Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.2.293

Designing SMS Phishing Profiling Model  

Jeong, Youngho (International Cybercrime Research Center, Korean National Police University)
Lee, Kukheon (Digital Forensic Research Center, Korea University)
Lee, Sangjin (Digital Forensic Research Center, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.2, 2015 , pp. 293-302 More about this Journal
Abstract
With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.
Keywords
Cyber-crime; Profiling; Smishing;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Korean Nation Police Agency, http://www.police.go.kr/cmm/fms/FileDown.do?atchFileId=FILE_000000000064121&fileSn=1&bbsId=B0000011
2 Financial Services Commission, http://www.fsc.go.kr/info/ntc_news_view.jsp?menu=7210100&bbsid=BBS0030&no=29505, Dec. 2013.
3 InfoWorld, http://www.infoworld.com/article/2659058/security/mcafee-warnsof-smishing--attacks.html
4 Korean Nation Police Agency, http://www.police.go.kr/portal/main/contents.do?menuNo=200287
5 Jae-sung Yun, et al. "Andro-profiler: Anti-malware system based on behavior profiling of mobile malware," Journal of The Korea Institute of Information Security & Cryptology, 24(1), pp. 145-154, Feb. 2014.   DOI
6 Changwook Park, et al. "Research on the Classification Model of Similarity Malware using Fuzzy Hash," Journal of The Korea Institute of Information Security & Cryptology, 22(6), pp. 1325-1336, Dec. 2012.
7 Jae-woo Park, et al. "An Automatic Malware Classification System using String List and APIs," Journal of Security Engineering, 8(5), pp. 611-626, Oct. 2011.
8 Dong-Jie Wu, et al. "Droidmat: Android malware detection through manifest and API calls tracing," Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on. IEEE, 2012.
9 Choon Kyong Joo and Ji won Yoon, "Discrimination of SPAM and prevention of smishing by sending personally identified SMS(For financial sector)," Journal of The Korea Institute of Information Security & Cryptology, 24(4), pp. 645-653, Aug. 2014.   DOI
10 SangKeun Jang, "A strategy for mobile malicious code and a method for diagnosis of moblie malicious code by case anlaysis," KIISC Review, 23(2), pp. 14-20, Apr. 2013.
11 Douglas, John E., et al. "Criminal profiling from crime scene analysis," Behavioral Sciences & the Law, vol. 4, no. 4, pp. 401-421, 1986.   DOI
12 Chaeho Lim, et al. "Profiling of Cyber-crime by Psychological View," Journal of The Korea Institute of Information Security & Cryptology, 19(4), pp. 115-124, Aug. 2009.
13 Cheol-Woo Jeong, et al. "A design for Profiling-system of Cyberterrorism," Korean National Police Agency, Jan. 2013.
14 Hongsuk Yang, "A model design for Profiling of DDoS Crime," Ph.D. Thesis, Korea University, Feb. 2012.
15 Neumann, Alexander, Johannes Barnickel, and Ulrike Meyer. "Security and privacy implications of url shortening services," Proceedings of the Workshop on Web 2.0 Security and Privacy, 2010.
16 Android Developer, "app-signing", http://developer.android.com/tools/publishing/app-signing.html
17 Java SE Documentation, "keytool", http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
18 Gephi v0.8.2, http://gephi.github.io/
19 Jun-Hyung Kim and Eul-Gyu Im, "Androguard: Similarity Analysis for Android Application Binaries", Korea Computer Congress 2014, pp. 101-103, Jun, 2014.