• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2591-2611
• /
• 2020

Botnets have become one of the most significant threats to Internet-connected smartphones. A botnet is a combination of infected devices communicating through a command server under the control of botmaster for malicious purposes. Nowadays, the number and variety of botnets attacks have increased drastically, especially on the Android platform. Severe network disruptions through massive coordinated attacks result in large financial and ethical losses. The increase in the number of botnet attacks brings the challenges for detection of harmful software. This study proposes a smart framework for mobile botnet detection using static analysis. This technique combines permissions, activities, broadcast receivers, background services, API and uses the machine-learning algorithm to detect mobile botnets applications. The prototype was implemented and used to validate the performance, accuracy, and scalability of the proposed framework by evaluating 3000 android applications. The obtained results show the proposed framework obtained 98.20% accuracy with a low 0.1140 false-positive rate.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.1
• /
• pp.55-60
• /
• 2012

Recent botnets are widely using the DNS services at the connection of C&C server in order to evade botnet's detection. It is necessary to study on DNS analysis in order to counteract anomaly-based technique using the DNS. This paper studies collection of DNS traffic for experimental data and supervised learning for DNS traffic-based malicious domain classification such as query of domain name corresponding to C&C server from zombies. Especially, this paper would aim to determine significant features of DNS-based classification system for malicious domain extraction by the Principal Component Analysis(PCA).

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.119-122
• /
• 2019

최근 웹 변조 공격은 대형 포탈, 은행, 학교 등 접속자가 많은 홈페이지에 악성 URL을 불법 삽입하여 해당 URL을 통해 접속자 PC에 자동으로 악성코드 유포하고 대규모 봇넷(botnet)을 형성한 후 DDoS 공격을 수행하거나 감염 PC들의 정보를 지속적으로 유출하는 형태로 수행된다. 이때, 홈페이지에 삽입되는 악성 URL은 탐지가 어렵도록 Javascript 난독화 기법(obfuscation technique) 등으로 은밀히 삽입된다. 본 논문에서는 웹 소스코드에 은닉된 악성 Javascript URL들에 대한 일괄 점검체계를 제안하며, 구현된 점검체계의 prototype을 활용하여 점검성능에 대한 시험결과를 제시한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1849-1856
• /
• 2013

DOS attack, the short of Denial of Service attack is an internet intrusion technique which harasses service availability of legitimate users. To respond the DDoS attack, a lot of methods focusing attack source, target and intermediate network, have been proposed, but there have not been a clear solution. In this paper, we purpose the prevention of malicious activity and early detection of DDoS attack by detecting and removing the activity of botnets, or other malicious codes. For the purpose, the proposed method monitors the network traffic, especially DSN traffic, which is originated from botnets or malicious codes.

• Journal of Advanced Navigation Technology
• /
• v.17 no.6
• /
• pp.816-822
• /
• 2013

In modern networks, data rate is getting faster and transferred data is extremely increased. At this point, the malicious codes are evolving to various types very fast, and the frequency of occurring new malicious code is very short. So, it is hard to collect/analyze data using general networks with the techniques like traditional intrusion detection or anormaly detection. In this paper, we collect and analyze the data more effectively with cloud environment than general simple networks. Also we analyze the malicious code which is similar to real network's malware, using botnet server/client includes DNS Spoofing attack.