Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
Current Result Document :
ÇѱÛÁ¦¸ñ(Korean Title) |
·£¼¶¿þ¾î ºÐ¼® ¹× ŽÁöÆÐÅÏ ÀÚµ¿È ¸ðµ¨¿¡ °üÇÑ ¿¬±¸ |
¿µ¹®Á¦¸ñ(English Title) |
The Automation Model of Ransomware Analysis and Detection Pattern |
ÀúÀÚ(Author) |
ÀÌÈıâ
¼ºÁ¾Çõ
±èÀ¯Ãµ
±èÁ¾¹è
±è±¤¿ë
Hoo-Ki Lee
Jong-Hyuk Seong
Yu-Cheon Kim
Jong-Bae Kim
Gwang-Yong Gim
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 21 NO. 08 PP. 1581 ~ 1588 (2017. 08) |
Çѱ۳»¿ë (Korean Abstract) |
ÃÖ±Ù ±¤¹üÀ§ÇÏ°Ô À¯Æ÷µÇ°í ÀÖ´Â ·£¼¶¿þ¾î´Â ´Ü¼ø ÆÄÀÏ ¾ÏÈ£È ÈÄ ±ÝÀüÀ» ¿ä±¸ÇÏ´Â ±âÁ¸ ¹æ½ÄÀÇ °ø°Ý¿¡¼ ¹þ¾î³ª ½Å¡¤º¯Á¾ À¯Æ÷, »çȸ°øÇÐÀû °ø°Ý ¹æ¹ýÀ» ÀÌ¿ëÇÑ Ç¥ÀûÇü À¯Æ÷, ±¤°í ¼¹ö¸¦ ÇØÅ·ÇØ ·£¼¶¿þ¾î¸¦ ´ë·®À¸·Î À¯Æ÷ÇÏ´Â ¸Ö¹öŸÀÌ¡ ÇüÅÂÀÇ À¯Æ÷, RaaS µîÀ» ÅëÇØ ´õ¿í °íµµÈ, Áö´Éȵǰí ÀÖ´Ù. ƯÈ÷, º¸¾È¼Ö·ç¼ÇÀ» ¿ìȸÇϰųª ÆÄÀϾÏȣȸ¦ ÅëÇØ ÆĶó¹ÌÅÍ È®ÀÎÀ» ºÒ°¡´ÉÇÏ°Ô ÇÏ°í, APT °ø°ÝÀ» Á¢¸ñÇÑ Å¸°ÙÇü ·£¼¶¿þ¾î °ø°Ý µîÀ¸·Î °ø°ÝÀÚ¿¡ ´ëÇÑ ÃßÀûÀ» ¾î·Æ°Ô ÇÏ°íÀÖ´Ù. ÀÌ¿Í °°Àº ·£¼¶¿þ¾îÀÇ À§Çù¿¡¼ ¹þ¾î³ª±â À§ÇØ ´Ù¾çÇÑ Å½Áö±â¹ýÀÌ °³¹ßµÇ°í ÀÖÁö¸¸ »õ·Ó°Ô Ãâ¸ôÇÏ´Â ·£¼¶¿þ¾î¿¡ ´ëÀÀÇϱ⿡´Â Èûµç »óȲÀÌ´Ù. ÀÌ¿¡ º» ³í¹®¿¡¼´Â ½Ã±×´Ïó ±â¹ÝÀÇ Å½Áö ÆÐÅÏ Á¦ÀÛ ¹× ±× ¹®Á¦Á¡¿¡ ´ëÇØ ¾Ë¾Æº¸°í, ·£¼¶¿þ¾î¿¡ º¸´Ù ´õ ´Éµ¿ÀûÀ¸·Î ´ëóÇϱâ À§ÇØ ÀÏ·ÃÀÇ °úÁ¤À» ÀÚµ¿À¸·Î ÁøÇàÇÏ´Â ·£¼¶¿þ¾î °¨¿° ŽÁö ÆÐÅÏ ÀÚµ¿È ¸ðµ¨À» Á¦½ÃÇÑ´Ù. º» ¸ðµ¨Àº ±â¾÷À̳ª °ø°ø º¸¾È°üÁ¦¼¾ÅÍ¿¡¼ ´Ù¾çÇÑ ÀÀ¿ëÀÌ °¡´ÉÇÒ °ÍÀ¸·Î ±â´ëµÈ´Ù.
|
¿µ¹®³»¿ë (English Abstract) |
Recently, circulating ransomware is becoming intelligent and sophisticated through a spreading new viruses and variants, targeted spreading using social engineering attack, malvertising that circulate a large quantity of ransomware by hacking advertising server, or RaaS(Ransomware-as-a- Service), from the existing attack way that encrypt the files and demand money. In particular, it makes it difficult to track down attackers by bypassing security solutions, disabling parameter checking via file encryption, and attacking target-based ransomware with APT(Advanced Persistent Threat) attacks. For remove the threat of ransomware, various detection techniques are developed, but, it is very hard to respond to new and varietal ransomware. Accordingly, in this paper, find out a making Signature-based Detection Patterns and problems, and present a pattern automation model of ransomware detecting for responding to ransomware more actively. This study is expected to be applicable to various forms in enterprise or public security control center.
|
Å°¿öµå(Keyword) |
·£¼¶¿þ¾î
¸Ö¹öŸÀÌ¡
¼ºñ½º ÇüÅÂÀÇ ·£¼¶¿þ¾î
½Ã±×´Ïó ±â¹Ý ŽÁö
ÆÐÅÏ ÀÚµ¿È
Ransomware
Malvertising
RaaS
Signature-based Detection
Pattern Automation
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|