DOI QR코드

DOI QR Code

Cloud Messaging Service for Preventing Smishing Attack

스미싱 공격 방지를 위한 클라우드 메시징 서비스

  • Park, Hyo-Min (Interdisciplinary Program of Information Security, Graduate School, Pukyong National University) ;
  • Kim, Wan-Seok (Dept. of IT Convergence and Application Eng., Pukyong National University) ;
  • Kang, So-Jeong (Dept. of IT Convergence and Application Eng., Pukyong National University) ;
  • Shin, Sang Uk (Dept. of IT Convergence and Application Eng., Pukyong National University)
  • 박효민 (부경대학교 대학원 정보보호학협동과정) ;
  • 김완석 (부경대학교 IT융합응용공학과) ;
  • 강소정 (부경대학교 IT융합응용공학과) ;
  • 신상욱 (부경대학교 IT융합응용공학과)
  • Received : 2017.03.02
  • Accepted : 2017.04.20
  • Published : 2017.04.28

Abstract

They are rapidly evolving malicious attacks on smart devices, and to timely protect the smart devices from these attacks has become a very important issue. In particular, smishing attack has emerged as one of the most important threats on the smartphone. In this paper, we propose the cloud service that can fundamentally protect the user from the risk of smishing attack. The proposed scheme provides cloud messaging service that can filter text messages including URLs in the user's smart device, view and manage them through a virtual machine provided by a cloud server. The existing techniques for preventing smshing attacks protect only malicious code of a known pattern and there is the possibility of error such as FP(False Positive) or FN(False Negative). However, since the proposed method automatically filters all text messages including URLs, storing, viewing, and managing them in their own storage space on the cloud server, it can completely block the installation of malwares(malicious codes) on the user's smart device through smishing attacks.

Keywords

Smishing attack;Smart device;Cloud computing;Virtual machine;Phishing;Malware

Acknowledgement

Supported by : 부경대학교

References

  1. Yun-Young Song, Kyung min Han, "A Study of Response and Plan of Banks for Mobile Payments of Non-financial Corporations", Journal of IT Convergence Society for SMB, Vol. 5, No. 2, pp.7-13, 2015.
  2. Smishing(2008), http://www.police.go.kr/portal/main/contents.do?menuNo=200287 (accessed Jun., 24, 2016).
  3. D.C. Kim, and J.C. Ryou, "The blocking method for accessing toward malicious sites based on Android platform," Journal of the Korea Institute of Information Security and Cryptology, Vol. 24, No. 3, pp. 499-505, 2014. https://doi.org/10.13089/JKIISC.2014.24.3.499
  4. W.J. Park, K.H. Lee, S.J. Kim, and W. Ryu, "A financial fraud protection platform on Android smartphones in real-time," Information and Communication Technology Convergence (ICTC), 2015 International Conference on. IEEE, pp. 1246-1248, 2015.
  5. Sik-Wan Cho, Won-Jun Jang, Hyung-Woo Lee, "Development of User Oriented Vulnerability Analysis Application on Smart Phone", Journal of the Korea Convergence Society, Vol. 3, No. 2, pp. 7-12, 2012.
  6. Byung-Seok Yu, Sung-Hyun Yun, "The Design and Implementation of Messenger Authentication Protocol to Prevent Smart Phone Phishing", Journal of the Korea Convergence Society, Vol. 2, No. 4, pp. 9-14, 2011.
  7. Sunghyuck Hong, "Cognitive Approach to Anti-Phishing and Anti-Pharming : Survey", Journal of IT Convergence Society for SMB, Vol. 3, No. 2, pp.33-39, 2013.
  8. H. Shahriar, T. Klintic, and V. Clincy, "Mobile Phishing Attacks and Mitigation Techniques," Journal of Information Security, Vol. 6 No. 3, pp. 206-212, 2015. https://doi.org/10.4236/jis.2015.63021
  9. C.F.M. Foozy, R. Ahmad, and M.F. Abdollah, "Phishing detection taxonomy for mobile device," International Journal of Computer Science, Vol. 10, No. 3,pp. 338-344, 2013.
  10. P. He, X. Wen, and W. Zheng, "A Novel Method for Filtering Group Sending Short Message Spam," Proceedings of the International Conference on Convergence and Hybrid Information Technology, 2008. ICHIT'08, International Conference on, pp. 60-65, 2008.
  11. D.W. Park, "Analysis on Mobile Forensic of Smishing Hacking Attack," Journal of the Korean Institute of Information and Communication Engineering, vol. 8, no. 12, pp. 2878-2883, 2014.
  12. D.W. Park, "Analysis of Mobile Smishing Hacking Trends and Security Measures," Journal of the Korea Institute of Information and Communication Engineering, Vol. 19, No. 11, pp. 2615-2622, 2015. https://doi.org/10.6109/jkiice.2015.19.11.2615
  13. S.Y. Lee, H.S. Kang, and J.S. Moon, "A Study on Smishing Block of Android Platform Environment," Journal of the Korea Institute of Information Security and Cryptology, Vol. 24, No. 5, pp. 975-985, 2014. https://doi.org/10.13089/JKIISC.2014.24.5.975
  14. J.W Yoon, H Kim, and J. H Huh, "Hybrid spam filtering for mobile communication," Computers & Security, Vol. 29, pp. 446-459, 2010. https://doi.org/10.1016/j.cose.2009.11.003
  15. T.T. Mahmoud, and A.M. Mahfouz, "SMS Spam Filtering Technique Based on Artificial Immune System," International Journal of Computer Science, Vol. 9, pp. 589-597, 2012.
  16. S. Sheng, B. Wardman, G. Warner, L. Cranor, J. Hong, and C. Zhang, "An Empirical Analysis of Phishing Blacklists," 6th Annual Conference on Email and AntiSpam (CEAS), 2009.
  17. Desktop as a Service(2016), https://en.wikipedia.org/wiki/Desktop_virtualization#Desktop_as_a_Service (accessed Jun., 24, 2016).
  18. M. Khonji, Y. Iraqi, and A. Jones, "Phishing Detection: A Literature Survey," IEEE Communications Survey & Tutorials, Vol. 15, No. 4, pp. 2091-2121, 2013. https://doi.org/10.1109/SURV.2013.032213.00009