상세정보
학술대회
Transmitted File Extraction and Reconstruction from Network Packets
- 발행일
- 201510
- 출처
- World Congress on Internet Security (WorldCIS) 2015, pp.164-165
- 협약과제
- 15MS1600, 사이버 공격의 사전 사후 대응을 위한 사이버 블랙박스 및 통합 사이버보안 상황분석 기술 개발, 김종현
- 초록
- When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.
- KSP 제안 키워드
- File format, File type, Network Forensics, PE files, Protocol Analysis, Reconstruction technique, Transmitted file reconstruction, network packets, network protocol, network security, security system