Transmitted file extraction and reconstruction from network packets

Yangseo Choi; Joo Young Lee; Sunoh Choi; Jong Hyun Kim; Ikkyun Kim

doi:10.1109/WorldCIS.2015.7359436

Transmitted file extraction and reconstruction from network packets

Yangseo Choi
, Joo Young Lee
, Sunoh Choi
, Jong Hyun Kim
, Ikkyun Kim

Department of Software Engineering

Electronics and Telecommunications Research Institute

Research output: Contribution to conference › Conference paper › peer-review

2 Scopus citations

Abstract

When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.

Original language	English
Title of host publication	2015 World Congress on Internet Security, WorldCIS 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	164-165
Number of pages	2
ISBN (Electronic)	9781908320506
DOIs	https://doi.org/10.1109/WorldCIS.2015.7359436
State	Published - 2015.12.16
Event	World Congress on Internet Security, WorldCIS 2015 - Dublin, Ireland Duration: 2015.10.19 → 2015.10.21

Publication series

Name	2015 World Congress on Internet Security, WorldCIS 2015

Conference

Conference	World Congress on Internet Security, WorldCIS 2015
Country/Territory	Ireland
City	Dublin
Period	15.10.19 → 15.10.21

Keywords

malware collection
network forensics
Transmitted file reconstruction

Access to Document

10.1109/WorldCIS.2015.7359436

Cite this

Choi, Y., Lee, J. Y., Choi, S., Kim, J. H., & Kim, I. (2015). Transmitted file extraction and reconstruction from network packets. In 2015 World Congress on Internet Security, WorldCIS 2015 (pp. 164-165). Article 7359436 (2015 World Congress on Internet Security, WorldCIS 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/WorldCIS.2015.7359436

@inproceedings{375c63b7c97c43309b0becb13af8aa1d,

title = "Transmitted file extraction and reconstruction from network packets",

abstract = "When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.",

keywords = "malware collection, network forensics, Transmitted file reconstruction",

author = "Yangseo Choi and Lee, \{Joo Young\} and Sunoh Choi and Kim, \{Jong Hyun\} and Ikkyun Kim",

note = "Publisher Copyright: {\textcopyright} 2015 Infonomics Society.; World Congress on Internet Security, WorldCIS 2015 ; Conference date: 19-10-2015 Through 21-10-2015",

year = "2015",

month = dec,

day = "16",

doi = "10.1109/WorldCIS.2015.7359436",

language = "English",

series = "2015 World Congress on Internet Security, WorldCIS 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "164--165",

booktitle = "2015 World Congress on Internet Security, WorldCIS 2015",

}

Choi, Y, Lee, JY, Choi, S, Kim, JH & Kim, I 2015, Transmitted file extraction and reconstruction from network packets. in 2015 World Congress on Internet Security, WorldCIS 2015., 7359436, 2015 World Congress on Internet Security, WorldCIS 2015, Institute of Electrical and Electronics Engineers Inc., pp. 164-165, World Congress on Internet Security, WorldCIS 2015, Dublin, Ireland, 15.10.19. https://doi.org/10.1109/WorldCIS.2015.7359436

Transmitted file extraction and reconstruction from network packets. / Choi, Yangseo; Lee, Joo Young; Choi, Sunoh et al.
2015 World Congress on Internet Security, WorldCIS 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 164-165 7359436 (2015 World Congress on Internet Security, WorldCIS 2015).

Research output: Contribution to conference › Conference paper › peer-review

TY - GEN

T1 - Transmitted file extraction and reconstruction from network packets

AU - Choi, Yangseo

AU - Lee, Joo Young

AU - Choi, Sunoh

AU - Kim, Jong Hyun

AU - Kim, Ikkyun

PY - 2015/12/16

Y1 - 2015/12/16

N2 - When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.

AB - When hackers try to attack a target system, their first goal is to install a malware to the target system. It is because hackers can do anything what they want if a malware is installed. In the past, most of the malwares were Microsoft PE files, however they have been changed to various file formats such as pdf, jpg, doc, jar and so on. Under this circumstances some network security systems such as network forensics systems have to reconstruct those malwares from network packets to analyze the malwares. For that, we propose a file type signature and network protocol analysis based transmitted file reconstruction technique which can reconstruct various file types from network packets. In this paper, we show the implementation and file reconstruction results.

KW - malware collection

KW - network forensics

KW - Transmitted file reconstruction

UR - https://www.scopus.com/pages/publications/84967139326

U2 - 10.1109/WorldCIS.2015.7359436

DO - 10.1109/WorldCIS.2015.7359436

M3 - Conference paper

AN - SCOPUS:84967139326

T3 - 2015 World Congress on Internet Security, WorldCIS 2015

SP - 164

EP - 165

BT - 2015 World Congress on Internet Security, WorldCIS 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - World Congress on Internet Security, WorldCIS 2015

Y2 - 19 October 2015 through 21 October 2015

ER -

Transmitted file extraction and reconstruction from network packets

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this