http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
악성 봇의 호스트 전염 특성을 이용한 효과적인 행동기반 탐지기법
유승엽(Seungyeop Yoo),박동규(Donggue Park),장종수(Jongsoo Jang) 한국정보기술학회 2010 한국정보기술학회논문지 Vol.8 No.7
In this paper, we propose the effective malicious bot detection method based on general behavior characteristic that shows up at the moment when the malicious bot infects a host. In order to reduce false-positive, we consider the replication action, generated in the epidemic process of the malicious bot, registry registration, unregistration of an uninstall information and imported APIs. We make a report toward overall result of installation of the process through watching the log of the installation action(a file, registry, and network access related action) of the malicious program by using the code patch (Detour Patch). We distinguish whether it is malicious or normal by comparing the report and 6 suspicious behaviors.
URI 및 브라우저 행동 패턴의 특성을 이용한 HTTP get flooding 공격 탐지 알고리즘
유승엽(Seungyeop Yoo),박동규(Donggue Park),장종수(Jongsoo Jang) 한국정보기술학회 2011 한국정보기술학회논문지 Vol.9 No.1
Recently, a variety of DDoS attacks by botnets on a Web server has become the biggest threat. DDoS attack, which is called HTTP get flooding attack, is difficult to distinguish because DDoS attack to web server access is similar to normal access of user. In this paper, in order to detect HTTP get flooding attack, we propose a new algorithm by using URI character, which can be distinguished from the normal characteristics, and the extended algorithm of ALADDIN ALAB developed by ETRI. We experimented blackenergy, slowloris, netbot which use HTTP get flood attack. Then we get satisfactory results.