An Improved Detecting Scheme of Malicious Codes using HTTP Outbound Traffic

최병하; Kyungsan CHO

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2009, 14(9), pp.47-54
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

최병하 ¹, Kyungsan CHO ²

¹단국대학교
²단국대학교

ABSTRACT

Malicious codes, which are spread through WWW, are now evolved with various hacking technologies. However, detecting technologies for them are seemingly not able to keep up with the improvement of hacking and newly generated malicious codes. In this paper, we define the requirements of detecting systems based on the analysis of malicious codes and their spreading characteristics, and propose an improved detection scheme which monitors HTTP Outbound traffic and detects spreading malicious codes in real time. Our proposed scheme sets up signatures in IDS with confirmed HTML tags and Java scripts which spread malicious codes. Through the verification analysis under the real-attacked environment, we show that our scheme is superior to the existing schemes in satisfying the defined requirements and has a higher detection rate for malicious codes.
KEYWORDS

악성코드(malicious code), Outbound Traffic, 탐지(detection), 시그너쳐(signature), HTML 태그(HTML tag)
REFERENCES (17)

[journal] 김미선 / 2007 / 웹 2.0과 Ajax 보안 취약점 / 정보과학회지 25(10) : 43~48

[book] 한국정보보호 진흥원 / 2009 / 2009년 1월 인터넷침해사고 동향 및 분석 월보

[web] / 안철수 연구소 / http://blog.ahnlab.com/ahnlab/576

[report] Joanna Rutkowska / 2006 / Introducing Stealth Malware Taxonomy / COSEINC Advanced Malware Labs

[journal] 우종우 / 2005 / A Development of Malware Detection Tool based on Signature Patterns / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 10(6) : 127~136

[report] 한국정보보호진흥원 / 2005 / 웹 해킹을 통한 악성 코드 유포 사이트 사고 사례

[journal] 김대유 / 2008 / Implementation of Web Searching Robot for Detecting of Phishing and Pharming in Homepage / 한국정보통신학회논문지 / 한국정보통신학회 12(11) : 1993~1998

[thesis] 최상명 / 2008 / 중국발 해킹 위협과 대응방안 / 석사 / 순천향대학원

[report] 한국정보보호진흥원 / 2005 / Muma, Hantian Trojan 분석

[book] 한국정보보호진흥원 / 2006 / 2006년 9월 인터넷 침해사고 동향 및 분석월보

[report] 한국정보보호진흥원 / 2008 / 자동화된 SQL Injection 공격을 통한 악성코드 대량 삽입 수법 분석 (Mass SQL Injection)

[report] 한국정보보호진흥원 / 2007 / 웹쉘의 현황 및 분석

[journal] 손우용 / 2004 / Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 9(2) : 81~87

[journal] 우종우 / 2005 / A Development of Malware Detection Tool based on Signature Patterns / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 10(6) : 127~136

[journal] 서정택 / 2007 / 가상환경을 이용한 악성코드 탐지기술 / 정보보호학회지 17(4) : 74~82

[journal] 양경철 / 2009 / A Study on the Analysis and Detection Methodfor Protecting Malware Spreading via E-mail / 정보보호학회논문지 / 한국정보보호학회 19(1) : 93~101

[journal] 박준홍 / 2008 / Real-time detection of malicious code using behavior pattern / 한국정보기술학회논문지 / 한국정보기술학회 6(6) : 124~130
KCI Citation (4)

KJC Korea
Journal Central

Statistics

Tools