• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.220-222
• /
• 2017

제 4차 산업이 다가오는 이 시점에서 보안이 잘 갖추어진 네트워크 조직에서도 사람과 PC와 같은 단말에 대한 취약점이 드러나면 결국 네트워크 전체가 무너질 수 있다. 그러므로 단말에 대한 보안이 중요시되고 있다. 암호화된 장비를 갖추거나 물리적 망 분리를 한다하여도 사회공학을 통한 보안 위협은 여전히 존재하고 있기 때문이다. 본 논문에서는 사회공학을 통해 사람과 PC와 같은 단말을 통해 침투하고 악성코드를 유포하여 공격 대상의 정보를 수집하는 방법에 대하여 연구한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.921-928
• /
• 2016

Over the past few years, Smishing attacks such as malicious url and malicious application have been emerged as a major problem in South Korea since it caused big problems such as leakage of personal information and financial loss. Users are susceptible to Smishing attacks due to the fact that text message may contain curios content. Because of that reason, user could follow the url, download and install malicious APK file without any doubt or verification process. However currently Anti-Smishing App that adopted post-processing method is difficult to respond quickly. Users need a system that can determine whether the modification of the APK file and malicious url in real time because the Smishing can cause financial damage. This paper present the cloud-based system for verifying malicious url and malicious APK file in user device to prevent secondary damage such as smishing attacks and privacy information leakage.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.283-284
• /
• 2015

Smartphone, tablet PC, notebook, such as the Internet banking and electronic commerce using a mobile device, as well as process and to their work. While going to high availability and convenience of mobile devices castle, SNS, letters, using an email Smishing financial fraud and leakage of personal information such as crime has occurred many. Smishing smartphone accidents increased sharply from 2013, MERS infection cases, landmine provocative events, such as the delivery of Thanksgiving has occurred cleverly using social engineering techniques. In this paper, i analyze the trends in Smishing hacking attacks on mobile devices since 2014. With regard to social issues, it analyzes the process of hacking attacks Smishing leading to financial fraud to mobile users.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.183-189
• /
• 2008

E-mail's role has been increased due to its merit which is sending demanded information in real-time anywhere, anytime. However, Today's E-mail security threats have being changed intelligently to attack against the specific agency. The threat is a limit to respond. Therefore precise definition and development of security technology is needed to analyze changing environment and technologies of e-mail so that remove fundamental security threat. we proposed Next Generation E-mail System Security Structure and the Next Generation fusion System using authentication As a result, in this study, we development of Next Generation E-mail System Security Structure. This system can protect E-mail user from social engineering hacking technique, spam, virus, malicious code and fabrication.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.101-106
• /
• 2023

Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.207-210
• /
• 2014

Damage is increasing by (Smishing) hacking attack Smishing you use a smart phone after entering 2013. Takeover of personal information and direct financial damage in collaboration with graphics sewing machine hacking attack has occurred. Monetary damage that leads to Internet payment service (ISP) and secure payment system in conjunction with graphics sewing machine hacking attack on a smartphone has occurred. In this paper, I will study analysis in the laboratory examples of actual infringement vinegar sewing machine hacking attack. It is a major power security measures to prevent damage to the secure payment system that a case analysis and practical principle technical nest sewing machine hacking attack, using Smishing. In this paper, I will be to research to be able to through a smart phone, to the online payment safer and more convenient.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.104-112
• /
• 2022

The pandemic caused by the COVID-19 virus, which has lasted for the past three years, has changed society and the way people live in many ways. These changes also affect cyberspace, so the pre-pandemic information security model and standards have limitations when applied to the current situation. In this paper, a new method to improve the information security model of public institutions was proposed in consideration of various situations in the new normal era. In other words, through the proposed information security model, the possibility of external intrusion is blocked in advance through the policy and technical supplementation of remote work, which is a weakness of the existing information security operation of public institutions. Also, how to prevent abnormal authentication attempts by building a secure VPN environment, how to prevent social engineering cyber attacks targeting fear and uncertainty caused by COVID-19, and how to use a smooth network and create a remote work environment. For this purpose, methods for securing service availability were additionally presented.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.65-73
• /
• 2012

The traditional text-based password is vulnerable guessing, dictionary attacks, keyloggers, social engineering, stole view, etc. these vulnerability effect more serious problem in a mobile environment. In this study, By using the pattern number to enter the password of an existing four-digit numeric password, User easily use to new password system. The technology on pattern based numerical password authorization proposed in this paper would intensify the security of password which holds existing 10 numbers of cases by authorizing a user and would not invade convenience of use by providing high security and making users memorize only four numbers like old method. Making users not have inconvenience and raising complexity, it would have a strength to an shoulder surfing attack of an attacker. So I study password system that represents the shape-based of number. I propose the new password system to prevent peeking attacks and Brute-force attack, and this proposal is to review the security and usability.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.27-36
• /
• 2023

In recent years, ransomware attacks have become more organized and specialized, with the sophistication of attacks targeting specific individuals or organizations using tactics such as social engineering, spear phishing, and even machine learning, some operating as business models. In order to effectively respond to this, various researches and solutions are being developed and operated to detect and prevent attacks before they cause serious damage. In particular, honeypots can be used to minimize the risk of attack on IT systems and networks, as well as act as an early warning and advanced security monitoring tool, but in cases where ransomware does not have priority access to the decoy file, or bypasses it completely. has a disadvantage that effective ransomware response is limited. In this paper, this honeypot is optimized for the user environment to create a reliable real-time dynamic honeypot file, minimizing the possibility of an attacker bypassing the honeypot, and increasing the detection rate by preventing the attacker from recognizing that it is a honeypot file. To this end, four models, including a basic data collection model for dynamic honeypot generation, were designed (basic data collection model / user-defined model / sample statistical model / experience accumulation model), and their validity was verified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1159-1174
• /
• 2014

As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.