In the targeted email attacks, it is often used the documentation file embedded with the execution files. To detect this kind of malicious documentation file, researching with the malcode detection approach has been focused. However, because the attacker can write the arbitrary code, thus it is always behind of the attacker to find the unknown malcode by focusing the traditional malcode detection methods.
In this talk I will introduce a different analytical approach compared to the more traditional malcode detection approach to detecting targeted email attacks by focusing on structural analysis of file formats. I will explain the ability to detect malware solely on file size and introduce o-checker which has implemented a general detection method that does not rely on the content of malicious code.
Started to be interested in programming around 1987.
2005 Employed by the National Police Agency.
2007 National Police Agency Public Safety Information Technology Counter Crime Division.
2001 National Police Agency Information Communication Division Information Technology Analysis Division.
2012 Assigned to The National Information Security Center.