ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술대회 Transmitted File Extraction and Reconstruction from Network Packets
Cited 1 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
최양서, 이주영, 최선오, 김종현, 김익균
World Congress on Internet Security (WorldCIS) 2015, pp.164-165
15MS1600, 사이버 공격의 사전 사후 대응을 위한 사이버 블랙박스 및 통합 사이버보안 상황분석 기술 개발, 김종현
When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.
malware collection, network forensics, Transmitted file reconstruction
KSP 제안 키워드
File format, File type, Network Forensics, PE files, Protocol Analysis, Reconstruction technique, Transmitted file reconstruction, malware collection, network packets, network protocol, network security