DOI QR코드

DOI QR Code

스미싱 공격 방지를 위한 클라우드 메시징 서비스

Cloud Messaging Service for Preventing Smishing Attack

  • 박효민 (부경대학교 대학원 정보보호학협동과정) ;
  • 김완석 (부경대학교 IT융합응용공학과) ;
  • 강소정 (부경대학교 IT융합응용공학과) ;
  • 신상욱 (부경대학교 IT융합응용공학과)
  • Park, Hyo-Min (Interdisciplinary Program of Information Security, Graduate School, Pukyong National University) ;
  • Kim, Wan-Seok (Dept. of IT Convergence and Application Eng., Pukyong National University) ;
  • Kang, So-Jeong (Dept. of IT Convergence and Application Eng., Pukyong National University) ;
  • Shin, Sang Uk (Dept. of IT Convergence and Application Eng., Pukyong National University)
  • 투고 : 2017.03.02
  • 심사 : 2017.04.20
  • 발행 : 2017.04.28

초록

스마트 디바이스에 대한 악의적인 공격들이 빠르게 진화하고 있고, 이들 공격에 대해 스마트 디바이스를 적절하게 보호하는 것은 매우 중요한 이슈로 부각되고 있다. 특히, 스미싱 공격은 스마트 폰에서 가장 중요한 위협들 중의 하나로 주목되고 있다. 이 논문에서는 스미싱 공격의 위험으로부터 사용자를 근본적으로 보호할 수 있는 클라우드 서비스를 제안한다. 제안된 클라우드 메시징 서비스는 사용자 스마트 디바이스에서 URL을 포함한 텍스트 메시지들을 필터링하여 클라우드 서버에 의해 제공되는 가상 머신을 통해 필터링된 메시지들을 확인하고 관리할 수 있는 클라우드 서비스를 제공한다. 기존의 스미싱 방지 기법들이 이미 알려진 패턴의 악성코드에 대해서만 보호하거나, 오탐(FP) 또는 미탐(FN) 등의 오류 가능성을 내포하고 있지만, 제안 기법은 URL을 포함하고 있는 모든 문자 메시지들을 자동적으로 필터링하여 클라우드 서버 상의 저장공간에 저장하고 확인 및 관리하기 때문에 스마트 디바이스에서 스미싱 공격에 의한 멀웨어(악성코드)의 설치를 완벽하게 차단할 수 있다.

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

키워드

참고문헌

  1. D.W. Park, "Analysis on Mobile Forensic of Smishing Hacking Attack," Journal of the Korean Institute of Information and Communication Engineering, vol. 8, no. 12, pp. 2878-2883, 2014.
  2. D.W. Park, "Analysis of Mobile Smishing Hacking Trends and Security Measures," Journal of the Korea Institute of Information and Communication Engineering, Vol. 19, No. 11, pp. 2615-2622, 2015. https://doi.org/10.6109/jkiice.2015.19.11.2615
  3. S.Y. Lee, H.S. Kang, and J.S. Moon, "A Study on Smishing Block of Android Platform Environment," Journal of the Korea Institute of Information Security and Cryptology, Vol. 24, No. 5, pp. 975-985, 2014. https://doi.org/10.13089/JKIISC.2014.24.5.975
  4. Yun-Young Song, Kyung min Han, "A Study of Response and Plan of Banks for Mobile Payments of Non-financial Corporations", Journal of IT Convergence Society for SMB, Vol. 5, No. 2, pp.7-13, 2015.
  5. Smishing(2008), http://www.police.go.kr/portal/main/contents.do?menuNo=200287 (accessed Jun., 24, 2016).
  6. D.C. Kim, and J.C. Ryou, "The blocking method for accessing toward malicious sites based on Android platform," Journal of the Korea Institute of Information Security and Cryptology, Vol. 24, No. 3, pp. 499-505, 2014. https://doi.org/10.13089/JKIISC.2014.24.3.499
  7. W.J. Park, K.H. Lee, S.J. Kim, and W. Ryu, "A financial fraud protection platform on Android smartphones in real-time," Information and Communication Technology Convergence (ICTC), 2015 International Conference on. IEEE, pp. 1246-1248, 2015.
  8. Sik-Wan Cho, Won-Jun Jang, Hyung-Woo Lee, "Development of User Oriented Vulnerability Analysis Application on Smart Phone", Journal of the Korea Convergence Society, Vol. 3, No. 2, pp. 7-12, 2012.
  9. Byung-Seok Yu, Sung-Hyun Yun, "The Design and Implementation of Messenger Authentication Protocol to Prevent Smart Phone Phishing", Journal of the Korea Convergence Society, Vol. 2, No. 4, pp. 9-14, 2011.
  10. Sunghyuck Hong, "Cognitive Approach to Anti-Phishing and Anti-Pharming : Survey", Journal of IT Convergence Society for SMB, Vol. 3, No. 2, pp.33-39, 2013.
  11. H. Shahriar, T. Klintic, and V. Clincy, "Mobile Phishing Attacks and Mitigation Techniques," Journal of Information Security, Vol. 6 No. 3, pp. 206-212, 2015. https://doi.org/10.4236/jis.2015.63021
  12. C.F.M. Foozy, R. Ahmad, and M.F. Abdollah, "Phishing detection taxonomy for mobile device," International Journal of Computer Science, Vol. 10, No. 3,pp. 338-344, 2013.
  13. P. He, X. Wen, and W. Zheng, "A Novel Method for Filtering Group Sending Short Message Spam," Proceedings of the International Conference on Convergence and Hybrid Information Technology, 2008. ICHIT'08, International Conference on, pp. 60-65, 2008.
  14. J.W Yoon, H Kim, and J. H Huh, "Hybrid spam filtering for mobile communication," Computers & Security, Vol. 29, pp. 446-459, 2010. https://doi.org/10.1016/j.cose.2009.11.003
  15. T.T. Mahmoud, and A.M. Mahfouz, "SMS Spam Filtering Technique Based on Artificial Immune System," International Journal of Computer Science, Vol. 9, pp. 589-597, 2012.
  16. S. Sheng, B. Wardman, G. Warner, L. Cranor, J. Hong, and C. Zhang, "An Empirical Analysis of Phishing Blacklists," 6th Annual Conference on Email and AntiSpam (CEAS), 2009.
  17. Desktop as a Service(2016), https://en.wikipedia.org/wiki/Desktop_virtualization#Desktop_as_a_Service (accessed Jun., 24, 2016).
  18. M. Khonji, Y. Iraqi, and A. Jones, "Phishing Detection: A Literature Survey," IEEE Communications Survey & Tutorials, Vol. 15, No. 4, pp. 2091-2121, 2013. https://doi.org/10.1109/SURV.2013.032213.00009