Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Research on countermeasures against malicious file upload attacks

악성 파일 업로드 공격 대응방안 연구

  • 김태경 (명지전문대학 인터넷응용보안공학과)
  • Received : 2020.06.08
  • Accepted : 2020.06.17
  • Published : 2020.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Malicious file upload attacks mean that the attacker to upload or transfer files of dangerous types that can be automatically processed within the web server's environment. Uploaded file content can include exploits, malware and malicious scripts. An attacker can user malicious content to manipulate the application behavior. As a method of detecting a malicious file upload attack, it is generally used to find a file type by detecting a file extension or a signature of the file. However, this type of file type detection has the disadvantage that it can not detect files that are not encoded with a specific program, such as PHP files. Therefore, in this paper, research was conducted on how to detect and block any program by using essential commands or variable names used in the corresponding program when writing a specific program. The performance evaluation results show that it detected specific files effectively using the suggested method.

Keywords

References

  1. 김수정.하지희.오수현.이태진, "정적 분석 기반 기계학습 기법을 활용한 악성코드 식별 시스템 연구," 정보보호학회논문지, 제29권, 제4호, 2019, pp.775-784. https://doi.org/10.13089/jkiisc.2019.29.4.775
  2. Cisco 2018 annual cybersecurity report, Cisco, 2018.
  3. 하정우.김휘강.임종인, "WhiteList 기반의 악성코드 행위분석을 통한 악성코드 은닉 웹사이트 탐지 방안 연구," 정보보호학회논문지, 제21권, 제4호, 2011, pp.61-75.
  4. Zhi-Yong Li, Ran Tao, Zhen-He Cai, Hao Zhang. "A Web Page Malicious Code Detect Approach Based on Script Execution," ICNC.09, Fifth International Conference, 2009, pp.308-312.
  5. 김광현, "웹 취약점 분석을 위한 프락시 시스템의 설계 및 구현," 한국정보통신학회논문지, 제18권, 제9호, 2014, pp.1011-1018.
  6. 박재연.이송연.이하은.이종우, "리눅스 아파치 웹 서버 실시간 로그 분석을 통한 공격 탐지 프로그램 개발," 정보과학회 컴퓨팅의 실제 논문지, 제24권, 제4호, 2018, pp.190-197. https://doi.org/10.5626/KTCP.2018.24.4.190
  7. P. M. Wrench, B. V. W. Irwin, "Towards a PHP webshell taxonomy using deobfuscation-assisted similarity analysis," 2015 Information Security for South Africa (ISSA), Johannesburg, 2015, pp.1-8.
  8. 이인복.오성일, "시그니처 기반 침입 탐지 시스템의 최적화," 정보과학회지, 제33권, 제6호, 2015, pp.55-60.
  9. Snort. http://www.snort.org.