Suscetibilidade através da forja de fidedignidade: uma abordagem sobre ataques de phishing
Abstract
In the fight against phishing attacks and related incidents, numerous solutions have been proposed in order to minimize them. However, these attacks continue to grow today, making it necessary to reflect on the accuracy of these solutions. This article explores phishing that is based on a set of characteristics that aim to take advantage of the susceptibility of the end user. As a result, in addition to quantitative data, the study also performed a qualitative analysis of behavior, identifying aspects such as relevance, relationships, and similarities among the characteristics. It is expected that the results obtained will provoke reflection regarding new approaches or greater robustness in existing ones.
References
AlEroud, A. and Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security.
Almomani, A. (2018). Fast-flux hunter: A system for filtering online fast-flux botnet. Neural Comput. Appl., 29(7):483–493.
Amiri, I. S., Akanbi, O. A., and Fazeldehkordi, E. (2014). A Machine-Learning Approach to Phishing Detection and Defense. Syngress Publishing.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Dispon´ivel em: https://tools.ietf.org/html/rfc3492.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Goel, D. and Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security.
Google (2019). Google safe browsing. Available at: https://safebrowsing.google.com/.
Gupta, S., Singhal, A., and Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 537–540.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys and Tutorials, 15(4):2091–2121.
Leng Chiew, K., Yong, K., and Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106.
Molleri, J. S., Petersen, K., and Mendes, E. (2016). Survey guidelines in software engineering: An annotated review. In 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement.
OpenDNS (2019). Phishtank. Available at: https://www.phishtank.com/.
Parsons, K., Butavicius, M., Delfabbro, P., and Lillie, M. (2019). Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies, 128.
Qabajeh, I., Thabtah, F., and Chiclana, F. (2018). A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Computer Science Review, 29:44–55.
Sharma, H., Meenakshi, E., and Bhatia, S. K. (2017). A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), pages 1437–1442.
Singh, R. and Mangat, N. S. (1996). Stratified Sampling, pages 102–144. Springer Netherlands, Dordrecht.
Sonowal, G. and Kuppusamy, K. S. (2017). Phidma - a phishing detection model with multi-filter approach. Journal of King Saud University - Computer and Information Sciences.
Srinivasa, R., Alwyn, R., and Pais, R. (2019). Jail-phish: An improved search engine based phishing detection system. Computers & Security.
Stout, B. and McDowell, K. (2012). United states patent. Technical report, Citizenhawk, Inc., Aliso Viejo, CA (US).
Vayansky, I. and Kumar, S. (2018). Phishing – challenges and solutions. Computer Fraud & Security, 2018:15–20.
Windows (2019). Windows smartscreen. Available at: https://bit.ly/2ER8yow.
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2000). Experimentation in Software Engineering: An Introduction. Kluwer Academic Publishers, Norwell, MA, USA.
Almomani, A. (2018). Fast-flux hunter: A system for filtering online fast-flux botnet. Neural Comput. Appl., 29(7):483–493.
Amiri, I. S., Akanbi, O. A., and Fazeldehkordi, E. (2014). A Machine-Learning Approach to Phishing Detection and Defense. Syngress Publishing.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Dispon´ivel em: https://tools.ietf.org/html/rfc3492.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Goel, D. and Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security.
Google (2019). Google safe browsing. Available at: https://safebrowsing.google.com/.
Gupta, S., Singhal, A., and Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 537–540.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys and Tutorials, 15(4):2091–2121.
Leng Chiew, K., Yong, K., and Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106.
Molleri, J. S., Petersen, K., and Mendes, E. (2016). Survey guidelines in software engineering: An annotated review. In 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement.
OpenDNS (2019). Phishtank. Available at: https://www.phishtank.com/.
Parsons, K., Butavicius, M., Delfabbro, P., and Lillie, M. (2019). Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies, 128.
Qabajeh, I., Thabtah, F., and Chiclana, F. (2018). A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Computer Science Review, 29:44–55.
Sharma, H., Meenakshi, E., and Bhatia, S. K. (2017). A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), pages 1437–1442.
Singh, R. and Mangat, N. S. (1996). Stratified Sampling, pages 102–144. Springer Netherlands, Dordrecht.
Sonowal, G. and Kuppusamy, K. S. (2017). Phidma - a phishing detection model with multi-filter approach. Journal of King Saud University - Computer and Information Sciences.
Srinivasa, R., Alwyn, R., and Pais, R. (2019). Jail-phish: An improved search engine based phishing detection system. Computers & Security.
Stout, B. and McDowell, K. (2012). United states patent. Technical report, Citizenhawk, Inc., Aliso Viejo, CA (US).
Vayansky, I. and Kumar, S. (2018). Phishing – challenges and solutions. Computer Fraud & Security, 2018:15–20.
Windows (2019). Windows smartscreen. Available at: https://bit.ly/2ER8yow.
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2000). Experimentation in Software Engineering: An Introduction. Kluwer Academic Publishers, Norwell, MA, USA.
Published
2019-09-02
How to Cite
DA SILVA, Carlo; TEIXEIRA, Lucas; DE BARROS, Júlio; FEITOSA, Eduardo; GARCIA, Vinícius.
Suscetibilidade através da forja de fidedignidade: uma abordagem sobre ataques de phishing. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 43-56.
DOI: https://doi.org/10.5753/sbseg.2019.13961.
