Sang-Soo Choi scite author profile

Sang-Soo Choi

5Publications

22Citation Statements Received

51Citation Statements Given

How they've been cited

How they cite others

Affiliations

Korea Institute of Science & Technology Information, Hannam University

Publications

Order By: Most citations

Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet

et al. 2017

View full text Add to dashboard Cite

Abstract:The darknet (i.e., a set of unused IP addresses) is a very useful solution for observing the global trends of cyber threats and analyzing attack activities on the Internet. Since the darknet is not connected with real systems, in most cases, the incoming packets on the darknet ('the darknet traffic') do not contain a payload. This means that we are unable to get real malware from the darknet traffic. This situation makes it difficult for security experts (e.g., academic researchers, engineers, operators, etc.) to identify whether the source hosts of the darknet traffic are infected by real malware or not. In this paper, we present the overall procedure of the in-depth analysis between the darknet traffic and IDS alerts using real data collected at the Science and Technology Cyber Security Center (S&T CSC) in Korea and provide the detailed in-depth analysis results. The ultimate goal of this paper is to provide practical experience, insight and know-how to security experts so that they are able to identify and trace the root cause of the darknet traffic. The experimental results show that correlation analysis between the darknet traffic and IDS alerts is very useful to discover potential attack hosts, especially internal hosts, and to find out what kinds of malware infected them.

show abstract

Visualization of security event logs across multiple networks and its application to a CSOC

Song

Choi

et al. 2017

Cluster Comput

View full text Add to dashboard Cite

Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response

Kim¹,

Choi²,

Park³

et al. 2014

Journal of the Korea Institute of Information Security and Cryp

View full text Add to dashboard Cite

New types of attacks that mainly compromise the public, portal and financial websites for the purpose of economic profit or national confusion are being emerged and evolved. In addition, in case of 'drive by download' attack, if a host just visits the compromised websites, then the host is infected by a malware. Website falsification detection system is one of the most powerful solutions to cope with such cyber threats that try to attack the websites. Many domestic CERTs including NCSC (National Cyber Security Center) that carry out security monitoring and response service deploy it into the target organizations. However, the existing techniques for the website falsification detection system have practical problems in that their time complexity is high and the detection accuracy is not high. In this paper, we propose website falsification detection system based on image and code analysis for improving the performance of the security monitoring and response service in CERTs. The proposed system focuses on improvement of the accuracy as well as the rapidity in detecting falsification of the target websites.

show abstract

A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic

Choi

Song

Kim

et al. 2013

Security Comm Networks

View full text Add to dashboard Cite

In general, attackers carry out scanning or probing against a certain network when they start to attack their victims. Because of this, darknet is very useful to observe the scanning activities of attackers who want to find their victims that have security vulnerabilities in operating systems, applications, services, and so on. Thus, by observing and analyzing darknet traffic, it is able to obtain an insight into malicious activities that are happening on the Internet and to identify potential attackers who sent attack packets to the darknet. However, darknet has a fatal limitation that most of the darknet traffic has no payload data. This means that we cannot collect the real attack codes from the original darknet traffic. To cope with this problem, we propose a security monitoring and response model to analyze cyber threats trend and to trace potential attackers based on darknet traffic. We have evaluated the proposed model using one /24 darknet IP addresses and TMS alerts that were obtained from TMS. The experimental results provided the statistical information of all the incoming darknet traffic so that we could obtain the global cyber threats trend. Furthermore, the experimental results demonstrated that we could obtain malicious attack patterns and attack codes that were not detected by TMS. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

A Malware Collection and Analysis Framework Based on Darknet Traffic

Song

Choi

2012

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sang-Soo Choi

Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet

Visualization of security event logs across multiple networks and its application to a CSOC

Website Falsification Detection System Based on Image and Code Analysis for Enhanced Security Monitoring and Response

A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic

A Malware Collection and Analysis Framework Based on Darknet Traffic

Contact Info

Product

Resources

About