• International Journal of Computer Science & Network Security
• /
• v.24 no.1
• /
• pp.52-60
• /
• 2024

APT (Advanced Persistent Threat) attack is a dangerous, targeted attack form with clear targets. APT attack campaigns have huge consequences. Therefore, the problem of researching and developing the APT attack detection solution is very urgent and necessary nowadays. On the other hand, no matter how advanced the APT attack, it has clear processes and lifecycles. Taking advantage of this point, security experts recommend that could develop APT attack detection solutions for each of their life cycles and processes. In APT attacks, hackers often use phishing techniques to perform attacks and steal data. If this attack and phishing phase is detected, the entire APT attack campaign will be crash. Therefore, it is necessary to research and deploy technology and solutions that could detect early the APT attack when it is in the stages of attacking and stealing data. This paper proposes an APT attack detection framework based on the Network traffic analysis technique using open-source tools and deep learning models. This research focuses on analyzing Network traffic into different components, then finds ways to extract abnormal behaviors on those components, and finally uses deep learning algorithms to classify Network traffic based on the extracted abnormal behaviors. The abnormal behavior analysis process is presented in detail in section III.A of the paper. The APT attack detection method based on Network traffic is presented in section III.B of this paper. Finally, the experimental process of the proposal is performed in section IV of the paper.

• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.79-90
• /
• 2014

User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.11-18
• /
• 2016

Accessing unauthorized rogue APs in WiFi environments is a very dangerous behavior which may lead WiFi users to be exposed to the various cyber attacks such as sniffing, phishing, and pharming attacks. Therefore, prompt and precise detection of rogue APs and properly alarming to the corresponding users has become one of most essential requirements for the WiFi security. This paper proposes a new rogue AP detection method which is mainly using the installation information of authorized APs and the DHCP snooping information of the corresponding switches. The proposed method detects rogue APs promptly and precisely, and notify in realtime to the corresponding users. Since the proposed method is simple and does not require any special devices, it is very cost-effective comparing to the wireless intrusion prevention systems which are normally based on a number of detection sensors and servers. And it is highly precise and prompt in rogue AP detection and flexible in deployment comparing to the existing rogue AP detection methods based on the timing information, location information, and white list information.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.01a
• /
• pp.67-70
• /
• 2013

스마트폰 보급은 현대인들에게 시간적, 공간적 제약에서 벗어나 언제 어디서나 무선 인터넷을 사용하여 모바일 뱅킹, 결재, 증권거래 등 원하는 서비스를 이용할 수 있게 해주었다. 사용자들은 이를 이용하여 다양한 정보들을 검색, 저장, 이용한다. 그러나 무선 인터넷의 순기능과는 반대로 최근 모바일 기기의 보안취약점을 이용한 악성애플리케이션 및 각종 공격으로 사용자 개인정보탈취의 위협이 증가하고 있다. 사회공학공격의 일종인 피싱(Phishing)은 신뢰받는 기관을 사칭하여 만들어놓은 가짜사이트에 사용자로부터 자신의 개인정보 및 금융정보를 입력하게끔 유도하여 사용자정보를 탈취하는 방법으로 최근 SMS를 이용하여 정부 및 금융기관을 사칭한 문자를 보내 피싱사이트로 접속을 유도하는 피해사례가 증가하고 있다. 본 논문에서는 국내 피싱사이트의 유형을 분석하고 피싱사이트로 접근을 유도하는 방법 중 하나인 SMS를 이용한 피싱을 방지 할 수 있는 시스템을 고안한다.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.19-25
• /
• 2023

The current network environment provides a real-time interactive service from an initial one-way information prov ision service. Depending on the form of web-based information sharing, it is possible to provide various knowledge a nd services between users. However, in this web-based real-time information sharing environment, cases of damage by illegal attackers who exploit network vulnerabilities are increasing rapidly. In particular, for attackers who attempt a phishing attack, a link to the corresponding web page is induced after actively generating a forged web page to a user who needs a specific web page service. In this paper, we analyze whether users directly and actively forge a sp ecific site rather than a passive server-based detection method. For this purpose, it is possible to prevent leakage of important personal information of general users by detecting a disguised webpage of an attacker who induces illegal webpage access using traceback information

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.149-164
• /
• 2019

Digital Transformation and the Fourth Industrial Revolution, electronic financial services should be provided safely in accordance with rapidly changing technology changes in the times of change. However, telecommunication finance fraud (voice phishing) accidents are currently ongoing, and various efforts are being made to eradicate accidents such as legal amendment and improvement of policy system in order to cope with continuous increase, intelligence and advancement of accidents. In addition, financial institutions are trying to prevent fraudulent accidents by improving and upgrading the abnormal financial transaction detection system, but the results are not very clear. Despite these efforts, telecommunications and financial fraud incidents have evolved to evolve against countermeasures. In this paper, we propose an intelligent over - the - counter financial transaction system modeled through scenario - based Rule model and artificial intelligence algorithm to prevent financial transaction accidents by voice phishing. We propose an implementation model of artificial intelligence abnormal financial transaction detection system and an optimized countermeasure model that can block and respond to analysis and detection results.

• Journal of Convergence for Information Technology
• /
• v.11 no.6
• /
• pp.24-32
• /
• 2021

Recently, ransomware attacks have been infected through various channels such as e-mail, phishing, and device hacking, and the extent of the damage is increasing rapidly. However, existing known malware (static/dynamic) analysis engines are very difficult to detect/block against novel ransomware that has evolved like Advanced Persistent Threat (APT) attacks. This work proposes a method for modeling ransomware malicious behavior based on graph databases and detecting novel multi-complex malicious behavior for ransomware. Studies confirm that pattern detection of ransomware is possible in novel graph database environments that differ from existing relational databases. Furthermore, we prove that the associative analysis technique of graph theory is significantly efficient for ransomware analysis performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.947-948
• /
• 2023

본 논문은 보이스피싱 취약 계층을 위해 통화 내용을 신속하게 처리하여 실시간으로 범죄 여부를 판별하는 VoIP 에 특화된 시스템을 제안하였다. 실제 보이스 피싱 통화 유형을 학습한 탐지 모델을 개발하여 API 로 배포하였다. 또한 보이스피싱 위험도가 일정 수준에 도달할 경우 사용자에게 보이스피싱 가능성을 경고하는 장치를 제작하였다. 본 연구는 보이스피싱을 사전에 탐지함으로써 개인정보의 유출 및 금융 피해를 예방하고 정보 보안을 실천하는 데 기여할 것으로 기대된다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.95-96
• /
• 2024

본 논문은 금융 범죄 중 하나인 보이스피싱을 실시간으로 예방하기 위한 탐지 기법을 제안한다. 제안된 모델은 수화기에 출력되는 음성을 녹음하고 네이버 CSR(Cloud Speech Recognition)을 통해 텍스트 파일로 변환한 후 딥러닝 기반의 KoBERT를 바탕으로 다양한 보이스피싱 패턴을 학습하여 실시간 환경에서의 신속하고 정확한 탐지를 위해 실제 통화 데이터를 적절하게 처리하여, 이를 통해 효과적인 보이스피싱 예방에 도움을 줄 것으로 예상된다.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.101-106
• /
• 2023

Recently, cyberattacks are increasing in social engineering attacks using intelligent and continuous phishing sites and hacking techniques using malicious code. As personal security becomes important, there is a need for a method and a solution for determining whether a malicious URL exists using a web application. In this paper, we would like to find out each feature and limitation by comparing highly accurate techniques for detecting malicious URLs. Compared to classification algorithm models using features such as web flat panel DB and based URL detection sites, we propose an efficient URL anomaly detection technique.