Suscetibilidade através da forja de fidedignidade: uma abordagem sobre ataques de phishing
Resumo
No combate aos incidentes de segurança relacionados a ataques de phishing, inúmeras são as soluções propostas no intuito de minimizar a incidência desses ataques. Contudo, esses continuam crescendo nos dias de hoje, fazendo refletir sobre a precisão dessas soluções. Este artigo enfoca a exploração de phishing baseada em conjunto de características que visam abusar da suscetibilidade do usuário final. Como resultado, além dos dados quantitativos, o estudo também realizou uma análise qualitativa dos comportamentos, conseguindo identificar aspectos como relevância, relações e similaridades entre as características. Diante disso, é esperado que os resultados obtidos tragam uma reflexão sobre as novas abordagens ou maior robustez nas existentes.Referências
AlEroud, A. and Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security.
Almomani, A. (2018). Fast-flux hunter: A system for filtering online fast-flux botnet. Neural Comput. Appl., 29(7):483–493.
Amiri, I. S., Akanbi, O. A., and Fazeldehkordi, E. (2014). A Machine-Learning Approach to Phishing Detection and Defense. Syngress Publishing.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Dispon´ivel em: https://tools.ietf.org/html/rfc3492.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Goel, D. and Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security.
Google (2019). Google safe browsing. Available at: https://safebrowsing.google.com/.
Gupta, S., Singhal, A., and Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 537–540.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys and Tutorials, 15(4):2091–2121.
Leng Chiew, K., Yong, K., and Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106.
Molleri, J. S., Petersen, K., and Mendes, E. (2016). Survey guidelines in software engineering: An annotated review. In 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement.
OpenDNS (2019). Phishtank. Available at: https://www.phishtank.com/.
Parsons, K., Butavicius, M., Delfabbro, P., and Lillie, M. (2019). Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies, 128.
Qabajeh, I., Thabtah, F., and Chiclana, F. (2018). A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Computer Science Review, 29:44–55.
Sharma, H., Meenakshi, E., and Bhatia, S. K. (2017). A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), pages 1437–1442.
Singh, R. and Mangat, N. S. (1996). Stratified Sampling, pages 102–144. Springer Netherlands, Dordrecht.
Sonowal, G. and Kuppusamy, K. S. (2017). Phidma - a phishing detection model with multi-filter approach. Journal of King Saud University - Computer and Information Sciences.
Srinivasa, R., Alwyn, R., and Pais, R. (2019). Jail-phish: An improved search engine based phishing detection system. Computers & Security.
Stout, B. and McDowell, K. (2012). United states patent. Technical report, Citizenhawk, Inc., Aliso Viejo, CA (US).
Vayansky, I. and Kumar, S. (2018). Phishing – challenges and solutions. Computer Fraud & Security, 2018:15–20.
Windows (2019). Windows smartscreen. Available at: https://bit.ly/2ER8yow.
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2000). Experimentation in Software Engineering: An Introduction. Kluwer Academic Publishers, Norwell, MA, USA.
Almomani, A. (2018). Fast-flux hunter: A system for filtering online fast-flux botnet. Neural Comput. Appl., 29(7):483–493.
Amiri, I. S., Akanbi, O. A., and Fazeldehkordi, E. (2014). A Machine-Learning Approach to Phishing Detection and Defense. Syngress Publishing.
Costello, A. M. (2003). Punycode: A bootstring encoding of unicode for internationalized domain names in applications (idna). Dispon´ivel em: https://tools.ietf.org/html/rfc3492.
Elwell, R. and Polikar, R. (2011). Incremental learning of concept drift in nonstationary environments. IEEE Transactions on Neural Networks.
Goel, D. and Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security.
Google (2019). Google safe browsing. Available at: https://safebrowsing.google.com/.
Gupta, S., Singhal, A., and Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 537–540.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys and Tutorials, 15(4):2091–2121.
Leng Chiew, K., Yong, K., and Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106.
Molleri, J. S., Petersen, K., and Mendes, E. (2016). Survey guidelines in software engineering: An annotated review. In 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement.
OpenDNS (2019). Phishtank. Available at: https://www.phishtank.com/.
Parsons, K., Butavicius, M., Delfabbro, P., and Lillie, M. (2019). Predicting susceptibility to social influence in phishing emails. International Journal of Human-Computer Studies, 128.
Qabajeh, I., Thabtah, F., and Chiclana, F. (2018). A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Computer Science Review, 29:44–55.
Sharma, H., Meenakshi, E., and Bhatia, S. K. (2017). A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT), pages 1437–1442.
Singh, R. and Mangat, N. S. (1996). Stratified Sampling, pages 102–144. Springer Netherlands, Dordrecht.
Sonowal, G. and Kuppusamy, K. S. (2017). Phidma - a phishing detection model with multi-filter approach. Journal of King Saud University - Computer and Information Sciences.
Srinivasa, R., Alwyn, R., and Pais, R. (2019). Jail-phish: An improved search engine based phishing detection system. Computers & Security.
Stout, B. and McDowell, K. (2012). United states patent. Technical report, Citizenhawk, Inc., Aliso Viejo, CA (US).
Vayansky, I. and Kumar, S. (2018). Phishing – challenges and solutions. Computer Fraud & Security, 2018:15–20.
Windows (2019). Windows smartscreen. Available at: https://bit.ly/2ER8yow.
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2000). Experimentation in Software Engineering: An Introduction. Kluwer Academic Publishers, Norwell, MA, USA.
Publicado
02/09/2019
Como Citar
DA SILVA, Carlo; TEIXEIRA, Lucas; DE BARROS, Júlio; FEITOSA, Eduardo; GARCIA, Vinícius.
Suscetibilidade através da forja de fidedignidade: uma abordagem sobre ataques de phishing. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 43-56.
DOI: https://doi.org/10.5753/sbseg.2019.13961.
