• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.881-891
• /
• 2023

Recently, various studies on malicious URL detection using artificial intelligence have been conducted, and most of the research have shown great detection performance. However, not only does classical machine learning require a process of analyzing features, but the detection performance of a trained model also depends on the data analyst's ability. In this paper, we propose a DL-ML Fusion Hybrid Model for malicious web site URL detection based on URL lexical features. the propose model combines the automatic feature extraction layer of deep learning and classical machine learning to improve the feature engineering issue. 60,000 malicious and normal URLs were collected for the experiment and the results showed 23.98%p performance improvement in maximum. In addition, it was possible to train a model in an efficient way with the automation of feature engineering.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.37-44
• /
• 2011

Recently malicious activities that is a DDoS, spam, propagation of malware, steeling person information, phishing on the Internet are related malicious botnet. To detect malicious botnet, Many researchers study a detection system for malicious botnet, but these applies specific protocol, action or attack based botnet. In this reason, we study a selection of measurement to detec malicious botnet in this paper. we collect a traffic of malicious botnet and analyze it for feature of network traffic. And we select a feature based measurement. we expect to help a detection of malicious botnet through this study.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.255-264
• /
• 2016

Due to the development of information and communication technology, the great change on economics has grown and the biggest change is the e-commerce. With the methods of electronic financial frauds becoming advanced, reported phishing incidents have greatly increased. The Fraud Detection System(hereafter FDS) has taken effect to prevent electronic financial frauds, but economic losses still occurring. This Paper aims to analyze the financial environment, financial information technology environment, financial information technology security environment and some features of the institutional changes. In order to supplement the defect of FDS, it gives some recommendations for the improvement of the effective FDS Management System and information sharing on frauds with some public institution and a major consideration for collection or utilization of personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.704-719
• /
• 2024

Botnet pandemics are becoming more prevalent with the growing use of mobile phone technologies. Mobile phone technologies provide a wide range of applications, including entertainment, commerce, education, and finance. In addition, botnet refers to the collection of compromised devices managed by a botmaster and engaging with each other via a command server to initiate an attack including phishing email, ad-click fraud, blockchain, and much more. As the number of botnet attacks rises, detecting harmful activities is becoming more challenging in handheld devices. Therefore, it is crucial to evaluate mobile botnet assaults to find the security vulnerabilities that occur through coordinated command servers causing major financial and ethical harm. For this purpose, we propose a hybrid analysis approach that integrates permissions and API and experiments on the machine-learning classifiers to detect mobile botnet applications. In this paper, the experiment employed benign, botnet, and malware applications for validation of the performance and accuracy of classifiers. The results conclude that a classifier model based on a simple decision tree obtained 99% accuracy with a low 0.003 false-positive rate than other machine learning classifiers for botnet applications detection. As an outcome of this paper, a hybrid approach enhances the accuracy of mobile botnet detection as compared to static and dynamic features when both are taken separately.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.55-61
• /
• 2023

QR Code is a two-dimensional code in the form of a matrix that contains data in a square-shaped black-and-white grid pattern, and has recently been used in various fields. In particular, in order to prevent the spread of COVID-19, the usage increased rapidly by identifying the movement path in the form of a QR code that anyone can easily and conveniently use. As such, Qshing attacks and damages using QR codes are increasing in proportion to the usage of QR codes. Therefore, in this paper, a system was implemented to block movement to harmful sites and installation of malicious codes when scanning QR codes.

• ETRI Journal
• /
• v.36 no.5
• /
• pp.865-875
• /
• 2014

Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. In a vishing attack, a scammer often modifies the telephone number that appears on the victim's phone to mislead the victim into believing that the phone call is coming from a trusted source, since people typically judge a caller's legitimacy by the displayed phone number. We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall call setup time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.80-81
• /
• 2022

최근 소셜 미디어 서비스의 성장과 접근성이 편해짐에 따라 피싱 URL 자동 분류가 필요하다. 그런데 단축 URL 서비스가 대중화되면서 피싱 URL 또한 단축 URL 서비스를 이용하여 피싱 사이트로 통하는지 정상적인 사이트로 통하는지 알 수 없게 되었다. 이런 경우 콘텐츠 기반 탐지를 통해 확인할 수 있지만 URL 기반 방법보다 느리고 리소스를 많이 차지한다는 단점이 있어 본 논문에서는 단축 URL 여부를 판단하고 좀더 효율적으로 피싱 사이트를 탐지 기법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.266-268
• /
• 2022

최근 블록체인 기술이 부상하면서 이를 이용한 암호화폐가 범죄의 대상이 되고 있다. 특히 피싱 스캠은 이더리움 사이버 범죄의 과반수 이상을 차지하며 주요 보안 위협원으로 여겨지고 있다. 따라서 효과적인 피싱 스캠 탐지 방법이 시급하다. 그러나 전체 노드에서 라벨링된 피싱 주소의 부족으로 인한 데이터 불균형으로 인하여 지도학습에 충분한 데이터 제공이 어려운 상황이다. 이를 해결하기 위해 본 논문에서는 이더리움 트랜잭션 네트워크를 고려한 효율적인 네트워크 임베딩 기법인 trans2vec 과 준지도 학습 모델 tri-training 을 함께 사용하여 라벨링된 데이터뿐만 아니라 라벨링되지 않은 데이터도 최대한 활용하는 피싱 스캠 탐지 방법을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.1045-1046
• /
• 2023

본 논문은 디지털 소외계층과 사회적 약자를 고려한 보이스피싱 예방 솔루션을 제안한다. 통화 내용을 AWS Transcribe를 활용한 STT와 NLP 알고리즘을 사용해 실시간으로 보이스피싱 위험도를 파악하고 결과를 사용자에게 전달하도록 한다. NLP 알고리즘은 KoBIGBIRD와 DeBERTa 모델 각각을 커스터마이즈하여 보이스피싱 탐지에 적절하게 파인튜닝 했다. 이후, 성능과 인퍼런스를 비교하여 더 좋은 성능을 보인 KoBIGBIRD 모델로 보이스피싱 탐지를 수행한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.