The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Detecting Abnormalities in Fraud Detection System through the Analysis of Insider Security Threats

내부자 보안위협 분석을 통한 전자금융 이상거래 탐지 및 대응방안 연구

  • Lee, Jae-Yong (Graduate School of Information Security, Korea University) ;
  • Kim, In-Seok (Graduate School of Information Security, Korea University)
  • Received : 2018.10.19
  • Accepted : 2018.11.27
  • Published : 2018.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.

기존의 전자금융 이상거래 분석 및 탐지기술은 전자금융 업무시스템으로부터 발생된 대량의 전자금융 거래로그를 빅데이터 기반의 저장 공간으로 수집하고, 기존 고객의 거래패턴 프로 파일링 및 다양한 사고거래를 분석한 탐지룰을 이용하여 비정상적인 이상거래를 실시간 또는 준 실시간으로 탐지하고 있다. 하지만, 정작 피해금액 규모 및 사회적 파급효과가 큰 금융회사 내부자의 전자금융 부정접속 시도 및 내부 통제환경의 우회를 통한 전자금융 이용자의 중요정보 탈취와 같은 적극적인 분석은 제대로 이루어지지 못하고 있다. 이에 본 논문에서는 금융회사의 전자금융 보안프로그램에 대한 관리 실태를 분석하고, 관리상 취약점을 악용한 내부자의 보안통제 우회사고 가능성 도출한다. 또한, 이를 효율적으로 대응하기 위하여 기존 전자금융 이상거래탐지시스템에 더불어 내부자 위협모니터링과 연계한 포괄적인 전자금융 보안관리 환경을 제시하고자 한다.

Keywords

KJGRBH_2018_v23n4_153_f0001.png 이미지

Current Status of Financial Accident

KJGRBH_2018_v23n4_153_f0002.png 이미지

Example of Mainframe RACF Setup Profile Information

KJGRBH_2018_v23n4_153_f0003.png 이미지

Mainframe RACF Monitoring log Sample

KJGRBH_2018_v23n4_153_f0004.png 이미지

Server Security Architecture

KJGRBH_2018_v23n4_153_f0005.png 이미지

Electronic Financial Security Program Access Control Log Screen

KJGRBH_2018_v23n4_153_f0006.png 이미지

Security Platform Diagram

KJGRBH_2018_v23n4_153_f0007.png 이미지

FDS Analysis Diagram

Status by Size of Financial Accident

KJGRBH_2018_v23n4_153_t0001.png 이미지

Status by Type of Financial Accident

KJGRBH_2018_v23n4_153_t0002.png 이미지

Behavior of Financial Accidents by Step of Insider

KJGRBH_2018_v23n4_153_t0003.png 이미지

Mainframe RACF Settings Profile Description

KJGRBH_2018_v23n4_153_t0004.png 이미지

Information Collected for Analysis of Electronic Finance Abnormalities

KJGRBH_2018_v23n4_153_t0005.png 이미지

Additional Information for Analysis of Insider Abnormalities

KJGRBH_2018_v23n4_153_t0006.png 이미지

References

  1. Alpaydin, E., Introduction to Machine Learning, Second edition, MIT Press, Cambridge, Massachusetts, 2014.
  2. Choi, E. S. and Lee, K. H., "A Study on Improvement of Effectiveness Using Anomaly Analysis rule modification in Electronic Finance Trading," Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, No. 3, Jun, 2015.
  3. Data Breach Investigations Report 2015, https://enterprise.verizon.com/resources/reports/dbir.
  4. Duda, R. O., Hart, P. E., and Stork, D. G., Pattern classification: John Wiley & Sons, 2012.
  5. Eldardiry, H., Sricharan, K., Liu, J., Hanley, J., Price, B., Brdiczka, O., and Bart, E., "Multi-source fusion for anomaly detection: using across-domain and across-time peer-group consistency checks," JoWUA, Vol. 5, No. 2, pp. 39-58, 2014.
  6. Financial Supervisory Service in Korea, http://www.fss.or.kr/promo/bodobbs_view.jsp?seqno=21371.
  7. Grand Theft Data in McAfee, https://www.mcafee.com/enterprise/en-us/assets/reports/rp-data-exfiltration.pdf.
  8. Guyon, I. and Elisseeff, A. An introduction to variable and feature selection, Journal of Machine Learning Research, Vol. 3, pp. 1157-1182, 2003.
  9. Han, H. C., Kim, H. N., and Kim, H. K., "Fraud Detection System in Mobile Payment Service Using Data Mining," Journal of The Korea Institute of Information Security & Cryptology, Vol. 26, No. 6, 2016.
  10. ISO/IEC/JTC1/SC27, ISO/IEC DTR 13335-1, Guidelines for the Management of IT Security-Part 1: Concepts and Models of IT Security.
  11. ISO17799, What is ISO17799(the ISO Security Standard)?.
  12. Jeong, S., H., Kim, H. N., Shin, Y. S., Lee, T. J., and Kim, H. K., “A Survey of Fraud Detection Research based on Transaction Analysis and Data Mining Technique,” Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, No. 6, pp. 1525-1540, 2015. https://doi.org/10.13089/JKIISC.2015.25.6.1525
  13. Kim, H. D., Kim, J. H., Park, M. S., Cho, S. H., and Kang, P. S., “Insider Threat Detection based on User behavior Model and Novelty Detection Algorithms,” Journal of the Korean Institute of Industrial Engineers, Vol. 43, No. 4, pp. 276-287, 2017. https://doi.org/10.7232/JKIIE.2017.43.4.276
  14. Kim, Y. G. and Choi, J. Y., "A Study on the Korean company's readiness against to Insider Threat," Korea Computer Science Conference, pp. 1087-1089, 2017.
  15. Liang, N. and Biros, D., "Validating Common Characteristics of Malicious Insiders: Proof of Concept Study, In System Sciences (HICSS)," 2016 49th Hawaii International Conference on (pp. 3716-3726), IEEE, Feb 2016.
  16. Lunt, T. F., Jagannathan, R., Lee, R., Whitehurst, A., and Listgarten, S., "Knowledge-based intrusion detection," In AI Systems in Government Conference, Proceedings of the Annual (pp. 102-107). IEEE, 1989.
  17. Mundie, D. A. Perl, S., and Huth, C. L., "Toward an ontology for insider threat research: Varieties of insider threat definitions," In Socio-Technical Aspects in Security and Trust (STAST), 2013 Third Workshop on (pp. 26-36), IEEE, Oct 2013.
  18. Na, O. C. and Chang, H. B., “Security Knowledge Classification Framework for Future Intelligent Environment,” The Journal of Society for e-Business Studies, Vol. 20, No. 3, pp. 47-58, 2015. https://doi.org/10.7838/jsebs.2015.20.3.047
  19. Park, E. Y. and Yoon, J. W., “A Study of Accident Prevention Effect through Anomaly Analysis in E-Banking,” The Journal of Society for e-Business Studies, Vol. 19, No. 4, pp. 119-134, 2014. https://doi.org/10.7838/jsebs.2014.19.4.119
  20. Ponemen Institute, 2017 Global Study on Application Security May 2017.
  21. Shin, H. W., "Methodology to analyze insider risk for the prevention of corporate data leakage," Korea Computer Science Conference, Vol. 39, No. 1(C), 2012.
  22. Ted, E., Goldberg, H. G. Memory, A., Young, W. T. Rees, B, Pierce, R., and Essa, I. Detecting insider threats in a real corporate database of computer usage activity, In Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 1393-1401), ACM, 2013.
  23. Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E., "The insider threat to information systems and the effectiveness of ISO17799," Computers & Security, Vol. 24, No. 6, pp. 472-484, 2005. https://doi.org/10.1016/j.cose.2005.05.002