Journal of Society for e-Business Studies

Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.

Alpaydin, E., Introduction to Machine Learning, Second edition, MIT Press, Cambridge, Massachusetts, 2014.

Choi, E. S. and Lee, K. H., “A Study on Improvement of Effectiveness Using Anomaly Analysis rule modification in Electronic Finance Trading,” Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, No. 3, Jun, 2015.

Data Breach Investigations Report 2015, https://enterprise.verizon.com/resources/reports/dbir.

Duda, R. O., Hart, P. E., and Stork, D. G., Pattern classification: John Wiley & Sons, 2012.

Eldardiry, H., Sricharan, K., Liu, J., Hanley, J., Price, B., Brdiczka, O., and Bart, E., “Multi-source fusion for anomaly detection: using across-domain and across-time peer-group consistency checks,” JoWUA, Vol. 5, No. 2, pp. 39-58, 2014.

Financial Supervisory Service in Korea, http://www.fss.or.kr/promo/bodobbs_view.jsp?seqno=21371.

Grand Theft Data in McAfee, https://www.mcafee.com/enterprise/en-us/assets/reports/rp-data-exfiltration.pdf.

Guyon, I. and Elisseeff, A. An introduction to variable and feature selection, Journal of Machine Learning Research, Vol. 3, pp. 1157-1182, 2003.

Han, H. C., Kim, H. N., and Kim, H. K., “Fraud Detection System in Mobile Payment Service Using Data Mining,” Journal of The Korea Institute of Information Security & Cryptology, Vol. 26, No. 6, 2016.

ISO/IEC/JTC1/SC27, ISO/IEC DTR 13335-1, Guidelines for the Management of IT Security-Part 1: Concepts and Models of IT Security.

ISO17799, What is ISO17799(the ISO Security Standard)?.

Jeong, S., H., Kim, H. N., Shin, Y. S., Lee, T. J., and Kim, H. K., “A Survey of Fraud Detection Research based on Transaction Analysis and Data Mining Technique,” Journal of The Korea Institute of Information Security & Cryptology, Vol. 25, No. 6, pp. 1525-1540, 2015.

Kim, H. D., Kim, J. H., Park, M. S., Cho, S. H., and Kang, P. S., “Insider Threat Detection based on User behavior Model and Novelty Detection Algorithms,” Journal of the Korean Institute of Industrial Engineers, Vol. 43, No. 4, pp. 276-287, 2017.

Kim, Y. G. and Choi, J. Y., “A Study on the Korean company’s readiness against to Insider Threat,” Korea Computer Science Conference, pp. 1087-1089, 2017.

Liang, N. and Biros, D., “Validating Common Characteristics of Malicious Insiders: Proof of Concept Study, In System Sciences (HICSS),” 2016 49th Hawaii International Conference on (pp. 3716-3726), IEEE, Feb 2016.

Lunt, T. F., Jagannathan, R., Lee, R., Whitehurst, A., and Listgarten, S., “Knowledge-based intrusion detection,” In AI Systems in Government Conference, Proceedings of the Annual (pp. 102-107). IEEE, 1989.

Mundie, D. A. Perl, S., and Huth, C. L., “Toward an ontology for insider threat research: Varieties of insider threat definitions,” In Socio-Technical Aspects in Security and Trust (STAST), 2013 Third Workshop on (pp. 26-36), IEEE, Oct 2013.

Na, O. C. and Chang, H. B., “Security Knowledge Classification Framework for Future Intelligent Environment,” The Journal of Society for e-Business Studies, Vol. 20, No. 3, pp. 47-58, 2015.

Park, E. Y. and Yoon, J. W., “A Study of Accident Prevention Effect through Anomaly Analysis in E-Banking,” The Journal of Society for e-Business Studies, Vol. 19, No. 4, pp. 119-134, 2014.

Ponemen Institute, 2017 Global Study on Application Security May 2017.

Shin, H. W., “Methodology to analyze insider risk for the prevention of corporate data leakage,” Korea Computer Science Conference, Vol. 39, No. 1(C), 2012.

Ted, E., Goldberg, H. G. Memory, A., Young, W. T. Rees, B, Pierce, R., and Essa, I. Detecting insider threats in a real corporate database of computer usage activity, In Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 1393-1401), ACM, 2013.

Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E., “The insider threat to information systems and the effectiveness of ISO17799,” Computers & Security, Vol. 24, No. 6, pp. 472-484, 2005.