FAIR-Based Cyber Influence Damage Assessment for Exploit in Mobile Device

  • Mookyu Park
  • Jaehyeok Han
  • Junwoo Seo
  • Haengrok Oh
  • Kyungho LeeEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 971)


Recently, as the utilization rate for mobile devices has increased, cyber attacks targeting them have been increasing. Cyber attacks such as ransomware in general network space have started to spread to mobile devices. In addition, malware that exploits mobile vulnerabilities is also increasing rapidly. Threats to these mobile devices could cause negative damage to human life. Thus, the cyber attack that causes secondary damage to the real world is called a Cyber Influence Attack. This paper presents an influence attack scenario in which the exploit of the Android OS acquires the permission of the mobile device for propagating false information. Based on this scenario, we analyze the damage assessment of mobile device exploit that can cause real social damage as well as damage to cyberspace assets through FAIR (Factor Analysis of Information Risk) model.


Exploit Cyber influence attack Damage assessment FAIR (Factor Analysis of Information Risk) 



This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD060048AD).


  1. 1.
    Clark, D.: Characterizing cyberspace: past, present and future. MIT CSAIL, Version 1, 2016–2028 (2010)Google Scholar
  2. 2.
    Daware, S., Dahake, S., Thakare, V.: Mobile forensics: overview of digital forensic, computer forensics vs. mobile forensics and tools. Int. J. Comput. Appl. 7–8 (2012)Google Scholar
  3. 3.
    Deacon, R.E., Firebaugh, F.M.: Family Resource Management: Principles and Applications. Allyn and Bacon, Boston (1981)Google Scholar
  4. 4.
    D’Orazio, C.J., Lu, R., Choo, K.K.R., Vasilakos, A.V.: A markov adversary model to detect vulnerable ios devices and vulnerabilities in IOS apps. Appl. Math. Comput. 293, 523–544 (2017)MathSciNetGoogle Scholar
  5. 5.
    Economist, T.: The economist intelligence unit’s democracy index (2016).
  6. 6.
    Grimaila, M.R., Fortson, L.W.: Towards an information asset-based defensive cyber damage assessment process. In: 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA 2007, pp. 206–212. IEEE (2007)Google Scholar
  7. 7.
    Guido, D.: The exploit intelligence project. PowerPoint presentation, iSEC Partners (2011)Google Scholar
  8. 8.
    Guido, D., Arpaia, M.: The mobile exploit intelligence project. Blackhat EU (2012)Google Scholar
  9. 9.
    Hern, A.: Hacking team hacked: firm sold spying tools to repressive regimes, documents claim (2015).
  10. 10.
    Herr, T.: Prep: A framework for malware & cyber weapons. Browser Download This Paper (2013)Google Scholar
  11. 11.
    Horony, M.D.: Information system incidents: the development of a damage assessment model. Technical report, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (1999)Google Scholar
  12. 12.
    HUFFPOST: 2016 general election: Trump vs. clinton (2016).
  13. 13.
    IDC: Smartphone os market share (2017).
  14. 14.
    Jajodia, S., Liu, P., Swarup, V., Wang, C.: Cyber Situational Awareness. Advances in Information Security, vol. 14. Springer, Boston (2010). Scholar
  15. 15.
    Jim Sciutto, N.G., Browne, R.: Us finds growing evidence Russia feeding emails to wikileaks (2016).
  16. 16.
    Jones, J.: An introduction to factor analysis of information risk (fair). Norwich J. Inf. Assur. 2(1), 67 (2006)MathSciNetGoogle Scholar
  17. 17.
    Joshi, J., Parekh, C.: Android smartphone vulnerabilities: a survey. In: International Conference on Advances in Computing, Communication, & Automation (ICACCA)(Spring), pp. 1–5. IEEE (2016)Google Scholar
  18. 18.
    LaCapria, K.: As wikileaks released several batches of e-mails in october 2016, partisans claimed they confirmed hillary clinton sold weapons to ISIS (2016).
  19. 19.
    NIST: National vulnerability database (2014–2016).
  20. 20.
    Cyberspace Operations: Joint publication 3–12 (r). Joint Chief of Staffs (2013)Google Scholar
  21. 21.
    Ostler, R.: Defensive cyber battle damage assessment through attack methodology modeling. Technical report, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (2011)Google Scholar
  22. 22.
    Pagliery, J.: Wikileaks claims to reveal how CIA hacks TVS and phones all over the world (2017).
  23. 23.
    Philip, R., et al.: Enabling distributed security in cyberspace. Department of Homeland Security (2011)Google Scholar
  24. 24.
  25. 25.
    Saenko, I., Lauta, O., Kotenko, I.: Analytical modeling of mobile banking attacks based on a stochastic network conversion technique (2016)Google Scholar
  26. 26.
    Shezan, F.H., Afroze, S.F., Iqbal, A.: Vulnerability detection in recent android apps: an empirical study. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 55–63. IEEE (2017)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Mookyu Park
    • 1
  • Jaehyeok Han
    • 1
  • Junwoo Seo
    • 1
  • Haengrok Oh
    • 2
  • Kyungho Lee
    • 1
    Email author
  1. 1.School of Information SecurityKorea UniversitySeoulRepublic of Korea
  2. 2.Agency for Defense Development (ADD)SeoulRepublic of Korea

Personalised recommendations