Detection of Malware Propagation in Sensor Node and Botnet Group Clustering Based on E-mail Spam Analysis

Lee, Tae-Jin; Cho, Hesun; Park, Haeryong; Kwak, Jin

doi:10.1155/2015/530250

Cited by 4 publications

(2 citation statements)

References 14 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regarding attacker profiling from the viewpoint of botnet, Gu, G., M. Feily, et al conducted a study on analyzing the attack resources possessed by the same attacker by detecting botnets and analyzing the command and control channel [5,6]. H. Choi, P. Sroufe, et al performed research on the detection of the botnet group infected by the same malicious code by analyzing the spam bot that sends spam e-mails [7,8,9]. Regarding profiling from the viewpoint of the cyber-attacker, Watters studied cyber-attacker models from the viewpoint of social and economic relation [10], whereas Kapetanakis performed research on case-based reasoning using characteristics that can identify the attacker such as technical standard, purpose, anti-forensic, and grammatical error [11].…”

Section: Related Workmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

show abstract

Section: Related Workmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

show abstract

“…Direct-to-MX). Detection based on the open relay vulnerability needs to be improved because it requires a not inconsiderable amount of arithmetic operation, while its effectiveness is not very significant [25]. This paper removes the detection method based on the open relay vulnerability, as it is not very effective, among the detection methods proposed by Lee.…”

Section: Related Workmentioning

confidence: 99%

EMICS: E-mail based Malware Infected IP Collection System

Lee¹,

Kwak²

2018

KSII TIIS

View full text Add to dashboard Cite

Cyber attacks are increasing continuously. On average about one million malicious codes appear every day, and attacks are expanding gradually to IT convergence services (e.g. vehicles and television) and social infrastructure (nuclear energy, power, water, etc.), as well as cyberspace. Analysis of large-scale cyber incidents has revealed that most attacks are started by PCs infected with malicious code. This paper proposes a method of detecting an attack IP automatically by analyzing the characteristics of the e-mail transfer path, which cannot be manipulated by the attacker. In particular, we developed a system based on the proposed model, and operated it for more than four months, and then detected 1,750,000 attack IPs by analyzing 22,570,000 spam e-mails in a commercial environment. A detected attack IP can be used to remove spam e-mails by linking it with the cyber removal system, or to block spam e-mails by linking it with the RBL(Real-time Blocking List) system. In addition, the developed system is expected to play a positive role in preventing cyber attacks, as it can detect a large number of attack IPs when linked with the portal site.

show abstract