최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기정보처리학회논문지. KIPS transactions on computer and communication systems 컴퓨터 및 통신 시스템, v.4 no.10, 2015년, pp.349 - 360
이진이 (건국대학교 컴퓨터공학과) , 박두호 (한국정보통신기술협회) , 이창훈 (건국대학교 컴퓨터공학과)
In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-...
핵심어 | 질문 | 논문에서 추출한 답변 |
---|---|---|
스피어 피싱은 무엇인가? | 스피어 피싱은 특정 기관이나 회사의 직원을 타깃으로 설정하고 이메일이나 기타 방법을 통해 접근을 유도하는 공격이며 지능형지속위협(APT, Advanced Persistent Threat)공격의 일종이다. 사용자의 클릭을 유도하기 위해 관련 유사 기관에서 메일을 보내는 것처럼 위장하여 메일을 보내는 경우가 많다. | |
스피어피싱의 접근 유도 단계에서 주로 사용하는 방식은? | 접근 유도 단계는 악성 행위를 하기 위한 사이트로 사용자를 유도하는 행위를 의미한다. 이때 사회공학적 방식이 주로 사용된다. 각 기술은 한 가지만 사용되는 것이 아니라 여러 가지 기술을 복합적으로 사용하여 피싱 사이트로의 접근을 유도한다. | |
효과적인 피싱 대응 방안 연구를 위해서는 무엇이 필요한가? | 효과적인 피싱 대응 방안 연구를 위해서는 피싱 과정에 대한 명확한 이해 및 각 공격 유형에 따른 특징 분석이 필요하다. 이를 위해 본 논문에서는 피싱 절차에 따라 발생하는 악성 행위를 두 단계로 나누어 분석한다. |
Korea Internet and Security Agency [Internet], http://isis.kisa.or.kr/ebook/ebook.html.
Korea Internet and Security Agency. Internet & Security Focus [Internet], https://www.krcert.or.kr/kor/data/reportList.jsp, Nov., 2014.
Korea Communications Commission [Internet], https://www.kisdi.re.kr/kisdi/common/premium?file1%7C12940.
APWG, "Phishing Activity Trends Report 1st Quarter 2014," Jun., 2014.
APWG, "Global Phishing Survey: Trends and Domain Name Use in 1H2014," Oct., 2014.
Telecommunications Technology Association [Internet], http: //word.tta.or.kr.
Gaurav Kumar Chaudhary, "Development Review on Phishing: A Computer Security Threat," International Journal of Advance Research in Computer Science and Management Studies, Vol.2, No.8, pp.55-64, 2014.
M. Nazreen Banu and S. Munawara Banu, "A Comprehensive Study of Phishing Attacks," International Journal of Computer Science and Information Technologies, Vol.4, No.6, pp.783-786, 2013.
Trend Micro Inc., "Spear-Phishing Email: Most Favored APT Attack Bait," Trend Micro Incorporated Research Paper, 2012.
Joongang Ilbo [Internet], http://life.joins.com/news/article/article.asp?Total_ID16844310&ctg12&sid6692.
Thomas Nagunwa, "Behind Identity Theft and Fraud in Cyberspace: The Current Landscape of Phishing Vectors," International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol.3, No.1, pp.72-83, 2014.
PG Research Group, et al., "The Web Identity Prevention: Factors to Consider in The Anti-Phishing Design," International Journal of Engineering Science and Technology, Vol.2, No.7, pp.2807-2812, 2010.
JooHyung Oh, ChaeTae Im, and HyunCheol Jeong, "Technical Trends and Response Methods of Drive-by Download," Communications of the Korean Institute of Information Scientists and Engineer, Vol.28, No.11, pp.112-116, 2010.
The Open Web Application Security Project. Man-in-themiddle attack [Internet], https://www.owasp.org/index.php?titleMan-in-the-middle_attack&setlangen.
Korea Internet and Security Agency, KISA [Internet], http://boho.or.kr/upload/file/EpF850.pdf.
Korea Internet and Security Agency, INTERNET & SECURIT Y FOCUS [Internet], http://www.kisa.or.kr/uploadfile/201502/201502061010089938.pdf, Jan., 2015.
Guang Xiang, et al., "Cantina+: A feature-rich machine learning framework for detecting phishing web sites," ACM Transactions on Information and System Security (TISSEC), Vol.14, No.2, pp.21, 2011.
Imtithal A. Saeed, et al., "A Survey on Malware and Malware Detection Systems," International Journal of Computer Applications, Vol.67, No.16, pp.25-31, 2013.
Luong Anh Tuan Nguyen, et al., "A novel approach for phishing detection using URL-based heuristic," Computing, Management and Telecommunications (ComManTel), 2014 International Conference on. IEEE, pp.298-303, 2014.
Firdous Kausar, et al., "Hybrid Client Side Phishing Websites Detection Approach," International Journal of Advanced Computer Science and Applications (IJACSA), Vol.5, No.7, pp.132-140, 2014.
A. Naga Venkata Sunil and Anjali Sardana, "A pagerank based detection technique for phishing web sites," Computers & Informatics(ISCI), 2012 IEEE Symposium on. IEEE, pp.58-63, 2012.
Neda Abdelhamid, et al., "Phishing detection based Associative Classification data mining," Expert Systems with Applications, Vol.41, No.13, pp.5948-5959, 2014.
R. Gowtham and Ilango Krishnamurthi, "A comprehensive and efficacious architecture for detecting phishing webpages," Computers & Security, Vol.40, pp.23-37, 2014.
Davide Canali, et al., "Prophiler: a fast filter for the largescale detection of malicious web pages," in Proceedings of the 20th international conference on World Wide Web, ACM, pp.197-206, 2011.
Ammar Almomani, et al., "A survey of phishing email filtering techniques," IEEE Communications Surveys & Tutorials, Vol.15, No.4, pp.2070-2090, 2013.
Rami M. Mohammad, et al., "Intelligent rule-based phishing websites classification," The Institution of Engineering and Technology. Information Security, Vol.8, No.3, pp.153-160, 2014.
H. B. Kazemian and S. Ahmed, "Comparisons of machine learning techniques for detecting malicious webpages," Expert Systems with Applications, Vol.42, No.3, pp.1166-1177, 2015.
Yue Zhang, et al., "Cantina: a content-based approach to detecting phishing web sites," WWW '07 Proceedings of the 16th international conference on World Wide Web. ACM, pp.639-648, 2007.
Christian Ludl, et al., "On the effectiveness of techniques to detect phishing sites," Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2007), pp.20-39, 2007.
Ram Basnet, et al., "Detection of phishing attacks: A machine learning approach," Soft Computing Applications in Industry, Springer Berlin Heidelberg, pp.373-383, 2008.
Vibhuti Patel and Hasmukh Patel, "Safe Internet Browsing Using Heuristic Based Technique," International Journal of Engineering Development and Research(IJEDR), Vol.2, No.2, pp.1759-1766, 2014.
Yung-Tsung Hou, et al., "Malicious web content detection by machine learning," Expert Systems with Applications, Vol.37, No.1, pp.55-60, 2010.
Colin Whittaker, et al., "Large-Scale Automatic Classification of Phishing Pages," NDSS, Vol.10, 2010.
V. Santhana Lakshmi and M. S. Vijaya, "Efficient prediction of phishing websites using supervised learning algorithms," Procedia Engineering, Vol.30, pp.798-805, 2012.
Albert Hung-Ren Ko and Robert Sabourin, "Single Classifierbased Multiple Classification Scheme for weak classifiers: An experimental comparison," Expert Systems with Applications, Vol.40, No.9, pp.3606-3622, 2013.
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
출판사/학술단체 등이 한시적으로 특별한 프로모션 또는 일정기간 경과 후 접근을 허용하여, 출판사/학술단체 등의 사이트에서 이용 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.