Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing

빅데이터 기반의 융합 보이스피싱을 이용한사회공학적 공격 기법과 대응방안

  • Kim, Jung-Hoon (Division of Information & Communication, Baekseok University) ;
  • Go, Jun-Young (Division of Information & Communication, Baekseok University) ;
  • Lee, Keun-Ho (Division of Information & Communication, Baekseok University)
  • 김정훈 (백석대학교 정보통신학부) ;
  • 고준영 (백석대학교 정보통신학부) ;
  • 이근호 (백석대학교 정보통신학부)
  • Received : 2014.10.28
  • Accepted : 2015.02.20
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently government has distributed precautionary measure and response procedures for smishing(SMS phishing), pharming, phishing, memory hacking and intensified Electronic Financial Transaction Act because of the sharp increase of electronic bank frauds. However, the methods of electronic bank frauds also developed and changed accordingly so much it becomes hard to cope with them. In contrast to earlier voice phishing targeted randomizing object, these new methods find out the personal information of targets and analyze them in detail making a big data base. And they are progressed into new kind of electronic bank frauds using those analyzed informations for voice phishing. This study analyze the attack method of voice phishing blended with the Big Data of personal informations and suggests response procedures for electronic bank frauds increasingly developed. Using the method to save meaningless data in a memory, attackers cannot deduct accurate information and try voice phishing properly even though they obtain personal information based on the Big Data. This study analyze newly developed social technologic attacks and suggests response procedures for them.

최근 전자금융사기가 급증하여 정부에서 스미싱, 파밍, 피싱, 메모리 해킹에 대한 예방법, 대처 요령을 배포하고 전자금융거래법을 강화하였다. 이에 따라 전자금융사기 방법 또한 진화하고 대처하기 어렵게 변하고 있다. 과거의 무작위 대상로 보이스피싱이 아닌 공격 대상의 개인 정보를 알아내서, 공격대상의 개인정보를 빅데이터로 만들어 치밀하게 분석한다. 분석한 정보를 토대로 보이스피싱을 하는 신종 전자금융사기로 진화하였다. 빅데이터화된 개인정보를 융합한 보이스피싱의 공격 방법을 분석하고 앞으로 점점 더 진화하고 있는 전자금융사기의 대응방안을 제안한다. 메모리에 의미 없는 데이터를 저장하는 방법으로 공격자는 빅데이터 기반으로 개인정보를 획득한다해도 정확한 정보를 도출 시킬 수 없으며 보이스피싱 또한 제대로 할 수 없게 된다. 본 논문에서 새로운 사회공학적 공격을 알아보고 그에 따른 대응방안을 제안한다.

Keywords

References

  1. Young-Arm Kwak, "A Study on Smartphone's Phishing Cases and Security", KECRA, Vol. 14, No. 1, pp. 3-22, 2013.
  2. Hong-Ryeol Ryu, Mo-Ses Hong, Taek-Young Kwon, "A Study of Multiple Password Leakage Factors Caused by Phishing and Pharming Attacks", KIISC, Vol. 23, No. 6, pp. 1225-1229, 2013. https://doi.org/10.13089/JKIISC.2013.23.6.1225
  3. Ji-Sun Shin, "Study on Anti-Phishing Solutions, Related Researches and Future Directions", KIISC, Vol. 23, no. 6, pp. 1037-1047, 2013. https://doi.org/10.13089/JKIISC.2013.23.6.1037
  4. Byung-Seok Yu, Sung-Hyun Yun, "The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing", KCS, Vol. 2, No. 4, pp. 99-14, 2011.
  5. Jae-Saeng Kim, "Big data analysis Technologies and practical examples", KOCON, Vol. 12, No. 1, pp. 14-20, 2014.
  6. Ho-Dae Cho, "Voice Phishing Occurrence and Counterplan", KOCON, Vol. 12, No. 7, pp. 176-182, 2012. https://doi.org/10.5392/JKCA.2012.12.07.176
  7. Si-Young Lee, Hee-Soo Kang, Jong-Sub Moon, "A Study on Smishing Block of Android Platform Environment", KIISC, Vol. 24, No. 5, pp. 975-985, 2014. https://doi.org/10.13089/JKIISC.2014.24.5.975
  8. Dea-Woo Park, "Analysis on Mobile Forensic of Smishing Hacking Attack", JKIICE, Vol. 18, No. 12. pp. 2878-2884, 2014. https://doi.org/10.6109/jkiice.2014.18.12.2878
  9. Seung-hyun Kim, "A financial institution that is targeted phishing / pharming attacks Technology Trends", IEEK, Vol. 6, No. 3. pp. 40-48, 2013.
  10. Dae-Yong Jeong, Kyung-bok Lee, Tae-Hyoung Park, "A Study on Improving the Electronic Financial Fraud Prevention Service: Focusing on an Analysis of Electronic Financial Fraud Cases in 2013", JKIICE, Vol. 24, No. 6. pp. 1243-1261, 2014. https://doi.org/10.13089/JKIISC.2014.24.6.1243
  11. In-woo Park, Dea-woo Park, "A Study of Intrusion Security Research and Smishing Hacking Attack on a Smartphone", JKIICE, Vol. 17, No. 11. pp. 2584-2594, 2013. https://doi.org/10.6109/jkiice.2013.17.11.2588
  12. Choon-Kyon Joo, Ji-Won Yoon, "Discrimination of SPAM and prevention of smishing by sending personally identified SMS(For financial sector)", JKIICE, Vol. 24, No. 4. pp. 645-653, 2014. https://doi.org/10.13089/JKIISC.2014.24.4.645
  13. Seung-Min Rho, "Big Data Analysis Platform Technology R&D Trend through Patent Analysis", Journal of Digital Convergence, Vol. 12, No. 9, pp. 169-175, 2014. https://doi.org/10.14400/JDC.2014.12.9.169
  14. Byung-Chul Kim, "A study on Utilization of Big Data Based on the Personal Information Protection Act", Journal of Digital Convergence, Vol. 12, No. 12. pp. 87-92, 2014. https://doi.org/10.14400/JDC.2014.12.12.87
  15. Jung-Young Ki, Seok-Myoung Gun, Gim-Chang Jae "A study on the success factors of Big Data through an analysis of introduction effect of Big Data", Journal of Digital Convergence, Vol. 12, No. 11. pp. 241-248, 2014. https://doi.org/10.14400/JDC.2014.12.11.241

Cited by

  1. A Study of Security Threats in Bluetooth v4.1 Beacon based Coupon Convergence Service vol.6, pp.2, 2015, https://doi.org/10.15207/JKCS.2015.6.2.065