Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.4.47

Novel Anomaly Detection Method for Proactive Prevention from a Mobile E-finance Accident with User"s Input Pattern Analysis  

Seo, Ho-Jin (Graduate School of Information Security)
Kim, Huy-Kang (Graduate School of Information Security)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.4, 2011 , pp. 47-60 More about this Journal
Abstract
With the increase in the use of mobile banking service, mobile banking has become an attractive target to attackers. Even though many security measures are applied to the current mobile banking service, some threats such as physical theft or penetration to a mobile device from remote side are still remained as unsolved. With aiming to fill this void, we propose a novel approach to prevent e-financial incidents by analyzing mobile device user's input patterns. This approach helps us to distinguish between original user's usage and attacker's usage through analyzing personal input patterns such as input time-interval, finger pressure level on the touch screen. Our proposed method shows high accuracy, and is effective to prevent the e-finance incidents proactively.
Keywords
Mobile banking security; Input pattern analysis; Biometric; Neural network;
Citations & Related Records
연도 인용수 순위
  • Reference
1 "ZeuS Variants Targeting Mobile Banking," F-Secure, Sep. 2010, http:// www.f-secure.com /weblog/archives/00002037.html.
2 Alyuda, "Alyuda Neuro Intelligence," http://www.alyuda.com/neural-networks-software.html
3 N.L. Clarke and S.M. Furnell, "Advanced user authentication for mobile devices," Computers & Security, vol. 26, no. 2, pp. 109-119, Mar. 2007.   DOI   ScienceOn
4 P. Hanaeek, K. Malinka, and J. Schafer, "e-Banking Security - A Comparative Study," IEEE A&E SYSTEMS MAGAZINE, vol. 25, no. 1, pp. 29-34, Apr. 2010.
5 B.R. Cha, K.J. Kim, and H.S. Na, "Random Password Generation of OTP System using Changed Location and Angle of Fingerprint Features," IEEE 8th International Conference on Computer and Information Technology 2008, pp. 420-425, Jul. 2008.
6 J. Nie and X. Hu, "Mobile Banking Information Security and Protection Methods," Computer Science and Software Engineering International Conference, pp. 587-590, Dec. 2008.
7 J. Mantyjärvi, K. Nybergh, J. Himberg, and K. Hjelt, "Touch Detection System for Mobile Terminals," Mobile HCI 2004, LNCS 3160, pp. 331-336, 2004.
8 L. Xie, X. Zhang, J.P. Seifert, and S. Zhu, "pBMDS: A Behavior-based Malware Detection System for Cellphone Devices," Third ACM Conference on Wireless Network Security, pp. 37-48, Sep. 2010.
9 R. Hecht-Nielsen, "Theory of the Backpropagation Neural Network," International Joint Conference on Neural Network, pp. 593-605, Jun. 1989.
10 J.I. Miinnix, "Fault Tolerance of the Backpropagation Neural Network Trained on Noisy Inputs," International Joint Conference on Neural Network, pp. 847-852, Jun. 1992.
11 B. Schneier, "Two-Factor Authentication : Too Little, Too Late," AprilRisks, Communication of the ACM, vol. 48, no. 4, pp. 27, Apr. 2005.   DOI   ScienceOn
12 M Wu, S Garfinkel, and B Miller, "Secure Web Authentication with Mobile Phones," DIMACS Workshop on Usable Privacy and Security Software, pp. 9-10, Jul. 2004.
13 F Aloul, S Zahidi, and W El-Hajj, "Two Factor Authentication Using Mobile Phones," IEEE/ACS International Conference on Computer Systems and Applications, pp. 641-644, May. 2009.
14 "Mobile Security Report 2009", McAfee, 2009. http://www.mcafee.com/us/resources/reports/
15 P Ho and J Armington, "A Dual-Factor Authentication System Featuring Speaker Verification and Token Technology," AVBPA 2003, LNCS 2688, pp. 128-136, 2003.
16 C Mulliner, "Fuzzing the Phone in your Phone," TU-Berlin/T-Labs. BlackHat USA, Jun. 2009, http://www.blackhat.com/ presentations /bh-usa-09/MILLER/
17 한국은행, "2010년 3/4분기 국내 인터넷뱅킹서비스 이용 현황," 2010년 10월.
18 "Zeus Strikes Mobile Banking," BankInfo Security, Oct. 2010. http://www.bankinfo security.com/articles.php?art_id=3005
19 A. Castiglione, R.D. Prisco, and A. De Santis, "Do Your Trust Your Phone?," EC-Web 2009, LNCS 5692, pp. 50-61, 2009.
20 A.D. Schmidt, F. Peters, F. Lamour, C. Scheel, S.A. Çamtepe, and S. Albayrak, "Monitoring Smart phones for Anomaly Detection," Mobile Network and Applications, vol. 14, no. 1, pp. 92-106, Nov. 2008.
21 금융감독원, "최근 5년간 전산보안사고 내역 및 처리현황," 2009년 9월.
22 김소이, "전자금융사고 발생유형 및 대응현황," 금융결제원, 지급결제와 정보기술, pp. 34-62, 2009년 10월.