71 research outputs found

    Client Side Script Phishing Attacks Detection Method using Active Content Popularity Monitoring

    Get PDF
    The phisher can attack the client side script by means of threatening information which affects the majority of online users in sequence. The malicious users steal a variety of sensitive information from financial organizations in order to run nameless client side script in the phishing attack. In most of the time, the consumer will ignore association script and popup windows which in turn run a set of malicious processes and send the sensitive information to the remote sites. To secure consumers by limiting the client side script, an effective Client Side Script Phishing Attack Detection (CSSPAD) method is proposed to detect the client side script phishing attacks. The proposed methodis based on Active Content Popularity Monitoring (ACPM) and client script classification methods. This method categorizes the client side script according to a mixture of factors like the quantity of information being transferred by the script, the parent information of the script is being accessed. The proposed method computes the active time of the script, amount of data transferred and popularity of the webpage

    Detecting Phishing Websites Using Associative Classification

    Get PDF
    Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learning

    Detecting Phishing Websites Using Associative Classification

    Get PDF
    Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learnin

    Anti-Phishing Models: Main Challenges

    Get PDF
    Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user\u27s account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points to a conclusion that technology alone will not completely stop phishing. What is necessary is a multi-tiered, organised approach: user awareness, technical and non-technical solutions should work together

    Guidelines for Developers and Recommendations for Users to Mitigate Phishing Attacks:An Interdisciplinary Research Approach

    Get PDF
    Phishing attacks are common these days. If successful, these attacks cause psychological, emotional, and financial damage to the victims. Such damages may have a long-term impact. The overall objective of this Ph.D. research is to contribute to mitigating phishing victimization risks by exploring phishing prevalence, user-related risk factors, and vulnerable target groups and by designing (1) guidelines for social website developers focused on internet user vulnerabilities and (2) recommendations for users to avoid such attacks. The Ph.D. research acknowledges that phishing attacks are technical in nature, while the impact is financial and psychological. Therefore, an interdisciplinary research approach focusing on empirical research methods from social sciences (i.e., focus groups and surveys) and computer science (i.e., data-driven techniques such as machine learning) is adopted for the research. In particular, we aim to use a machine learning model for data analytics and quantitative and qualitative research design for psychological analysis. The research outcome of this Ph.D. work is expected to provide recommendations for internet users and organizations developing social-media-based software systems through more phishing aware development practices.</p

    Anti-Phishing Models: Main Challenges

    Get PDF
    Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user\u27s account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points to a conclusion that technology alone will not completely stop phishing. What is necessary is a multi-tiered, organised approach: user awareness, technical and non-technical solutions should work together

    Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

    Get PDF
    Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed
    • …
    corecore