Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.5.1179

A Study on Online Fraud and Abusing Detection Technology Using Web-Based Device Fingerprinting  

Jang, Seok-eun (Chonnam National University)
Park, Soon-tai (KISA)
Lee, Sang-joon (Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.5, 2018 , pp. 1179-1195 More about this Journal
Abstract
Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.
Keywords
Device Fingerprinting; Online Fraud; Abusing; Web Security; Web Access Control;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 OWASP, "OWASP top ten project, OW ASP top 10 - 2017", https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project, 2017.
2 Korea Communications Commission, "Press releases - Concentrated illegal transactions such as ID on the Internet", Mar. 2018.
3 Lim Hyungjin, "Development direction of abnormal behavior detection system technology," The Journal of The Korean Institute of Communication Sciences, Vol. 34, No. 3, pp. 37-46, Feb, 2017.
4 Financial Security Research Institute, "Overseas Financial Transaction Detection System Technical Guide", Aug. 2014.
5 ZDNet Korea, "http://www.zdnet.co.kr/news/news_view.asp?artice_id=20180822173414&type=det&re=zdk".
6 LexisNexis, "2018 True Cost of Fraud: Retail Edition". July 2018.
7 Seong Hoon Jeong, Hana Kim, Youngsang Shin, Taejin Lee and Huy Kang Kim, "A Survey of Fraud Detection Research based on Transaction Analysis and Data Mining Technique," Journal of the Korea Institute of Information Security & Cryptology, Vol. 25, No. 6, pp. 1525-1540, Dec, 2015.   DOI
8 Kim Jung Sun, "Anomaly Detection Analysis Method for Preventing Phishing Fraud," REVIEW OF KIISC, Vol. 23, No. 6, pp. 41-48, Dec, 2013.
9 Si-wan Yoo, "Study on a Real Time Based Suspicious Transaction Detection and Analysis Model to Prevent Illegal Money Transfer Through E-Banking Channels," Journal of the Korea Institute of Information Security & Cryptology, Vol. 26, No. 6, pp. 1513-1526, Dec, 2016.   DOI
10 Eui-soon Choi and Kyung-ho Lee, "A Study on Improvement of Effectiveness Using Anomaly Analysis rule modification in Electronic Finance Trading," Journal of the Korea Institute of Information Security & Cryptology, Vol. 25, No. 3, pp. 615-625, Jun, 2015.   DOI
11 Jiyoung Woo, Hana Kim, Byung Il Kwak and Huy Kang Kim, "온An abnormal transaction detection model based on online game payment data analysis", REVIEW OF KIISC, Vol. 26, No. 3, pp. 38-44, Jun, 2016.
12 Hee Chan Han, Hana Kim and Huy Kang Kim, "Fraud Detection System in Mobile Payment Service Using Data Mining," Journal of the Korea Institute of Information Security & Cryptology, Vol. 26, No. 6, pp. 1527-1537, Dec, 2016.   DOI
13 Woo Young Moon and Soo Dong Kim, "Adaptive Framework for Detecting FinTech Frauds," KIISE Transactions on Computing Practices, Vol. 24, No.7, pp. 337-344, Jul, 2018.   DOI
14 KISA, "Consumer protection in the era of online tracking: Suggestions for improving legislative framework", Aug. 2017.
15 Nick Nikiforakis, Alexandros Kapravelos "Cookieless monster : Exploring the ecosystem of web-based device fingerprinting", 2013 IEEE Symposium on Security and Privacy, pp.541-555, 2013.
16 Wikipedia, "HTTP cookie", https://en.wikipedia.org/wiki/HTTP_cookie
17 Wikipedia, "Web beacon", https://en.wikipedia.org/wiki/Web_beacon
18 Stefanie Olsen, "Nearly undetectable tracking device raises concern", CNET News, JAN. 2002.
19 Peter Eckersley, "How Unique Is Your Web Browser?", Electronic Frontier Foundation, 2010.
20 Mitchell Reichgut, "Advertiser ID Tracking And What It Means For You", Forbes, May. 2016.
21 Wikipedia, "Cross-device tracking", https://en.wikipedia.org/wiki/Cross-device_tracking
22 Allaboutcookies, "Mobile Technology Tracking Methods other than cookies", http://www.allaboutcookies.org
23 Threat Metrix, "Device fingerprinting and fraud protection whitepaper", ThreatMetrix.com
24 Iovation, "The power of device intelligence", Iovation.com
25 Threat Metrix, "ThreatMetrix ushers in the new era of trust and identity with ThreatMetrix ID - Digital Identity Summit 2017", ThreatMetrix.com, Sep. 2017.
26 Financesonline.com, "https://reviews.financesonline.com/p/iovation/" Finance sonline.
27 Mozilla, "Introduction to the DOM", https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model/Introduction
28 Gunes Acar & Christian Eubank, "The Web Never Forgets : Persistent Tracking Mechanisms in the Wild", CCS '14, pp.674-689, Nov 2014.
29 amiunique.org, "https://amiunique.org/stats", amiunique