LNCS 8909 Free ebooks ==> www.ebook777.com Kyung-Hyune Rhee Jeong Hyun Yi (Eds.) Information Security Applications 15th International Workshop, WISA 2014 Jeju Island, Korea, August 25–27, 2014 Revised Selected Papers 123 www.ebook777.com Free ebooks ==> www.ebook777.com Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany 8909 Free ebooks ==> www.ebook777.com More information about this series at http://www.springer.com/series/7410 www.ebook777.com Free ebooks ==> www.ebook777.com Kyung-Hyune Rhee Jeong Hyun Yi (Eds.) • Information Security Applications 15th International Workshop, WISA 2014 Jeju Island, Korea, August 25–27, 2014 Revised Selected Papers 123 Free ebooks ==> www.ebook777.com Editors Kyung-Hyune Rhee Pukyong National University Busan Korea, Republic of (South Korea) Jeong Hyun Yi School of Computer Science and Engineering Soongsil University Seoul Korea, Republic of (South Korea) ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-319-15086-4 ISBN 978-3-319-15087-1 (eBook) DOI 10.1007/978-3-319-15087-1 Library of Congress Control Number: 2014960251 LNCS Sublibrary: SL4 – Security and Cryptology Springer Cham Heidelberg New York Dordrecht London © Springer International Publishing Switzerland 2015 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (www.springer.com) www.ebook777.com Free ebooks ==> www.ebook777.com Preface The 15th International Workshop on Information Security Applications (WISA 2014) was held at Ocean Suites Jeju Hotel, Jeju Island, Korea, during August 25–27, 2014 The workshop was hosted by Korea Institute of Information Security and Cryptology (KIISC) and sponsored by the Ministry of Science, ICT and Future Planning (MSIP) Also it was co-sponsored by Korea Internet and Security Agency (KISA), Electronics and Telecommunications Research Institute (ETRI), National Security Research Institute (NSRI), AhnLab, Korea Information Certificate Authority (KICA), REDBC, and UNET systems The excellent arrangement was led by the WISA 2014 General Chair, Prof Heekuck Oh and Organizing Chair, Prof Jin Kwak This year WISA 2014 provided an open forum for exchanging and sharing of ongoing hot issues and results of research, development, and applications on information security areas The Program Committee prepared a meaningful program including keynote speech from Prof Gail-Joon Ahn of Arizona State University, USA, and an invited talk from Mr Patrick Youn of Symantec, Korea The workshop had roughly six tracks such as System Security (Track 1), Network Security (Track 2), Hardware Security (Track 3), Applied Cryptography including Cryptography (Track 4), Vulnerability Analysis (Track 5), and Critical Infrastructure Security and Policy (Track 6) We received 69 paper submissions from 10 countries, covering all areas of information security, more precisely, 20 submissions for Track 1, 15 submissions for Track 2, submissions for Track 3, 16 submissions for Track 4, submissions for Track 5, submissions for Track We would like to thank all authors who submitted papers Each paper was reviewed by at least three reviewers External reviewers as well as Program Committee members contributed to the reviewing process from their particular areas of expertise The reviewing and active discussions were provided by a web-based system, EDAS Through the system, we could check the amount of similarity between the submitted papers and the already published papers to prevent plagiarism and self-plagiarism Following the severe reviewing processes, 31 outstanding papers from countries were accepted for publication in this volume of Information Security Applications More precisely, they were papers for Track 1, papers for Track 2, papers for Track 3, papers for Track 4, papers for Track 5, and papers for Track Many people contributed to the success of WISA 2014 We would like to express our deepest appreciation to each of the WISA Organizing and Program Committee members as well as paper contributors Without their dedication and professionalism, WISA 2014 could not be made August 2014 Kyung-Hyune Rhee Jeong Hyun Yi Free ebooks ==> www.ebook777.com Organization General Chair Heekuck Oh Hanyang University, Korea Organizing Committee Chair Jin Kwak Soonchunhyang University, Korea Organizing Committee Hyo Beom Ahn Jongsung Kim Changhoon Lee Donghoon Lee Im-young Lee Kyungho Lee Namje Park Changho Seo Jungtaek Seo Taeshik Shon Kyungho Son Sangsoo Yeo Kongju National University, Korea Kookmin University, Korea SeoulTech, Korea Korea University, Korea Soonchunhyang University, Korea Korea University, Korea Jeju National University, Korea Kongju National University, Korea National Security Research Institute, Korea Ajou University, Korea Korea Internet and Security Agency, Korea Mokwon University, Korea Program Committee Co-chairs Kyung-Hyune Rhee Jeong Hyun Yi Pukyong National University, Korea Soongsil University, Korea Program Committee Gail-Joon Ahn Man Ho Au Padro Carles Sang Kil Cha Seong-je Cho Dooho Choi Hyoung-Kee Choi Byung-Gon Chun Dieter Gollmann Arizona State University, USA University of Wollongong, Australia Nanyang Technological University, Singapore Carnegie Mellon University, USA Dankook University, Korea ETRI, Korea Sungkyunkwan University, Korea Intel, USA Technische Universität Hamburg-Harburg, Germany www.ebook777.com Free ebooks ==> www.ebook777.com VIII Organization Dong-Guk Han Jinguang Han Swee-Huay Heng Seokhie Hong Eul Gyu Im Seung-Hun Jin Namhi Kang Daeyoub Kim Ho Won Kim Huy Kang Kim Hyoungshick Kim Jeong Nyeo Kim Jong Kim Seungjoo Kim Yongdae Kim Taekyoung Kwon Jin Wook Lee KyungHee Lee Mun-Kyu Lee Sangjin Lee Zhen Ling John Chi Shing Lui Di Ma Yutaka Miyake Kirill Morozov Collin Mulliner Daehun Nyang Susan Pancho-Festin Raphael Phan Christina Poepper Junghwan Rhee Kouichi Sakurai Seungwon Shin Kiwook Sohn Tzong-Chen WU Chao Yang Chung-Huang Yang Yanjiang Yang Dae Hyun Yum Xuehui Zhang Yunlei Zhao Kookmin University, Korea Nanjing University of Finance and Economics, China Multimedia University, Malaysia Korea University, Korea Hanyang University, Korea ETRI, Korea Duksung Women’s University, Korea University of Suwon, Korea Pusan National University, Korea Korea University, Korea Sungkyunkwan University, Korea ETRI, Korea POSTECH, Korea Korea University, Korea KAIST, Korea Yonsei University, Korea Samsung Electronics, Korea Samsung Electronics, Korea Inha University, Korea Korea University, Korea Southeast University, China Chinese University of Hong Kong, Hong Kong University of Michigan-Dearborn, USA KDDI R&D Laboratories Inc., Japan Kyushu University, Japan Northeastern University, USA Inha University, Korea University of the Philippines, Philippines Multimedia University, Malaysia Ruhr University Bochum, Germany NEC Laboratories America, USA Kyushu University, Japan KAIST, Korea The Attached Institute of ETRI, Korea National Taiwan University of Science and Technology, Taiwan Texas A&M University, USA National Kaohsiung Normal University, Taiwan Institute for Infocomm Research, Singapore Myongji University, Korea Oracle, USA Fudan University, China Free ebooks ==> www.ebook777.com Organization External Reviewers Byungha Choi Naixuan Guo Woo Yeon Lee Minkyu Park Wun-She Yap Wei Chuen Yau Youngho Park Chul Sur Dankook University, Korea Southeast University, China Seoul National University, Korea KonKuk University, Korea Universiti Tunku Abdul Rahman, Malaysia Multimedia University, Malaysia Pukyong National University, Korea Busan University of Foreign Studies, Korea www.ebook777.com IX Free ebooks ==> www.ebook777.com Contents Malware Detection ADAM: Automated Detection and Attribution of Malicious Webpages Ahmed E Kosba, Aziz Mohaisen, Andrew West, Trevor Tonn, and Huy Kang Kim Detection of Heap-Spraying Attacks Using String Trace Graph Jaehyeok Song, Jonghyuk Song, and Jong Kim 17 A Simple Yet Efficient Approach to Combat Transaction Malleability in Bitcoin Ubaidullah Rajput, Fizza Abbas, Rasheed Hussain, Hasoo Eun, and Heekuck Oh 27 Mobile Security Before Unrooting your Android Phone, Patching up Permission System First! Zhongwen Zhang 41 I’ve Got Your Number: Harvesting Users’ Personal Data via Contacts Sync for the KakaoTalk Messenger Eunhyun Kim, Kyungwon Park, Hyoungshick Kim, and Jaeseung Song 55 Analyzing Unnecessary Permissions Requested by Android Apps Based on Users’ Opinions Jina Kang, Daehyun Kim, Hyoungshick Kim, and Jun Ho Huh 68 Vulnerability Analysis Reconstructing and Visualizing Evidence of Artifact from Firefox SessionStorage Shinichi Matsumoto, Yuya Onitsuka, Junpei Kawamoto, and Kouichi Sakurai Analyzing Security of Korean USIM-Based PKI Certificate Service Shinjo Park, Suwan Park, Insu Yun, Dongkwan Kim, and Yongdae Kim 83 95 Free ebooks ==> www.ebook777.com 392 Y You et al – D.14 System and Services Acquisition – D.16 System and Information Integrity 3.3 Summary of Simulation Integrating above results is possible to decision-making on security investments ‘L’ power plant for example, need to take complementary measures from M/SR/R and Weighted Arithmetic standpoint First, if the domain is showed on both formula, it is the first to be considered Then, it is possible by calculating the Weight of Domains and Mandatory ratio of C.B.I, to determine the priority of investment as follows D.1 Access Control D.10 Physical and Environmental Protection D.5 Contingency Planning D.15 System and Communications Protection D.6 Identification and Authentication D.14 System and Services Acquisition D.16 System and Information Integrity This accuracy and depth is less when compared with Risk Analysis However, this will take least cost, simplified and assessed in rapid rate when applied to all institutions Thus, it is possible to effectively invest in security Process of Using Advanced Security Assessment A.S.A can be used in following process (Fig 6) Fig Process of using Advanced Security Assessment Prior management list is deducted after performing Advanced Security Assessment through Arithmetic, C.B.I and Weighted Arithmetic With the result of Advanced Security Assessment, organization will make the means to improve the security status of the domain based on the priority Among the control items that is positioned in high priority domain, organization will consider their security investment capacity to select the control item Then, improvement will be conducted based on the selected control item After the improvement, organization will once again perform Advanced Security Assessment In the process of performing Advanced Security Assessment, C.B.I will be www.ebook777.com Free ebooks ==> www.ebook777.com Advanced Security Assessment for Control Effectiveness 393 edited and weight is recalculated This paper suggest that effective and efficient security management is possible when Advanced Security Assessment is applied in the cycle Conclusion As simulated above, each formula is able to support the decision making for security measure We must deal with mandatory item first in the C.B.I If we not take a security measure of mandatory item, the facility will face critical problem After that, we take a measure of strongly recommended item and recommended item in sequence Also, we are able to cut low weighted domain out the priority of measurement and can deal with high weighted domain first If the high weighted domain is improved, we will be able to take the measure of the low weighted domain This way, facilities will improve the effect of security investment Although the risk analysis is precise, in reality, it is almost impossible to analyze risk of all the organizations periodically However, utilizing this formula makes it possible to make assessment per year or half-year And through assessment, it is also possible to set directions of security management Advanced security assessment is able to compensate the weakness of existing fragmentary security assessment And it is able to present the whole view of security status based on industrial character Furthermore, this assessment not only applicable to thermal power station but also whole of energy industry and critical infrastructure Acknowledgement This research was supported by the MSIP(Ministry of Science, ICT and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (NIPA-2014-H0301-14-1004) supervised by the NIPA(National IT Industry Promotion Agency) References International Organization for Standardization, ISO 27001 (2013) National Institute of Standards and Technology, NIST Special Publication 800-53 (2009) National Institute of Standards and Technology, NIST Special Publication 800-55 (2007) Weiss, J.: Industrial control system (ICS) cyber security for water and wastewater systems In: Clark, R.M., Hakim, S (eds.) Securing Water and Wastewater Systems Protecting Critical Infrastructure, vol 2, pp 87–105 Springer, New York (2014) Chang, S.E., Ho, C.B.: Organizational factors to the effectiveness of implementing information security management Ind Manage Data Syst 106(3), 345–361 (2006) Kankanhalli, A., et al.: An integrative study of information systems security effectiveness Int J Inf Manage 23(2), 139–154 (2003) Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures Against Spear Phishing Misun Song, JunSeok Seo, and Kyungho Lee(&) Center for Information Security Technologies, Korea University, Seoul, Korea {misun1535,js_seo,kevinlee}@korea.ac.kr Abstract The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack Furthermore, the need for countermeasures to the attack was presented Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g e-mail filtering system) cannot follow the trend utilized by most attackers Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing There is an urgent need to accomplish these objectives because the attack is gradually evolving In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data Keywords: Phishing Á Social engineering Á Policy Á Simulation Introduction Spear phishing, named after a fishing method, refers to an attack used to steal the personal information of a specific target such as a senior government executive or a military officer This new type of phishing (spear phishing) has appeared as the damage caused by preexisting phishing attacks increased The defining characteristic of spear phishing is that the attack is targeted on specific purpose So the attackers can obtain information in advance from posts on a user’s blog or his LinkedIn and Facebook pages Utilizing this data, an attacker can send an e-mail containing information relevant to the target, as well as a payload in the form of a file or URL link If the target opens or downloads the file, or clicks on the URL, the attackers can obtain personal or financial information on the target Spear phishing poses a serious threat to corporations owing to the possibility of access to trade secrets and other classified information This issue was underscored by the ICS Spear Phishing announcement made at the 2013 edition of Digital Bond’s © Springer International Publishing Switzerland 2015 K.-H Rhee and J.H Yi (Eds.): WISA 2014, LNCS 8909, pp 394–404, 2015 DOI: 10.1007/978-3-319-15087-1_31 www.ebook777.com Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures 395 SCADA Security Scientific Symposium (S4) [1, 13] The data presented indicates that a quarter of the ICS asset owners who participated in the spear-phishing mail test clicked the link If they did not have an updated security patch, the attacker could obtain access rights to their system Moreover, according to the 2013 news report, spear phishing is a social issue owing to the estimated significant damage produced by the attack Reference [2] Based on an analysis of the Phishing Activity Trends Report 2013 (Table 1, Fig 1), the percentage of spear phishing attempts increased from 35 % to 73 % In addition, the attacks initiated on sites that not utilize port 80 have increased steadily (Table 1, Fig 2) [3–6] In spite of these problems, corporations have yet to establish any security policy or standard operating procedures Table Phishing Activity Trends Report 2013 (1st quarter-3rd quarter), Phishing Activity Trends Report 2012 (4th quarter) [3–6] January February March April May June Contain some form of target name in URL 50.03 50.75 55.89 50.92 57.45 51.52 No hostname; only IP address 1.84 1.92 5.24 4.57 5.23 5.26 Percentage of sites not using port 80 1.36 2.33 0.64 0.38 0.45 0.80 July August September October November December Contain some form of target name in URL 35.24 73.51 56.22 60.31 54.23 53.59 No hostname; only IP address 0.15 3.20 1.73 1.63 1.87 1.93 Percentage of sites not using port 80 0.04 0.32 0.86 0.30 0.24 1.04 (UNIT: %) Concepts, Model, and/or Methodology Even though they are not legally obligated to so, several organizations perform simulations to assess their defense against malicious mail The common procedures employed during the simulations are as follows First, all members of an organization receive a malicious mail without any advance notice Second, if a member clicks on the malicious URL or downloads the attached file, a warning mail should be sent to him (or her) As illustrated in Fig 3, in spear phishing, the target is decided in advance Since the adversary researches the environment of the target beforehand, the probability of a successful attack is high Furthermore, because it is difficult to capture the adversary, the best method for an e-mail account owner to avoid the attack is to be careful and with cautious Free ebooks ==> www.ebook777.com 396 M Song et al Fig Number of unique phishing websites detected [3–6] Fig Target name in URL and percentage of sites not using port 80 [3–6] Thus, it is crucial to introduce some policy with consideration of phishing attack’s characteristic as described in Fig which shows policy making processes In this paper, the author tries to design simulation score system model after analyzing the principle of spear phishing attacks to overcome limitation of existing e-mail filtering system After performing the simulation score system modeling, classify the people who read the e-mail, downloaded the file, and reported the e-mail Based on the compiled data, utilize the statistics to provide additional security education and enhance security regulations [12] In addition, privileged members such as the database server administrator should construct a virtual environment to minimize the damage to an organization’s assets in the case of infection by malicious e-mails Furthermore, monitoring technologies such as intrusion detection systems (IDS) and intrusion prevention systems (IPS) should be employed for the initial detection of these attacks [16] www.ebook777.com Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures 397 Fig Spear Phishing attack scenarios [11] Fig Policy making processes Experiments, Simulation, and/or Analysis According to the analysis of Trend Micro, trusted and frequently utilized filename extensions such as RTF, XLS, and ZIP are commonly employed in spear phishing attacks (Fig 5) In addition, the attacker frequently changes the URL leading to the malicious sites [14, 15, 17] Therefore, policies concerning the simulations, including their timing, target and period, must be mandated prior to any further attacks (Fig 6) The simulation timing is determined in advance to be once a quarter or at a specific date If a simulation is performed regularly, it should be conducted four times a year, and if the simulation score does not at least match a standard score, the frequent simulation is carried out In this scenario, the simulation time is performed at a particular date such as a personnel change time, evaluation time, year-end adjustment period, the budget cleanup time, payday of month, and the date of previous occurrence of a distributed denial of service (DDoS) attack If an e-mail simulation is to be performed at a specific date, it should be similar to the actual attack If a simulation is performed regularly, that process should be conducted at the corporate level If, however, a simulation is performed frequently, the targets of evolution will be the issued team and the other team members will be randomly chosen Free ebooks ==> www.ebook777.com 398 M Song et al For example, during a personnel change, the targets of evolution are the human resources team and the randomly chosen members belong to another team such as the administrating department, planning department, or sales department The various members should occupy diverse roles The proportion of the chosen members should differ according to the size of the organization If a corporation employs more than 1000 employees, the proportion of the other department members should be 10 % of all employees In the case of 300 to 1,000 employees (mid-sized organization), the proportion of the other department members chosen should be % of all employees For a small to mid-sized organization of 20 to 300 employees, the proportion of other department members chosen should be % of all employees A small business, with fewer than 10 employees, should chose % of all employees from the other department members The proportion of the randomly chosen members should be based on the numbers given above, but can be adjusted within a % margin Fig Top attached file types of spear-phishing in e-mail Finally, if the simulation is performed regularly, it should be implemented and completed within a week from having written the e-mails to having collected the contents On Day 1, e-mails are written and sent to the members; then, the data from the simulation e-mails are collected from Day until the morning of Day On Day 5, the gathered data are compiled to obtain the statistics encompassing categories such as the number of people who downloaded the file, clicked the link, and ran the file in the e-mail Once the statistics have been reported, the simulation ends www.ebook777.com Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures 399 Fig Simulation procedures and standards However, an organization performs different types of operations, and it may be the case that the simulation constitutes another considerable task If the regular simulation is the main simulation, and the result of the statistical calculation does not exceed the standard infection rates, the frequent simulation can be omitted On the other hand, if the infection rates are higher than the infection rates of other organizations, the frequent simulation can be performed Thus, this scoring procedure, which could be mandated by policy, incentivizes or penalizes an organization based on its performance Fig Simulation score system modeling Free ebooks ==> www.ebook777.com 400 M Song et al For example, assume an organization hires 100 employees, having 20 members each in five departments After simulation, each department imposes a 0.5 point penalty to each member who read the mail, a 0.5 + 0.5 * 0.5 point penalty to the ones who downloaded the attached Table Example of simulation scores system (Continued) www.ebook777.com Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures 401 Table (Continued) file, a point penalty to the ones who clicked the link, or who executed the attached file The penalty points are then deducted from 100 (the standard number of points) and added to the product of the number that members who reported the spam mail and Free ebooks ==> www.ebook777.com 402 M Song et al Table Example of the Simulation results belonging to the department with below average results 10 % (0.1) (Fig 7, Table 2) The departments whose total number falls below the average should be instructed to simulate frequently until the score is above average (Table 3) Table describes an example of executing the regular test on an organization which consists of departments (each department has 20 members) The average score of this organization is 51.975, and department B and D’s scores are under the average Therefore, these two departments should be the subject for occasion test Table is an example of executing the occasion test for department B Before testing, testers have to consider the different objective scores for each organization, since the methods used in the spear phishing attack differ by the characteristic, size, security level of target organization This objective score means the minimum level of security that organization should maintain First, the level of security for target organization is calculated by conducting simulation score system suggested in this paper And then target organization decides the objective goal that needs to be maintained to counter phishing attacks With accumulating the data by conducting tests for several years, analyzing the level of security by departments would be easier Additionally, an organization can determine the criteria for regular test to prevent spear phishing attacks if it is possible to www.ebook777.com Free ebooks ==> www.ebook777.com Study on the Effectiveness of the Security Countermeasures 403 get data from other organizations The method suggested in this paper is quite useful when it comes to organizing budget on security and education to prevent future spear phishing attacks Conclusions On the surface this paper contains information on the definition, attack principle, problem, and severity of spear phishing attack appear to be well-recognized However, no security countermeasures to spear phishing have been established and users are left with the suggestion that they should read emails carefully The customary method is not sufficient to counteract the spear phishing attack (E-mail filtering system etc.) Therefore, the author suggests utilizing existing e-mail filtering system used by organization as the effective countermeasure against the spear phishing attack It took the form of a policy that mandated a simulation that mimicked the real-world environment as closely as possible Detailed information pertaining to the spear phishing attack, such as collection procedures of data, timing, and target was prepared, and the damage caused by spear phishing was presented numerically These figures were utilized to determine security awareness and educational status, as well as to provide a means to frequently update these measures The proposed simulation is the best policy to counteract the spear phishing attack, from large to small organizations It is the authors’ belief that mandatory enforcement of the proposed simulation will prove to be the most effective method of preventing the attack within the shortest time frame Future work will involve considering how the proposed simulation procedure will be mandated by policy Acknowledgements This work was supported by the IT R&D program of MSIP/KEIT [010041560, A development of anomaly detection and a multi-layered response technology to protect an intranet of a control system for the availability of pipeline facilities] References McDowell, M.: Avoiding Social Engineering and Phishing Attacks United States Computer Emergency Readiness Team (2013) http://www.us-cert.gov/ncas/tips/st04-014 Accessed 06 February 2013 http://news.heraldcorp.com/view.php?ud=20131230000115&md=20140102004031_AT Accessed 30 December 2013 Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 1st Quarter 2013 http://docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf Accessed 23 July 2013 Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 2nd Quarter 2013 (2013) http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf Accessed November 2013 Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 3rd Quarter 2013 (2013) http://docs.apwg.org/reports/apwg_trends_report_q3_2013.pdf Accessed 10 February 2013 Free ebooks ==> www.ebook777.com 404 M Song et al Anti-Phishing Working Group (APWG) (2012) Phishing Activity Trends Report, 4th Quarter 2012 (2012) http://docs.apwg.org/reports/apwg_trends_report_Q4_2012.pdf Accessed 24 April 2013 http://www.asiatoday.co.kr/news/view.asp?seq=907299 Accessed 11 December 2013 http://www.social-engineer.org/ Accessed 2014 https://efraudprevention.net/home/assets/img/spear_phishing.jpg Accessed 2014 10 http://iconixtruemark.wordpress.com/2011/06/ Accessed 30 June 2011 11 Schackleford, D.: The APT is Dead Long Live the SST! WordPress Blog (2011) http:// daveshackleford.com/?m=201103 Accessed 21 March 2011 12 Choi, K.-H., Lee, D.H.: A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention Multimedia Tools Appl (2013) Doi:10.1007/s11042-013-1727-y http://link.springer.com/article/10.1007% 2Fs11042-013-1727-y 13 http://www.digitalbond.com/blog/2013/01/30/s4x13-video-ics-spear-phishing/ Accessed 30 January 2013 14 http://www.plixer.com/blog/advanced-persistent-threats-2/internet-threat-defense-solutionpart-2/ Accessed 16 February 2013 15 http://securityaffairs.co/wordpress/8390/malware/fireeye-advanced-threat-report-theinadequacy-of-the-defense.html Accessed September 2012 16 Kim, Y.-H., Park, W.H.: A study on cyber threat prediction based on intrusion detection event for APT attack detection Multimedia Tools Appl (2012) Doi:10.1007/s11042-0121275-x http://link.springer.com/article/10.1007/s11042-012-1275-x 17 Townsend, K.: Spear-phishing is the single biggest threat to cyber security today WordPress Blog (2012) http://kevtownsend.wordpress.com/2012/12/07/spear-phishing-is-the-singlebiggest-threat-to-cyber-security-today/ Accessed December 2014 www.ebook777.com Free ebooks ==> www.ebook777.com Author Index Kim, Kyoung-Ho 358 Kim, Taesung 331 Kim, Woonyon 345, 358 Kim, Yongdae 95, 321 Kosba, Ahmed E Abbas, Fizza 27, 216 Ahn, Sungjun 331 Alrawi, Omar 107 Bhuiyan, Mansurul 202 Chang, Chun-Ruei 177 Chang, Yeop 345, 358 Chau, Ngoc-Tu 190 Chen, Chao-Lieh 177 Chen, Shen-Chien 177 Choi, Dooho 331 Choi, Jongseok 150 Choi, Seungoh 345 de Almeida, Antonio Sobreira 283 Labrou, Yannis 202 Lee, Kyungho 383, 394 Lee, Pil Joong 231 Lee, Seungkwang 331 Lee, Yeoncheol 307 Li, Hongda 269 Lin, Chia-Fei 177 Lin, Jingqiang 295 Liu, Zhe 150 Huh, Jun Ho 68 Hussain, Rasheed 27, 216 Matsumoto, Shinichi 83 Miyaji, Atsuko 137 Mohaisen, Aziz 3, 107, 202 Mu, Yi 244, 257 Müller-Quade, Jörn 283 Im, Chaetae 165 Ito, Ryoma 137 Nguyen, Minh-Duong 190 Nogami, Yasuyuki 150 Javed, Ashar 122 Jing, Jiwu 295 Joo, Minkyu 231 Jung, Seungwook 190 Jung, Souhwan 190 Oh, Heekuck 27, 216 Oh, Joohyung 165 Oh, Sangkyo 383 Onitsuka, Yuya 83 Elashry, Ibrahim 257 Eun, Hasoo 27, 216 Kang, Dongwan 165 Kang, Jina 68 Kawamoto, Junpei 83 Kim, Daehyun 68 Kim, Dongkwan 95 Kim, Eunhyun 55 Kim, Howon 150, 307 Kim, Huy Kang Kim, Hyoungshick 55, 68 Kim, Hyung-Jong 370 Kim, Ji-Yeon 370 Kim, Jong 17 Pan, Wuqiong 295 Park, Kyungwon 55 Park, Shinjo 95 Park, Suwan 95 Rajput, Ubaidullah 27, 216 Sakurai, Kouichi 83 Schwenk, Jörg 122 Seo, Hwajeong 150, 307 Seo, JunSeok 394 Song, Jaehyeok 17 Song, Jaeseung 55 Song, Jonghyuk 17 Free ebooks ==> www.ebook777.com 406 Author Index Song, Misun 394 Susilo, Willy 244, 257 Tang, Fei 269 Thorncharoensri, Pairat 244 Tonn, Trevor West, Andrew You, Youngin 383 Yun, Insu 95 Yun, Jeong-Han 345, 358 Zhang, Zhongwen 41 Zhao, Yuan 295 Zheng, Fangyu 295 www.ebook777.com ... on Information Security Applications (WISA 2014) was held at Ocean Suites Jeju Hotel, Jeju Island, Korea, during August 25–27, 2014 The workshop was hosted by Korea Institute of Information Security. .. More information about this series at http://www.springer.com/series/7410 www.ebook777.com Free ebooks ==> www.ebook777.com Kyung-Hyune Rhee Jeong Hyun Yi (Eds.) • Information Security Applications. .. co-sponsored by Korea Internet and Security Agency (KISA), Electronics and Telecommunications Research Institute (ETRI), National Security Research Institute (NSRI), AhnLab, Korea Information Certificate