Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾Ç¼ºÄÚµå ÀÎÁ§¼Ç »çÀÌÆ® ŽÁö¸¦ ÅëÇÑ ¹æ¾îÈ¿À² Çâ»ó¹æ¾È |
| ¿µ¹®Á¦¸ñ(English Title) |
Enhanced Method for Preventing Malware by Detecting of Injection Site |
| ÀúÀÚ(Author) |
¹éÀçÁ¾
Jaejong Baek
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 20 NO. 07 PP. 1290 ~ 1295 (2016. 07) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù ¸ð¹ÙÀÏ ÀÎÅÍ³Ý ÀÌ¿ë·üÀÌ ±ÞÁõÇÏ¸é¼ ÀÎÅÍ³Ý ÀÌ¿ëÀÚÀÇ À¥ ºê¶ó¿ìÀú¸¦ ÅëÇÑ »çȸ °øÇÐÀû ¶Ç´Â µå¶óÀÌºê ¹ÙÀÌ ´Ù¿î·Îµå ¹æ½ÄÀ¸·Î ¾Ç¼ºÄÚµå À¯Æ÷ °ø°ÝÀÌ È®»êµÇ°í ÀÖ´Ù. ÇöÀç µå¶óÀÌºê ¹ÙÀÌ ´Ù¿î·Îµå °ø°Ý ¹æ¾î ÃÊÁ¡Àº ÃÖÁ¾ ´Ù¿î·Îµå »çÀÌÆ® ¹× À¯Æ÷ °æ·Î¿¡ ÃÊÁ¡À» µÎ¾î ÁøÇàµÇ¾î ¿ÔÀ¸³ª °ø°Ý Ãʱ⠾ǼºÄڵ带 ÁÖÀÔÇÏ´Â ÀÎÁ§¼Ç »çÀÌÆ®¿¡ ´ëÇÑ Æ¯¼º ŽÁö ¹× Â÷´Ü¿¡ ´ëÇؼ´Â ÃæºÐÈ÷ ¿¬±¸µÇÁö ¾Ê¾Ò´Ù. º» ³í¹®¿¡¼´Â ÀÌ·¯ÇÑ ¾Ç¼º ÄÚµå ´Ù¿î·Îµå °ø°Ý¿¡ ´ëÇÑ ¹æ¾î¸Þ Ä¿´ÏÁò Çâ»óÀ» ¸ñÀûÀ¸·Î, ¾Ç¼ºÄÚµå ´Ù¿î·ÎµåÀÇ ÇÙ½É ±Ù¿øÁöÀÎ ÀÎÁ§¼Ç »çÀÌÆ®¸¦ ŽÁöÇÏ´Â ¹æ¾È¿¡ ´ëÇؼ ¿¬±¸ÇÑ´Ù. °á°úÀûÀ¸·Î ¾Ç¼ºÄÚµåÀÇ È®»êÀ» ¹æÁöÇϱâ À§ÇØ ´Ù¿î·Îµå °ø°ÝÀÇ ÃÖÁ¾ »çÀÌÆ®¸¦ ŽÁö ¹× Â÷´ÜÇÏ´Â ÇöÀçÀÇ URL ºí·¢ ¸®½ºÆ® ±â¹ý¿¡ Ãß°¡ÇÏ¿©, ¾Ç¼ºÄڵ带 ÁÖÀÔÇÏ´Â ÀÎÁ§¼Ç »çÀÌÆ®¸¦ ŽÁö Ư¡À» ÃßÃâ ÇÏ´Â ¹æ¾ÈÀ» Á¦½ÃÇÑ´Ù. ¶ÇÇÑ URL ºí·¢¸®½ºÆ® ±â¹ÝÀÇ Á¢±Ù¹ý°ú ºñ±³ÇÏ¿© ¾Ç¼ºÄÚµå °¨¿°·üÀ» È¿À²ÀûÀ¸·Î ÃÖ¼ÒÈ ÇÒ ¼ö ÀÖ´Â ¹æ¾ÈÀÓÀ» º¸ÀδÙ.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently, as mobile internet usage has been increasing rapidly, malware attacks through user's web browsers has been spreading in a way of social engineering or drive-by downloading. Existing defense mechanism against drive-by download attack mainly focused on final download sites and distribution paths. However, detection and prevention of injection sites to inject malicious code into the comprised websites have not been fully investigated. In this paper, for the purpose of improving defense mechanisms against these malware downloads attacks, we focus on detecting the
injection site which is the key source of malware downloads spreading. As a result, in addition to the current URL blacklist techniques, we proposed the enhanced method which adds features of detecting the injection site to prevent the malware spreading. We empirically show that the proposed method can effectively minimize malware infections by blocking the source of the infection spreading, compared to other approaches of the URL blacklisting that directly uses the drive-by browser exploits. |
| Å°¿öµå(Keyword) |
¸Ö¿þ¾î
¾Ç¼ºÄÚµå
µå¶óÀÌºê ¹ÙÀÌ ´Ù¿î·Îµå
ÀÎÁ§¼Ç »çÀÌÆ®
»çȸ °øÇÐÀû °ø°Ý
ÇØÅ·
Malware
Malicious Code
Drive-by Download
Injection Site
Social Engineering Attack
Hacking
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
