Earticle

With the development of the Internet, many people are able share information freely, and check for information from various parts of the world in real time. Internet brought about the development of diverse industries, and its utilization is likely to increase through combination with many types of media in the future. However, the Internet also causes some problems. A computer can be infected with malicious codes only from a user visiting website, and personal information can be leaked from an infected PC. In particular, malicious codes are spreading, using the search word containing the social issue. Because search work rankings are provided with various categories, such as real time search words and “sharply rising search words”, malicious code spreading using these search words seem to increase. Therefore, this paper proposes a system that automatically collects malicious codes, which are disseminated using the search function.

Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.

Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.

VoIP spam will become severe problem preventing from generalization of VoIP service. For the purpose of presenting multi-leveled anti-spit framework, we divided VoIP service domain into three independent domains as an outbound, an intermediary, and an inbound domain. The proposed framework enables administrator to establish anti-spit policies in each domain. In outbound domain, the framework focuses on detecting and preventing spammers. The focus in intermediary domain is to block forged SIP message using sender policy framework. The framework enables victims to directly report spam contents they received to administrator. We showed that the multi-leveled anti-spit framework is enough to mitigate spam attacks.