• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.357-367
• /
• 2018

As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.405-412
• /
• 2013

Current web has evolved to a mashed-up format according to the change of the implementation and usage patterns. Web services and user experiences have improved, however, security threats are also increased as the web contents that are not yet verified combine together. To mitigate the threats incurred as an adverse effect of the web development, we need to check security on the combined web contents. In this paper, we propose a scheduling method to detect malicious web pages not only inside but also outside through extended links for secure operation of a web site. The scheduling method considers several aspects of each page including connection popularity, suspiciousness, and check elapse time to make a decision on the order for security check on numerous web pages connected with links. We verified the effectiveness of the security check complying with the scheduling method that uses the priority given to each page.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.8
• /
• pp.877-889
• /
• 2016

In this paper, we introduce the basic components of the Cognitive Radio Networks along with possible threats. Specifically, we investigate the SSDF (Spectrum Sensing Data Falsification) attack which is one of the easiest attack to carry out. Despite its simplicity, the SSDF attack needs careful attention in order to build a secure system that resists to it. The proposed scheme utilizes the Anomaly Detection technique to identify malicious users as well as their sensing reports. The simulation results shows that the proposed scheme can effectively detect erroneous sensing reports and thus result in correct detection of the active primary users.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2236-2257
• /
• 2020

Ransomware is malicious software that encrypts the user-related files and data and holds them to ransom. Such attacks have become one of the serious threats to cyberspace. The avoidance techniques that ransomware employs such as obfuscation and/or packing makes it difficult to analyze such programs statically. Although many ransomware detection studies have been conducted, they are limited to a small portion of the attack's characteristics. To this end, this paper proposed a framework for the behavioral-based dynamic analysis of high survivable ransomware (HSR) with integrated valuable feature sets. Term Frequency-Inverse document frequency (TF-IDF) was employed to select the most useful features from the analyzed samples. Support Vector Machine (SVM) and Artificial Neural Network (ANN) were utilized to develop and implement a machine learning-based detection model able to recognize certain behavioral traits of high survivable ransomware attacks. Experimental evaluation indicates that the proposed framework achieved an area under the ROC curve of 0.987 and a few false positive rates 0.007. The experimental results indicate that the proposed framework can detect high survivable ransomware in the early stage accurately.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.389-396
• /
• 2022

Smartphones are growing more susceptible as technology develops because they contain sensitive data that offers a severe security risk if it falls into the wrong hands. The Android OS includes permissions as a crucial component for safeguarding user privacy and confidentiality. On the other hand, mobile malware continues to struggle with permission misuse. Although permission-based detection is frequently utilized, the significant false alarm rates brought on by the permission-based issue are thought to make it inadequate. The present detection method has a high incidence of false alarms, which reduces its ability to identify permission-based attacks. By using permission features with intent, this research attempted to improve permission-based detection. However, it creates an excessive number of features and increases the likelihood of false alarms. In order to generate the optimal number of features created and boost the quality of features chosen, this research developed an intersection feature approach. Performance was assessed using metrics including accuracy, TPR, TNR, and FPR. The most important characteristics were chosen using the Correlation Feature Selection, and the malicious program was categorized using SVM and naive Bayes. The Intersection Feature Technique, according to the findings, reduces characteristics from 486 to 17, has a 97 percent accuracy rate, and produces 0.1 percent false alarms.

• Journal of Korea Game Society
• /
• v.15 no.4
• /
• pp.69-78
• /
• 2015

As the online game industry has been growing rapidly, more and more malicious activities to gain economic benefits have been reported as well. Game bot is one of the biggest problems in the online game industry. So we proposed a bot detection method based on the ERG theory of motivation for the first time. Most of the previous studies focused on behavior-based detection by monitoring patterns of the specific actions. In this paper, we applied the motivation theory to analyze user behaviors on a real game dataset. The result shows that normal users in the game followed the ERG theory of motivation in the same way as it works in real world. But in the case of game bots, the theory could not be applied because the game bot has specific reasons, unlike normal game users. We applied the ERG theory to users to distinguish game bot users from normal users. We detected the game bot with high accuracy of 99.78% by applying the theory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.115-125
• /
• 2003

As Web services are generally open for external uses and not filtered by Firewall, these result in attacker's target. Web attacks which exploit vulnerable web-applications and malicious users' requests cause economical and social problems. In this paper, we are modelling general web service usages based on user-web-session and detect anomal usages with Bayesian estimation method. Finally we propose SAD(Session Anomaly Detection) for detection unknown web attacks. To evaluate SAD, we made an experiment on attack simulation with web vulnerability scanner, whisker. The results show that the detection rate of SAD is over 90%, which is influenced by several features such as size of window or training set, detection filter method and web topology.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.109-110
• /
• 2011

악성코드는 루트킷, Anti-VM/디버깅, 실행압축 등 기술사용으로 점차 지능화된 형태로 발전하고 있다. 이에 대응하기 위해, user 및 kernel level에서의 다양한 행위 기반 분석기술이 연구되고 있으나, 이를 회피하는 악성코드가 지속적으로 출현하고 있다. 본 논문에서는 Taint Analysis 기반 악성코드 탐지방안을 제시한다. 본 대응기술은 공격자에 의해 회피하기 어렵고, 의심스러운 데이터 유형별 선별적 분석이 가능하여 행위 기반 대응기술의 한계를 보완할 수 있다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.277-283
• /
• 2022

Email phishing has become very prevalent especially now that most of our dealings have become technical. The victim receives a message that looks as if it was sent from a known party and the attack is carried out through a fake cookie that includes a phishing program or through links connected to fake websites, in both cases the goal is to install malicious software on the user's device or direct him to a fake website. Today it is difficult to deploy robust cybersecurity solutions without relying heavily on machine learning algorithms. This research seeks to detect phishing emails using high-accuracy machine learning techniques. using the WEKA tool with data preprocessing we create a proposed methodology to detect emails phishing. outperformed random forest algorithm on Naïve Bayes algorithms by accuracy of 99.03 %.

• Journal of applied mathematics & informatics
• /
• v.41 no.1
• /
• pp.95-105
• /
• 2023

To make the network energy efficient and to protect the network from malignant user's energy efficient grid based secret key sharing scheme is proposed. The cost function is evaluated to select the optimal nodes for carrying out the data transaction process. The network is split into equal number of grids and each grid is placed with certain number of nodes. The node cost function is estimated for all the nodes present in the network. Once the optimal energy proficient nodes are selected then the data transaction process is carried out in a secured way using malicious nodes filtration process. Therefore, the message is transmitted in a secret sharing method to the end user and this process makes the network more efficient. The proposed work is evaluated in network simulated and the performance of the work are analysed in terms of energy, delay, packet delivery ratio, and false detection ratio. From the result, we observed that the work outperforms the other works and achieves better energy and reduced packet rate.