• Title, Summary, Keyword: 스미싱

Search Result 41, Processing Time 0.05 seconds

A Study on SMiShing Application Detection Technique (SMiShing 어플리케이션 탐지 모델에 관한 연구)

  • Chang, Hyun Soo;Shon, Taeshik
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.416-419
    • /
    • 2014
  • 스미싱(SMiShing) 공격은 문자메시지(SMS)를 이용하여 정보를 유출하거나 타인에게 피해를 주는 행위를 일컫는다. 본 논문에서는 공격자의 공격유형에 따라 스미싱을 "직접 정보 유출", "파밍/피싱 사이트 유도", "악성어플리케이션 다운로드 유도"로 분류하였고 스미싱 공격의 시나리오를 통해 스미싱 공격을 표현하였다. 그 후 스미싱 방지 기술 동향을 파악을 위한 기존의 대응 기법들을 조사를 하고 기존의 스미싱 탐지 기법인 URL 검사와 APK 파일 분석 기법을 접목시킨 스미싱 탐지 모델을 제안한다.

  • PDF

Defense Techniques of Smishing Attacks Using Electronic signature on Network Environment (전자서명을 이용한 스미싱 공격 방어 기법)

  • Choi, Byung-Hwan
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.399-402
    • /
    • 2014
  • 본 논문에서는 스미싱 공격에 대해서 Host기반에 의한 탐지가 아닌 네트워크 기반에서 전자서명을 이용한 모델을 제안한다. 본 모델은 네트워크 기반에서 유입된 트래픽 중 문자 메시지를 분석하여, 문자메시지 중에서 URL이 포함된 경우 트래픽을 우회하여 라우팅을 전환시켜 URL을 포함한 문자메시지 트래픽에 대해서 별도의 망구간으로 분리를 시킨다. 별도 분리된 URL이 포함된 트래픽에 대해서 apk파일 다운로드가 없는 경우에는 통과를 시키고, apk 파일 다운로드를 시도하는 트래픽에 대해서는 전자서명을 검사후, 등록이 안되어 있는 경우 차단을 한다. 이는 기본적으로 전자서명이 되지 않은 apk파일에 대한 다운로드를 원천적으로 봉쇄함으로써 스미싱 공격에 대한 근복적인 방어를 하는 방식이다. 본 모델은 Host기반에서 발생할 수 있는 우회공격을 방지하여 스미싱 위협을 해소할 수 있다. 기존 Host기반 스미싱 방지 모델의 동작 방식과 설계를 통해 장점과 단점을 언급하고 네트워크 기반에서 전자서명을 이용한 스미싱 방어의 타당성을 증명하도록 한다.

  • PDF

A Study on the Modus Operandi of Smishing Crime for Public Safety (국민안전을 위한 스미싱 범죄수법분석)

  • Choi, Kwan;Kim, Minchi
    • Convergence Security Journal
    • /
    • v.16 no.3_2
    • /
    • pp.3-12
    • /
    • 2016
  • The purpose of this study is to analyse Modus Operandi of smishing. For the study, 87 cases of smishing crime reports and smishing experiences of victims were analysed and 10 police officers who investigates smishing crime were interviewed. The results indicated that smishing crime can be divided into the preparation stage and the implementation stage. In the preparation stage, two modus operandi patterns, collection of personal information and text message script composition, were identified. In the implementation stage, seven modus operandi patterns were identified: sending smishing text messages and installation of malicious mobile applications, leak personal information, sending personal information to smishing crime organization through online server, payment attempt using collected personal information, intercept authorization code, completion of payment using intercepted authorization code, and payment amount was delivered to victims. Further implications were discussed.

A Study on SMiShing Detection Technique using TaintDroid (테인트드로이드를 이용한 스미싱 탐지 기법 연구)

  • Cho, Jiho;Shin, Jiyong;Lee, Geuk
    • Convergence Security Journal
    • /
    • v.15 no.1
    • /
    • pp.3-9
    • /
    • 2015
  • In this paper, a detection technique of smishing using a TaintDroid is suggested. Suggesting system detects malicious acts by transmitting a URL to the TaintDroid server and installing a relevant application to a virtual device of the TaintDroid server, when a smartphone user receives a text message including the URL suspected as a smishing. Through this we want to distinguish an application that can not install because of suspicion of a smishing in an actual smartphone whether said application is malicious application or not by testing with the virtual device of said system. The detection technique of a smishing using the TaintDroid suggested in this paper is possible to detect in a new form a smishing with a text message and to identifying which application it is through analysis of results from a user.

A Study of Intrusion Security Research and Smishing Hacking Attack on a Smartphone (스마트폰에서 Smishing 해킹 공격과 침해사고 보안 연구)

  • Park, In-Woo;Park, Dea-Woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.11
    • /
    • pp.2588-2594
    • /
    • 2013
  • Damage is increasing by (Smishing) hacking attack Smishing you use a smart phone after entering 2013. Takeover of personal information and direct financial damage in collaboration with graphics sewing machine hacking attack has occurred. Monetary damage that leads to Internet payment service (ISP) and secure payment system in conjunction with graphics sewing machine hacking attack on a smartphone has occurred. In this paper, I will study analysis in the laboratory examples of actual infringement vinegar sewing machine hacking attack. It is a major power security measures to prevent damage to the secure payment system that a case analysis and practical principle technical nest sewing machine hacking attack, using Smishing. In this paper, I will be to research to be able to through a smart phone, to the online payment safer and more convenient.

A Study of Intrusion Security Research and Smishing Hacking Attack on a Smartphone (스마트폰에서 Smishing 해킹 공격과 침해사고 보안 연구)

  • Park, In-Woo;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.141-145
    • /
    • 2013
  • Damage is increasing by (Smishing) hacking attack Smishing you use a smart phone after entering 2013. Takeover of personal information and direct financial damage in collaboration with graphics sewing machine hacking attack has occurred. Monetary damage that leads to Internet payment service (ISP) and secure payment system in conjunction with graphics sewing machine hacking attack on a smartphone has occurred. In this paper, I will study analysis in the laboratory examples of actual infringement vinegar sewing machine hacking attack. It is a major power security measures to prevent damage to the secure payment system that a case analysis and practical principle technical nest sewing machine hacking attack, using Smishing. In this paper, I will be to research to be able to through a smart phone, to the online payment safer and more convenient.

  • PDF

Study of Hacking Attacks Secure Payment(ISP) with Smishing (스미싱을 이용한 안전결제(ISP) 해킹 공격 연구)

  • Park, In-Woo;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.267-270
    • /
    • 2013
  • Hacking damage is increasing year by year in the Internet payment service credit card applying the digital signature method of PKI-based first domestic, secure payment, was 180 million won in 2012. Revenues have soared for phishing that Smishing using smartphone after entering 2013. Hacking accident to the secure payment system using Smishing has occurred took over personal information and financial direct damage. In this paper, we analyzed for Smishing, to prevent the damage of secure payment using Smishing to study the hacking attack of secure payment. In addition, it would be studies to allow through the smartphone, online payment safer and more convenient.

  • PDF

Improving Security Awareness about Smishing through Experiment on the Optimistic Bias on Risk Perception (위험인식의 낙관적 편향 실험을 통한 스미싱 보안인식 개선)

  • Kang, Ji Won;Lee, Ae Ri;Kim, Beomsoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.475-487
    • /
    • 2016
  • Recently, various risks of smartphone hacking are emerging. Smishing crime techniques become more cunning and its damage has been increasing, thereby requiring effective ways of preventing and coping with smishing. Especially, it is emphasized the need for smartphone users' security awareness and training besides technological approach. This study investigates the effective method for providing news messages in order to improve the perception of risk from smishing. This research empirically examines that the degree of optimistic bias on risk perception can vary depending on news frame, topic type, and involvement regarding smishing. Based on the findings, it identifies the factors influencing risk perception and verifies effective ways of promoting individual security awareness on smishing. The results of this study provide implications that assist in educating, campaigning and promoting information security awareness for smart device users.

인증 및 사전 권한 검증을 통한 스미싱 방지 시스템 제안

  • Park, Sangho;Lee, Jun Hyeong
    • Review of KIISC
    • /
    • v.23 no.6
    • /
    • pp.5-12
    • /
    • 2013
  • 본 논문은 최근 가장 이슈화 되고 있는 스미싱 위협의 방지에 대해 다루며, 단순히 스미싱 방지뿐만 아니라 탐지율 향상, 오탐률 감소를 위해 새로운 모델을 제안한다. 첫 번째 모델은 문자메시지 송/수신 시 특정 인증 값을 첨부/확인하여 정상 기관 인증을 수행하는 모델이며, 두 번째 모델은 문자메시지에 첨부된 URL을 사용자가 메시지 수신을 확인하기 전에 사전 검증하여 악성 유무를 판별하는 모델이다. 두 모델의 기본 동작 방식 제안과 설계를 통해 장점과 단점을 언급한다.

Design and Implementation of Verification System for Malicious URL and Modified APK File on Cloud Platform (클라우드 플랫폼을 이용한 악성 URL 및 수정된 APK 파일 검증 시스템 설계 및 구현)

  • Je, Seolah;Nguyen, Vu Long;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.921-928
    • /
    • 2016
  • Over the past few years, Smishing attacks such as malicious url and malicious application have been emerged as a major problem in South Korea since it caused big problems such as leakage of personal information and financial loss. Users are susceptible to Smishing attacks due to the fact that text message may contain curios content. Because of that reason, user could follow the url, download and install malicious APK file without any doubt or verification process. However currently Anti-Smishing App that adopted post-processing method is difficult to respond quickly. Users need a system that can determine whether the modification of the APK file and malicious url in real time because the Smishing can cause financial damage. This paper present the cloud-based system for verifying malicious url and malicious APK file in user device to prevent secondary damage such as smishing attacks and privacy information leakage.