DeltaPhish: Detecting Phishing Webpages in Compromised Websites

The large-scale deployment of modern phishing attacks relies on the automatic exploitation of vulnerable websites in the wild, to maximize profit while hindering attack traceability, detection and blacklisting. To the best of our knowledge, this is the first work that specifically leverages this adversarial behavior for detection purposes. We show that phishing webpages can be accurately detected by highlighting HTML code and visual differences with respect to other (legitimate) pages hosted within a compromised website. Our system, named DeltaPhish, can be installed as part of a web application firewall, to detect the presence of anomalous content on a website after compromise, and eventually prevent access to it. DeltaPhish is also robust against adversarial attempts in which the HTML code of the phishing page is carefully manipulated to evade detection. We empirically evaluate it on more than 5,500 webpages collected in the wild from compromised websites, showing that it is capable of detecting more than 99% of phishing webpages, while only misclassifying less than 1% of legitimate pages. We further show that the detection rate remains higher than 70% even under very sophisticated attacks carefully designed to evade our system.Comment: Preprint version of the work accepted at ESORICS 201

Stress factors and stress management interventions: the heuristic of “bottom up” an update from a systematic review

Organizations have increasingly sought to adopt innovative interventions to prevent stress-related issues. In the field of manufacturing, however, the effectiveness of these interventions remains unclear because a systematic and specific review of existing primary evidence has not been undertaken. The present systematic literature review sought to address the foregoing limitation in the literature by summarizing the main source of stress and effectiveness of stress management interventions as grounded in the context of manufacturing. Our review was limited to only randomized clinical trials (RCTs) and quasi-experimental studies and concerned employees from the manufacturing sector. Twenty-two studies on primary, secondary and tertiary interventions across four continents (Asia, Europe, USA and South America) were selected and analyzed in terms of stress factors, methodological properties and outcomes. Most of these were RCT studies (68% Vs 32%) with a majority of secondary interventions (N = 11, 50%), followed by primary (N = 5, 22%), tertiary (N = 3, 13%), and two (9%) mixed interventions. The main outcomes included an improvement of psychological wellbeing, decreased stress reactivity and an increment of general health. There was a predominance of interventions utilizing skills programs and/or cognitive-behavioral techniques. The main source of stress reported related to professional identity, organizational deficiencies, interpersonal conflicts, physical complaints and poor work environment. Taken together, the findings provide important theoretical and practical implications for advancing the study of stress factors and the use of stress management interventions in the workplace. The prerequisite for a successful intervention is to address the real problems experienced by professionals and help them to cope with their difficult situations. The strategy of “bottom-up” offers a potential means of enhancing employees’ health and well-being; however, the most effective means of implementing these interventions needs to be understood better

Task-Technology Fit and Continuance of Use of Web- based Programming Tool: A Pilot Study

Web-based coding tools are widely accepted in computer science education. The use of these tools allows us to improve learning, but the requirement is to understand the factors that affect their acceptance. Carefully selecting technology that best suits the needs of the task will allow the optimal use of these tools in education. The purpose of this study is to develop a model that incorporates constructs of the Task-technology fit (TTF) model and the Expectation-confirmation model of IT continuance (ECM) to better understand the impact of the tool’s suitability on the user’s behavioral intention. The analysis was performed using the partial least squares approach to structural equation modeling. The results show a significant impact of task-technology fit factor on student satisfaction and their continuance intention. Consequently, this demonstrates that the proposed model is appropriate for understanding the acceptance of web-based programming tools in an educational context