• Title/Summary/Keyword: Internet Banking Service Flow

Search Result 2, Processing Time 0.018 seconds

Internet Banking Service Vulnerability Analysis and Security Solution (인터넷 뱅킹 서비스 취약점 분석 및 보안대책)

  • Lee, Sang-Jin;Hwang, So-Yeon;Kim, Kyung-Kon;Ryeo, Sung-Koo
    • Convergence Security Journal
    • /
    • v.7 no.2
    • /
    • pp.119-128
    • /
    • 2007
  • Since the internet banking service was introduced to Korea in 1999, the service has placed itself as an indispensable service to most users. The internet banking, which provides convenience for internet users as well as efficiency for banks, is expected to increase its importance more and to play a bigger role as a passage of funds. Meanwhile, numerous accounts as to the misusage of the internet banking service have been reported and the types and size of damages, especially making illegal money transfers and embezzling user information through computer hacking, tend to increase continuously. This paper points out fundamental problems of the current internet banking service by analyzing the all components of the internet banking service and fitting the results of structural analysis of hacking threats in accordance with service flow. This paper also attempts to propose the means to minimize the hacking threats of the internet banking service.

  • PDF

Detecting the HTTP-GET Flood Attacks Based on the Access Behavior of Inline Objects in a Web-page Using NetFlow Data

  • Kang, Koo-Hong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.7
    • /
    • pp.1-8
    • /
    • 2016
  • Nowadays, distributed denial of service (DDoS) attacks on web sites reward attackers financially or politically because our daily lifes tightly depends on web services such as on-line banking, e-mail, and e-commerce. One of DDoS attacks to web servers is called HTTP-GET flood attack which is becoming more serious. Most existing techniques are running on the application layer because these attack packets use legitimate network protocols and HTTP payloads; that is, network-level intrusion detection systems cannot distinguish legitimate HTTP-GET requests and malicious requests. In this paper, we propose a practical detection technique against HTTP-GET flood attacks, based on the access behavior of inline objects in a webpage using NetFlow data. In particular, our proposed scheme is working on the network layer without any application-specific deep packet inspections. We implement the proposed detection technique and evaluate the ability of attack detection on a simple test environment using NetBot attacker. Moreover, we also show that our approach must be applicable to real field by showing the test profile captured on a well-known e-commerce site. The results show that our technique can detect the HTTP-GET flood attack effectively.