• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.5
• /
• pp.165-170
• /
• 2023

With the recent rise of blockchain technology, cryptocurrency platforms using it are increasing, and currency transactions are being actively conducted. However, crimes that abuse the characteristics of cryptocurrency are also increasing, which is a problem. In particular, phishing scams account for more than a majority of Ethereum cybercrime and are considered a major security threat. Therefore, effective phishing scams detection methods are urgently needed. However, it is difficult to provide sufficient data for supervised learning due to the problem of data imbalance caused by the lack of phishing addresses labeled in the Ethereum participating account address. To address this, this paper proposes a phishing scams detection method that uses both Trans2vec, an effective graph embedding techique considering Ethereum transaction networks, and semi-supervised learning model Tri-training to make the most of not only labeled data but also unlabeled data.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.151-160
• /
• 2024

In recent years with high interest rates and inflations, which worsen people's lives, voice phishing crimes also increase along with damage. Voice phishing that becomes more evolved by technology developments causes serious financial and mental damage to victims. This work aims to study time series models for its accurate prediction. ARIMA, SARIMA and SARIMAX models are compared. As exogenous variables, the amount of damages and the numbers of arrests and criminals are adopted. Forecasting performances are evaluated. Prediction intervals are constructed along with empirical coverages, which justify the superiority of the model. Finally, the numbers of voice phishing up to December 2024 are predicted, through which we expect the establishment of future prevention strategies for voice phishing.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.5
• /
• pp.223-230
• /
• 2013

With the rapid development of IT technologies, many people talk to each other in real time on-line using messenger or use the messenger to share files for work. However, using this convenience, phishing crimes occur: e.g. demanding money, and if a criminal uses a bypassing technique like proxy in order to hide the IP address the criminal has used to log on, it is in fact, difficult to find the criminal's real IP address. This paper will propose a plan to measure against messenger phishing that may occur in advance by collecting the IP address with which a user has used in a dual channel mode and the real IP address obtained by ARIT Agent using ARIT technique, going through a separate identification process and deciding whether the user has accessed in a normal method.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.171-177
• /
• 2006

The hacking aspect of recent times is changing, the phishing attack which uses a social engineering technique is becoming the threat which is serious in Information Security. It cheats the user and it acquires a password or financial information of the individual and organization. The phishing attack uses the home page which is fabrication and E-mail and acquires personal information which is sensitive and financial information. This study proposes the establishment of National Fishing Response Center, complement of relation legal system Critical intelligence distribution channel of individual and enterprise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.215-223
• /
• 2019

The recent trend of cyber attack threat is mainly APT (Advanced Persistent Threat) attack. This attack is a combination of hacking techniques to try to steal important information assets of a corporation or individual, and social engineering hacking techniques aimed at human psychological factors. Spear phishing attacks, one of the most commonly used APT hacking techniques, are known to be easy to use and powerful hacking techniques, with more than 90% of the attacks being a key component of APT hacking attacks. The existing research for cyber security threat defense is mainly focused on the technical and policy aspects. However, in order to preemptively respond to intelligent hacking attacks, it is necessary to study different aspects from the viewpoint of social engineering. In this study, we analyze the correlation between human personality type (DISC) and cyber security threats, focusing on spear phishing attacks, and present countermeasures against security threats from a new perspective breaking existing frameworks.

• KIPS Transactions on Software and Data Engineering
• /
• v.11 no.10
• /
• pp.437-446
• /
• 2022

Text classification task from Natural Language Processing (NLP) combined with state-of-the-art (SOTA) Machine Learning (ML) and Deep Learning (DL) algorithms as the core engine is widely used to detect and classify voice phishing call transcripts. While numerous studies on the classification of voice phishing call transcripts are being conducted and demonstrated good performances, with the increase of non-face-to-face financial transactions, there is still the need for improvement using the latest NLP technologies. This paper conducts a benchmarking of Korean voice phishing detection performances of the pre-trained Korean language model KoBERT, against multiple other SOTA algorithms based on the classification of related transcripts from the labeled Korean voice phishing dataset called KorCCVi. The results of the experiments reveal that the classification accuracy on a test set of the KoBERT model outperforms the performances of all other models with an accuracy score of 99.60%.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.29-36
• /
• 2023

With the recent surge in exposure to fake advertising phishing sites in search engines, the damage caused by poor search quality and personal information leakage is increasing. In particular, the seriousness of the problem is worsening faster as the possibility of automating the creation of advertising phishing sites through tools such as ChatGPT increases. In this paper, the source code of fake advertising phishing sites was statically analyzed to derive structural commonalities, and among them, a detection crawler that filters sites step by step based on foreign domains and redirection was developed to confirm that fake advertising posts were finally detected. In addition, we demonstrate the need for new guide lines by verifying that the redirection page of fake advertising sites is divided into three types and returns different sites according to each situation. Furthermore, we propose new detection guidelines for fake advertising phishing sites that cannot be detected by existing detection methods.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.1
• /
• pp.101-103
• /
• 2016

We propose a HTTP cookie-based identification of the public keys of Web sites for the case of failure to validate certificates. The proposed scheme effectively protects users from the phishing attacks of inducing them to access bogus sites. It incurs little performance overhead on the browser and the server of Web sites. It requires to implement the input processing of user credentials and the encryption and verification of cookie values, though.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.11
• /
• pp.1993-1998
• /
• 2008

Web robot engine for searching web sever vulnerability and malicious code is proposed in this paper. The main web robot function is based on searching technology which is derived from analyses of private information threat. We implemented the detecting method for phishing, pharming and malicious code on homepage under vulnerable surroundings. We proposed a novel approachm which is independent of any specific phishing implementation. Our idea is to examine the anomalies in web pages.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.873-877
• /
• 2009

본 논문에서는 상황기반 개인정보보호 통합 에이전트를 패키지 형태로 공공기관에 공급 공공기관 내부의 개인정보 관리 시스템에 적용되는 피싱 차단 시스템에 대해서 설계하였다. 이러한 시스템은 공공기관 내부 직원의 개인정보 관리 에이전트로 적용과 상황기반 개인정보보호 통합 에이전트로서 금융기관 등의 솔루션에 적용 가능하다. 주요 내용으로는 피싱 유형과 방법을 분석하고 피싱(Phishing) 웹사이트를 탐지, 차단하는 알고리즘을 원천적으로 개발하여 구현하였다.