious code commonly known as a 'worm' surfaced in the early part of the 1980's, its prevalence has grown more and more. The RCS (Random Constant Spreading) worm has become a dominant, malicious virus in recent computer networking circles. The worm retards the availability of an overall network by exhausting resources such as CPU capacity, network peripherals and transfer bandwidth, causing damage to an uninfected system as well as an infected system. The generation and spreading cycle of these worms progress rapidly. The existing studies to counter malicious code have studied the Microscopic Model for detecting worm generation based on some specific pattern or sign of attack, thus preventing its spread by countering the worm directly on detection. However, due to zero-day threat actualization, rapid spreading of the RCS worm and reduction of survival time, securing a security model to ensure the survivability of the network became an urgent problem that the existing solution-oriented security measures did not address. This paper analyzes the recently studied efficient dynamic network. Essentially, this paper suggests a model that dynamically controls the RCS worm using the characteristics of Power-Law and depth distribution of the delivery node, which is commonly seen in preferential growth networks. Moreover, we suggest a model that dynamically controls the spread of the worm using information about the depth distribution of delivery. We also verified via simulation that the load for each node was minimized at an optimal depth to effectively restrain the spread of the worm.

• Journal of IKEEE
• /
• v.16 no.4
• /
• pp.389-394
• /
• 2012

Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

• Journal of Information Technology Services
• /
• v.10 no.3
• /
• pp.167-177
• /
• 2011

Code obfuscation is a technique that protects the abstract data contained in a program from malicious reverse engineering and various obfuscation methods have been proposed for obfuscating intention. As the abstract data of control flow about programs is important to clearly understand whole program, many control flow obfuscation transformations have been introduced. Generally, inlining is a compiler optimization which improves the performance of programs by reducing the overhead of calling invocation. In code obfuscation, inlining is used to protect the abstract data of control flow. In this paper, we define new control flow complexity metric based on entropy theory and N-Scope metric, and then apply genetic algorithm to obtain optimal inlining results, based on the defined metric.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.41-47
• /
• 2006

Spyware is any technology that aids in gathering information about a person or organization with-out their knowledge. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. A piece of spyware and adware affect computers which can rapidly become infected with large numbers of spyware and adware components. Users frequently notice from un-wanted behavior and degradation of system performance, such as significant unwanted CPU activity, disk usage, and network traffic which thereby slows down legitimate uses of these resources. The presence of situation will continue because of rapid expansion of Internet usages. Therefore, security solutions, such as anti-adware and anti-spyware, for recovering these malfunction due to the malicious programs must be developed. However, studies on the malicious programs are still not sufficient. Accordingly, this paper has studied the malicious program techniques, based on the results of analysis of present adware and spyware techniques by employing collected samples, and presents efficient measures for blocking and remedying the malicious programs.

• Journal of Software Assessment and Valuation
• /
• v.15 no.1
• /
• pp.11-24
• /
• 2019

Using cross-platform development frameworks, mobile app developers can easily implement mobile apps for multiple platforms in one step. The frameworks also provides adversaries with the ability to write malicious code once, and then run it anywhere for other platforms. In this paper, we analyze the ratio of benign and malicious apps written by cross-platform development frameworks for Android apps collected from AndroZoo's site. The analysis results show that the percentage of benign apps written in the frameworks continues to increase, accounting for 45% of all benign apps in 2018. The percentage of malicious apps written in the frameworks accounted for 25% of all malicious apps in 2015, but that percentage has declined since then. This study provides useful information to make a suitable choice when app developers face several challenges in cross platform app development.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.37-41
• /
• 2019

Recently, due to the appearance of various types of malware, the existing static analysis exposes many limitations. Static analysis means analyzing the structure of a code or program with source code or object code without actually executing the (malicious) code. On the other hand, dynamic analysis in the field of information security generally refers to a form that directly executes and analyzes (malware) code, and compares and examines and analyzes the state before and after execution of (malware) code to grasp the execution flow of the program. However, dynamic analysis required analyzing huge amounts of data and logs, and it was difficult to actually store all execution flows. In this paper, we propose and implement a preprocessor architecture of a system that performs malware detection and real-time multi-dynamic analysis based on 2nd generation PT in Windows environment (Windows 10 R5 and above).