1,226 research outputs found
Phish Finders: Improving Cybersecurity Training Tools Using Citizen Science
Malicious web content includes phishing emails, social media posts, and websites that imitate legitimate sites. Phishing attacks are rising, and human-centered phishing risk mitigation is often an afterthought eclipsed by technical system-centric efforts like firewalls. Training tools can be deployed for combating phishing but often lack sufficient labeled training content. Using signal detection theory, this paper assesses the feasibility of using citizen science and crowdsourcing volunteers to label images for use in cybersecurity training tools. Crowd volunteer performance was compared to gold standard content and prior studies of Fortune 500 company employees. Findings show no significant statistical differences between crowd volunteers and corporate employees\u27 performance on gold standard content in identifying phishing. Based on these findings, citizen scientists can be valuable for generating annotated images for cybersecurity training tools
Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety
According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information.
A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C.
These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution
Cybersecurity in the Classroom: Bridging the Gap Between Computer Access and Online Safety
According to ISACA, there will be a global shortage of 2 million cybersecurity professionals worldwide by 2019. Additionally, according to Experian Data Breach Resolution, as much as 80% of all network breaches can be traced to employee negligence. These problems will not solve themselves, and they likewise won’t improve without drastic action. An effort needs to be made to help direct interested and qualified individuals to the field of cybersecurity to move toward closing this gap. Moreover, steps need to be made to better inform the public of general safety measures while online, including the safeguarding of sensitive information.
A large issue with solving the problems at hand is that there seems to be no comprehensive curriculum for cybersecurity education to teach these basic principles. In my paper, I review and compare several after- and in-school programs that attempt to address this problem. I’ve also interviewed teachers from Montgomery County Public Schools, a relatively ethnically diverse school district outside of Washington, D.C.
These issues need to be addressed, and while private organizations and local schools are attempting to tackle the problem, wider action may need to be taken at a national level to come to a resolution
Detecting Phishing Websites Using Associative Classification
Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learning
Detecting Phishing Websites Using Associative Classification
Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learnin
Users really do respond to smishing
Text phish messages, referred to as Smishing is a type of social engineering
attack where fake text messages are created, and used to lure users into
responding to those messages. These messages aim to obtain user credentials,
install malware on the phones, or launch smishing attacks. They ask users to
reply to their message, click on a URL that redirects them to a phishing
website, or call the provided number. Thousands of mobile users are affected by
smishing attacks daily. Drawing inspiration by the works of Tu et al. (USENIX
Security, 2019) on Robocalls and Tischer et al. (IEEE Symposium on Security and
Privacy, 2016) on USB drives, this paper investigates why smishing works.
Accordingly, we designed smishing experiments and sent phishing SMSes to 265
users to measure the efficacy of smishing attacks. We sent eight fake text
messages to participants and recorded their CLICK, REPLY, and CALL responses
along with their feedback in a post-test survey. Our results reveal that 16.92%
of our participants had potentially fallen for our smishing attack. To test
repeat phishing, we subjected a set of randomly selected participants to a
second round of smishing attacks with a different message than the one they
received in the first round. As a result, we observed that 12.82% potentially
fell for the attack again. Using logistic regression, we observed that a
combination of user REPLY and CLICK actions increased the odds that a user
would respond to our smishing message when compared to CLICK. Additionally, we
found a similar statistically significant increase when comparing Facebook and
Walmart entity scenario to our IRS baseline.Comment: CODASPY'2
Email Babel: Does Language Affect Criminal Activity in Compromised Webmail Accounts?
We set out to understand the effects of differing language on the ability of
cybercriminals to navigate webmail accounts and locate sensitive information in
them. To this end, we configured thirty Gmail honeypot accounts with English,
Romanian, and Greek language settings. We populated the accounts with email
messages in those languages by subscribing them to selected online newsletters.
We hid email messages about fake bank accounts in fifteen of the accounts to
mimic real-world webmail users that sometimes store sensitive information in
their accounts. We then leaked credentials to the honey accounts via paste
sites on the Surface Web and the Dark Web, and collected data for fifteen days.
Our statistical analyses on the data show that cybercriminals are more likely
to discover sensitive information (bank account information) in the Greek
accounts than the remaining accounts, contrary to the expectation that Greek
ought to constitute a barrier to the understanding of non-Greek visitors to the
Greek accounts. We also extracted the important words among the emails that
cybercriminals accessed (as an approximation of the keywords that they searched
for within the honey accounts), and found that financial terms featured among
the top words. In summary, we show that language plays a significant role in
the ability of cybercriminals to access sensitive information hidden in
compromised webmail accounts
On the evolution of hyperlinking
Across time, the hyperlink object has supported different applications and studies. This is one perspective on the evolution of the hyperlinking concept, its context and related behaviors. Through a spectrum of hyperlinking applications and practices, the article contrasts the status quo with its related, broader, conceptual roots; it also bridges to some theorized and prototyped hyperlink variations, namely "stigmergic hyperlinks", to make the case that the ubiquitousness of some objects and certain usage patterns can obfuscate opportunities to (re)think them. In trying to contribute an answer to "what has the common hyperlink (such an apparently simple object) done to society, and what has society done to it?", the article identifies situations that have become so embedded in the daily routine, that it is now hard to think of hyperlinking alternatives.info:eu-repo/semantics/publishedVersio
Working from home in the age of COVID-19 and beyond: The Risks, and Benefits to Corporate Information Technology Infrastructure
In 2020 the COVID-19 viral pandemic circled the globe and impacted the population of the world. Workers who typically commuted to an office were forced to work from home. Faced with concerns such as where they would physically do their work, to who would watch their children during the workday (as schools shut down) societal challenges we have never seen before became a new reality. In a matter of months, infrastructure needs shifted as millions of people no longer commuted to work. Information technology infrastructure, as well as power, internet, and roadway infrastructures all needed to adjust to changes in demand. With many of these changes looking to become permanent, the global information technology security landscape is scrambling to keep up. This paper will discuss the impacts of COVID-19 on many aspects of life, and the impacts they have on information technology security
- …