• 정보과학회 논문지
• /
• 제45권1호
• /
• pp.1-8
• /
• 2018

최근 인터넷의 발전과 동시에 인터넷을 이용한 악성코드 유포는 가장 심각한 사이버 위협 중 하나이며, 탐지 우회 기법이 적용된 악성코드 유포 기술 또한 발전하고 있어, 이를 탐지하고 분석하는 연구가 활발하게 이루어지고 있다. 하지만 기존의 악성코드 유포 웹페이지 탐지 시스템은 시그니처 기반이어서 난독화된 악성 자바스크립트는 탐지가 거의 불가능하며, 탐지 패턴을 지속적으로 업데이트해야 하는 한계가 있다. 이러한 한계점을 극복하기 위해 지능화된 악성코드 유포 웹사이트를 효과적으로 분석 및 탐지할 수 있는 리얼 브라우저를 이용한 지능형 악성코드 유포 웹페이지 탐지 시스템을 제안하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권2호
• /
• pp.766-783
• /
• 2012

Recently, many malicious users have attacked web browsers using JavaScript code that can execute dynamic actions within the browsers. By forcing the browser to execute malicious JavaScript code, the attackers can steal personal information stored in the system, allow malware program downloads in the client's system, and so on. In order to reduce damage, malicious web pages must be located prior to general users accessing the infected pages. In this paper, a novel framework (JsSandbox) that can monitor and analyze the behavior of malicious JavaScript code using internal function hooking (IFH) is proposed. IFH is defined as the hooking of all functions in the modules using the debug information and extracting the parameter values. The use of IFH enables the monitoring of functions that API hooking cannot. JsSandbox was implemented based on a debugger engine, and some features were applied to detect and analyze malicious JavaScript code: detection of obfuscation, deobfuscation of the obfuscated string, detection of URLs related to redirection, and detection of exploit codes. Then, the proposed framework was analyzed for specific features, and the results demonstrate that JsSandbox can be applied to the analysis of the behavior of malicious web pages.

• Journal of Information Processing Systems
• /
• 제7권1호
• /
• pp.121-136
• /
• 2011

With the rapid growth of GPS-enable Smartphones, the interest on using Location Based Services (LBSs) has increased significantly. The evolution in the functionalities provided by those smartphones has enabled them to accurately pinpoint the location of a user. Because location information is what all LBSs depend on to process user's request, it should be properly protected from attackers or malicious service providers (SP). Additionally, maintaining user's privacy and confidentiality are imperative challenges to be overcome. A possible solution for these challenges is to provide user anonymity, which means to ensure that a user initiating a request to the SP should be indistinguishable from a group of people by any adversary who had access to the request. Most of the proposals that maintain user's anonymity are based on location obfuscation. It mainly focuses on adjusting the resolution of the user's location information. In this paper, we present a new protocol that is focused on using cryptographic techniques to provide anonymity for LBSs users in the smartphone environment. This protocol makes use of a trusted third party called the Anonymity Server (AS) that ensures anonymous communication between the user and the service provider.

• 정보보호학회논문지
• /
• 제27권6호
• /
• pp.1457-1465
• /
• 2017

스마트기기 시장의 성장과 함께 모바일 환경에서 악성행위가 그 영역을 점차 확대하고 있다. 이에 따라 악성앱 분석에 대한 연구가 진행되어 앱 분석을 위한 자동 분석 도구가 나오면서, 오히려 이런 자동 분석도구들로 인해 기존의 앱 보안을 위한 도구들이 공격자에게 무력해지는 부작용이 일어난다. 본 논문은 일반적인 안드로이드 앱에 적용할 수 있는 범용적인 보호 기법이 아닌 보안 토큰을 가진 스마트 기기 사용자가 이용하는 안드로이드 앱에 적용할 수 있는 앱 보호 기법에 대해 제안한다. 보안 토큰이 삽입되지 않은 경우 앱이 정상적으로 메모리로 적재되지 못하며, 해당 기법으로 보호된 부분은 노출되지 않도록 하는 것을 특징으로 한다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2012년도 춘계학술발표대회
• /
• pp.730-733
• /
• 2012

소프트웨어는 대부분 바이너리 형태로 배포되기 때문에 역공학 분석이 쉽지 않다. 그러나 안드로이드는 자바를 기반으로 한다. 즉, 자바 언어로 프로그래밍하고 생성된 클래스 파일을 dx라는 도구를 사용하여 안드로이드용 달빅(Dalvik) 코드로 변환한다. 따라서 안드로이드 역시 자바의 취약점을 가지고 있고, 자바용으로 개발된 역공학 도구에 의해서 쉽게 분석될 수 있다. 한편으로 자바 프로그램의 저작권을 보호하고 핵심 알고리즘이 노출되지 않도록 다양한 난독화 도구들이 개발되었다. 그 중에서 안드로이드 SDK에 포함되어 함께 배포되고 있기 때문에 널리 사용되고 있는 프로가드(Proguard)에 대해서 대표적인 기능 및 사용법, 프로가드로 난독화된 코드가 원본과 비교하여 어떻게 변경되었는지 평가한다. 그리고 프로가드가 가지고 있는 한계를 알아보고, 이것을 극복할 수 있는 방법을 모색한다.

• 한국컴퓨터정보학회논문지
• /
• 제23권11호
• /
• pp.85-93
• /
• 2018

In recent years, there has been an increasing number of ways to distribute document-based malicious code using vulnerabilities in document files. Because document type malware is not an executable file itself, it is easy to bypass existing security programs, so research on a model to detect it is necessary. In this study, we extract main features from the document structure and the JavaScript contained in the stream object In addition, when JavaScript is inserted, keywords with high occurrence frequency in malicious code such as function name, reserved word and the readable string in the script are extracted. Then, we generate a machine learning model that can distinguish between normal and malicious. In order to make it difficult to bypass, we try to achieve good performance in a black box type algorithm. For an experiment, a large amount of documents compared to previous studies is analyzed. Experimental results show 98.9% detection rate from three different type algorithms. SVM, which is a black box type algorithm and makes obfuscation difficult, shows much higher performance than in previous studies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권9호
• /
• pp.4814-4832
• /
• 2019

Plagiarism detection is increasingly exploiting text alignment. Text alignment involves extracting the plagiarism passages in a pair of the suspicious document and its source document. The heuristics have achieved excellent performance in text alignment. However, the further improvements of the heuristic methods mainly depends more on the experiences of experts, which makes the heuristics lack of the abilities for continuous improvements. To address this problem, machine learning maybe a proper way. Considering the position relations and the context of text segments pairs, we formalize the text alignment task as a problem of sequence labeling, improving the current methods at the model level. Especially, this paper proposes to use the probabilistic graphical model to tag the observed sequence of pairs of text segments. Hence we present the sequence labeling approach for text alignment in plagiarism detection based on Conditional Random Fields. The proposed approach is evaluated on the PAN@CLEF 2012 artificial high obfuscation plagiarism corpus and the simulated paraphrase plagiarism corpus, and compared with the methods achieved the best performance in PAN@CLEF 2012, 2013 and 2014. Experimental results demonstrate that the proposed approach significantly outperforms the state of the art methods.

• International Journal of Advanced Culture Technology
• /
• 제9권4호
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• International Journal of Computer Science & Network Security
• /
• 제23권9호
• /
• pp.141-149
• /
• 2023

Repacked mobile apps constitute about 78% of all malware of Android, and it greatly affects the technical ecosystem of Android. Although many methods exist for repacked app detection, most of them suffer from performance issues. In this manuscript, a novel method using the Constant Key Point Selection and Limited Binary Pattern (CKPS: LBP) Feature extraction-based Hashing is proposed for the identification of repacked android applications through the visual similarity, which is a notable feature of repacked applications. The results from the experiment prove that the proposed method can effectively detect the apps that are similar visually even that are even under the double fold content manipulations. From the experimental analysis, it proved that the proposed CKPS: LBP method has a better efficiency of detecting 1354 similar applications from a repository of 95124 applications and also the computational time was 0.91 seconds within which a user could get the decision of whether the app repacked. The overall efficiency of the proposed algorithm is 41% greater than the average of other methods, and the time complexity is found to have been reduced by 31%. The collision probability of the Hashes was 41% better than the average value of the other state of the art methods.

• International Journal of Computer Science & Network Security
• /
• 제23권5호
• /
• pp.163-171
• /
• 2023

The intelligent transportation system has made a huge leap in the level of human services, which has had a positive impact on the quality of life of users. On the other hand, these services are becoming a new source of risk due to the use of data collected from vehicles, on which intelligent systems rely to create automatic contextual adaptation. Most of the popular privacy protection methods, such as Dummy and obfuscation, cannot be used with many services because of their impact on the accuracy of the service provided itself, they depend on changing the number of vehicles or their physical locations. This research presents a new approach based on the shuffling Nicknames of vehicles. It fully maintains the quality of the service and prevents tracking users permanently, penetrating their privacy, revealing their whereabouts, or discovering additional details about the nature of their behavior and movements. Our approach is based on creating a central Nicknames Pool in the cloud as well as distributed subpools in fog nodes to avoid intelligent delays and overloading of the central architecture. Finally, we will prove by simulation and discussion by examples the superiority of the proposed approach and its ability to adapt to new services and provide an effective level of protection. In the comparison, we will rely on the wellknown privacy criteria: Entropy, Ubiquity, and Performance.