• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.921-928
• /
• 2016

Over the past few years, Smishing attacks such as malicious url and malicious application have been emerged as a major problem in South Korea since it caused big problems such as leakage of personal information and financial loss. Users are susceptible to Smishing attacks due to the fact that text message may contain curios content. Because of that reason, user could follow the url, download and install malicious APK file without any doubt or verification process. However currently Anti-Smishing App that adopted post-processing method is difficult to respond quickly. Users need a system that can determine whether the modification of the APK file and malicious url in real time because the Smishing can cause financial damage. This paper present the cloud-based system for verifying malicious url and malicious APK file in user device to prevent secondary damage such as smishing attacks and privacy information leakage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.103-113
• /
• 2017

Cyber attacks can be classified by type of cyber war, terrorism and crime etc., depending on the purpose and intent. Those are mobilized the various means and tactics which are like hacking, DDoS, propaganda. The damage caused by cyber attacks can be calculated by a variety of categories. We may identify cyber attackers to pursue trace-back based facts including digital forensics etc. However, recent cyber attacks are trying to induce confusion and deception through the manipulation of digital information or even conceal the attack. Therefore, we need to do the harm-based analysis. In this paper, we analyze the damage caused during cyber attacks from economic and political point of view and by inferring the attack intent could classify types of cyber attacks.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.12
• /
• pp.1841-1848
• /
• 2013

In this paper, the plans for improvement of real-time security monitoring accuracy and expansion of control region were investigated through comprehensive and systematic collection and analysis of the anomalous activities that inflow and outflow in the network on a large scale in order to overcome the existing security monitoring system based on stylized detection patterns which could correspond to only very limited cyber attacks. This study established an anomaly observation system to collect, store and analyze a diverse infringement threat information flowing into the darknet network, and presented the information classification system of cyber threats, unknown anomalies and high-risk anomalous activities through the statistics based trend analysis of hacking. If this security monitoring system utilizing darknet traffic as presented in the study is applied, it was indicated that detection of all infringement threats was increased by 12.6 percent compared with conventional case and 120 kinds of new type and varietal attacks that could not be detected in the past were detected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.941-950
• /
• 2015

Internet banking is widely used in our life with the development of the internet. At the same time, phishing attacks to internet banking have been increased by using malicious object to make unfair profit. People using internet banking service in Korea is required to install security modules such as anti-virus and keyboard protection. However phishing attack technique has been progressed and the advanced technique such as memory hacking defeats the security module of internet banking service. In this paper, we describe internet banking security modules provided by Korean internet banks and analyze how keyboard encryption module works. And we propose an attack to manipulate account transfer information using javascript. Although keyboard protection module provides two functions that protect leakage and manipulation of account transfer information submitted by users against the malicious program of hackers. Our proposed technique can manipulate the account transfer information and result html pages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.475-487
• /
• 2016

Recently, various risks of smartphone hacking are emerging. Smishing crime techniques become more cunning and its damage has been increasing, thereby requiring effective ways of preventing and coping with smishing. Especially, it is emphasized the need for smartphone users' security awareness and training besides technological approach. This study investigates the effective method for providing news messages in order to improve the perception of risk from smishing. This research empirically examines that the degree of optimistic bias on risk perception can vary depending on news frame, topic type, and involvement regarding smishing. Based on the findings, it identifies the factors influencing risk perception and verifies effective ways of promoting individual security awareness on smishing. The results of this study provide implications that assist in educating, campaigning and promoting information security awareness for smart device users.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.45-56
• /
• 2005

The weak foundation of the computing environment caused information leakage and hacking to be uncontrollable, Therefore, dynamic control of security threats and real-time reaction to identical or similar types of accidents after intrusion are considered to be important, h one of the solutions to solve the problem, studies on intrusion detection systems are actively being conducted. To improve the anomaly IDS using system calls, this study focuses on neural networks learning using the soundex algorithm which is designed to change feature selection and variable length data into a fixed length learning pattern, That Is, by changing variable length sequential system call data into a fixed iength behavior pattern using the soundex algorithm, this study conducted neural networks learning by using a backpropagation algorithm. The backpropagation neural networks technique is applied for anomaly detection of system calls using Sendmail Data of UNM to demonstrate its performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.501-514
• /
• 2013

A grouping process through the similarity comparison is required to effectively classify and respond a malicious code. When we have a use of the past similarity criteria to be used in the comparison method or properties it happens a increased problem of false negatives and false positives. Therefore, in this paper we apply to choose variety of properties to complement the problem of behavior analysis on the heuristic-based of 2nd step in malicious code auto analysis system, and we suggest a similarity comparison method applying AHP (analytic hierarchy process) for properties weights that reflect the decision-making technique. Through the similarity comparison of malicious code, configured threshold is set to the optimum point between detection rates and false positives rates. As a grouping experiment about unknown malicious it distinguishes each group made by malicious code generator. We expect to apply it as the malicious group information which includes a tracing of hacking types and the origin of malicious codes in the future.

• Journal of Internet of Things and Convergence
• /
• v.5 no.2
• /
• pp.33-39
• /
• 2019

Entering the 4^th industrial revolution, many technologies are developing and various threats are emerging. In order to cope with such threats, research is being conducted in many fields. Even in the development of various fields, the threats caused by the development of medical technology and intelligent vehicles are the threats to life due to misinformation about medical care and the threats to life by preventing the safe operation of people through intelligent vehicles. In this paper, as the patient's information is important, the private blockchain is used to increase the safety, efficiency, and scalability of the patient's medical records. We propose an information protection technique using blockchain technology to hack the car system and threaten the driver's life, solve privacy problems by identifying personal information and differences, and prevent forgery in the Internet of Things.

• Convergence Security Journal
• /
• v.14 no.2
• /
• pp.17-24
• /
• 2014

Form of backdoor penetration attacks "trapdoor" penetration points to bypass the security features and allow direct access to the data. Backdoor without modifying the source code is available, and even code generation can also be modified after compilation. This approach by rewriting the compiler when you compile the source code to insert a specific area in the back door can be due to the use of the method. Defense operations and the basic structure of the backdoor or off depending on the nature of the damage area can be a little different way. This study is based on the diagnosis of a back door operating mechanism acting backdoor analysis methods derived. Research purposes in advance of the attack patterns of malicious code can respond in a way that is intended to be developed. If we identify the structures of backdoor and the infections patterns through the analysis, in the future we can secure the useful information about malicious behaviors corresponding to hacking attacks.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.21-27
• /
• 2017

Internet of Things(IoT), which is developing for the hyper connection society, is based on OSHW (Open Source Hardware) such as Arduino and various small products are emerging. Because of the limitation of low performance and low memory, the IoT is causing serious information security problem that it is difficult to apply strong security technology. In this paper, we analyze the vulnerability that can occur as a result of compiling and loading the application program of Arduino on the host computer. And we propose a new attack method that allows an attacker to arbitrarily change the value input from the sensor of the arduino board. Such as a proposed attack method may cause the arduino board to misinterpret environmental information and render it inoperable. By understanding these attack techniques, it is possible to consider how to build a secure development environment and cope with these attacks.