Digital Library[ Search Result ]
The Classification Model of Fileless Cyber Attacks
GyungMin Lee, ShinWoo Shim, ByoungMo Cho, TaeKyu Kim, KyoungGon Kim
http://doi.org/10.5626/JOK.2020.47.5.454
Since late 2000, state-sponsored and sophisticated cyber-attacks have continued unabated. Also, preparing countermeasures against cyber-attack techniques based on traces are also in development. Cyber attackers use a variety of techniques to veil their attacks from these analyses and countermeasures. In particular, fileless cyber-attacks that do not create a file used for an attack are increasing. Fileless cyber-attacks are difficult to analyze because there are no executable files to analyze from the defender"s perspective. In this paper, we investigate and analyze fileless cyber-attacks and present a model based on the cyber kill chain to classify fileless cyber-attacks. Through this, it is expected to identify and respond to attack types more quickly than when new fileless cyber-attacks occur.
Research and Development of Wireless Protocol Automatic Analyzer
Woorim Bang, Youngbae Jeon, Shinwoo Shim, Kwangsoo Kim, Ji Won Yoon
http://doi.org/10.5626/JOK.2019.46.8.852
Automatic Protocol Reverse Engineering (APRE) defines automatic analysis of the format, semantics, and parameters of an unknown protocol. APRE can be used to detect malware that is distributed on the network, or for security and suitability verification of protocols that have been defined own their own. Conventional APRE studies have been conducted mostly on text-based protocols and wired protocols. As the number of wireless devices increases, there is an increasing need for a protocol analyzer for wireless protocols. Therefore, in this paper, research and development of the protocol automatic analyzer were performed by considering the characteristics of the wireless protocols. For the analysis of the wireless protocol, this study analyzed the messages in binary units. We propose a method to calculate the message distance by assigning a weight according to the packet acquisition time interval to perform clustering among similar messages. As a result of collecting and analyzing the messages according to the IEEE 802.11 protocol using the proposed method, we could correctly classify 95.1% message types among 800messages, and the degree of conciseness was 3.6. By using one of the existing APRE tools, Netzob, 92.1% precision was obtained with the conciseness of 3.5. Consequently, the proposed method showed better performance than Netzob.
Collecting Network Field Information using Machine Learning
Kyu Seok Han, Taekyu Kim, Shinwoo Shim, Sung Goo Jun, Jiwon Yoon
http://doi.org/10.5626/JOK.2018.45.10.1096
Recently, various systems based on Internet of Things (IOT) and Information and Communications Technologies(ICT) have been developed. Today, assorted devices are connected to a network, and various operating systems according to devices having different resources and functions have appeared. With the increased need for in hacking security, researches on the vulnerability analysis of the operating system installed on each device and the actual attack technique have been carried out. Accordingly, the type and detailed version of the operating system of the device, Function (API) is emerging as important information in security. Since the control of this information gathering in the cyber warfare is the first stage of the cyber threat, many studies have been conducted on mehods for controlling the network traffic while scanning. In order to bypass this control of the network, information collectors prepare countermeasures to secretly collect port information. In this paper, we deal with a scanning method that can acquire information about opponents through network basic commands which are not important in the network control system.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr