One Size Does Not Fit All

Botacin, Marcus; Aghakhani, Hojjat; Ortolani, Stefano; Kruegel, Christopher; Vigna, Giovanni; Oliveira, Daniela; Geus, Paulo Lício de; Grégio, André

doi:10.1145/3429741

Cited by 11 publications

(3 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attackers can use malicious software to gain unauthorized access to systems. Malware can be utilized to hijack sessions, steal passwords, and even set keyloggers on victims' machines [93], [96], [97], [105] [106].…”

Section: B Threat-facing Online Bankingmentioning

confidence: 99%

Online Banking User Authentication Methods: A Systematic Literature Review

Karim,

Khashan,

Kanaker

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Online banking has become increasingly popular in recent years, making it a target for cyberattacks. Banks have implemented various user authentication methods to protect their customers' online accounts. This paper reviews the state-of-the-art user authentication methods used in online banking and potential cyber threats. This paper starts by exploring different user authentication methods, such as knowledge-based authentication (KBA), biometrics-based authentication (BBA), possession-based authentication (PBA), and other methods. The advantages and disadvantages of each user authentication method are then discussed. Furthermore, the paper discusses the various cyber threats that can compromise user authentication for online banking systems, such as malware attacks, social engineering, phishing attacks, man-in-the-middle (MiTM) attacks, denial of service (DoS) attacks, session hijacking, weak passwords, keyloggers, SQL injection, and replay attacks. Also, the paper explores the user authentication methods used by popular banks, which can provide insights into best practices for safeguarding online banking accounts and future user authentication methods in online banking and cyber threats. It states that the increasing use of BBA, two-factor authentication (2FA), and multi-factor authentication (MFA) will help improve the security of online banking systems. However, the paper also warns that new cyber challenges will emerge, and banks need to be vigilant in protecting their customers' online banking accounts.

show abstract

Section: B Threat-facing Online Bankingmentioning

confidence: 99%

Online Banking User Authentication Methods: A Systematic Literature Review

Karim,

Khashan,

Kanaker

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Some underground market-related properties are also retrieved by previous work, for instance, price [91], key actors [78], [93], [94], [123] and product types [51], [57]. Other works studied malware-related intelligence such as malware download channel [92], geolocation of malware campaigns [39], malware sample feed [106] and the value chain of Ransomware-as-a-Service economy [79].…”

Section: Related Workmentioning

confidence: 99%

Understanding and Analyzing Appraisal Systems in the Underground Marketplaces

Li,

Liao

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

An appraisal system is a feedback mechanism that has gained popularity in underground marketplaces. This system allows appraisers, who receive free samples from vendors, to provide assessments (i.e., appraisal reviews) for products in underground marketplaces. In this paper, we present the first measurement study on the appraisal system within underground marketplaces. Specifically, from 17M communication traces from eight marketplaces spanning from Feb 2006 to Mar 2023, we discover 56,229 appraisal reviews posted by 18,701 unique appraisers. We look into the appraisal review ecosystem, revealing five commonly used requirements and merits in the appraiser selection process. These findings indicate that the appraisal system is a well-established and structured process within the underground marketplace ecosystem. Furthermore, we reveal the presence of high-quality and unique cyber threat intelligence (CTI) in appraisal reviews. For example, we identify the geolocations of followers for a social booster and programming languages used for malware. Leveraging our extraction model, which integrates 41 distinct types of CTI, we capture 23,978 artifacts associated with 16,668 (50.2%) appraisal reviews. In contrast, artifacts are found in only 8.9% of listings and 2.7% of non-appraisal reviews. Our study provides valuable insights into this under-explored source of CTI, complementing existing research on threat intelligence gathering.

show abstract

“…It points to a specific URL or code to be executed and downloads other malware. It also attempts to gain privilege over the device [15], [286]- [288].…”

Section: Backdoormentioning

confidence: 99%

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

View full text Add to dashboard Cite

Billions of people globally use Android devices a . As such, these devices are highly targeted by security attackers. One of the most threatening attacks is to infect devices with malicious software (malware). Fortunately, there are various ways to counteract these attacks and prevent them. One of these methods is developing a comprehensive malware dataset that researchers can utilize for malware analysis, detection, prediction, and prevention systems. This paper introduces a unique, up-to-date, labeled Android malware dataset (Maloid-DS) comprising a comprehensive set of malware families that reached 345 families with 47,971 malware samples. First, we intensely studied existing datasets utilized by previous research works. These datasets are limited in (a) the number of studied families, (b) the number of samples under each family, (c) the number of new malware samples, (d) the proper categorization of the malware families, (e) the accurate mapping of the sample with its corresponding malware family, (f) providing well structuring of the malware families and subfamilies, and (g) presenting a profound description of each family behavior. All these limitations were seriously tackled by introducing Maloid-DS. The process of creating Maloid is detailed in this paper. Moreover, several case studies are demonstrated in this paper to show the value of Maloid and how different types of analysis systems and AI-based detection and prediction solutions could utilize it. While the full potential of Maloid-DS in real-world scenarios is subject to ongoing research and practical application, it represents a substantial contribution to the cybersecurity community, offering a broad and detailed foundation for protecting Android devices against malware threats.

show abstract

One Size Does Not Fit All

Cited by 11 publications

References 26 publications

Online Banking User Authentication Methods: A Systematic Literature Review

Online Banking User Authentication Methods: A Systematic Literature Review

Understanding and Analyzing Appraisal Systems in the Underground Marketplaces

Maloid-DS: Labeled Dataset for Android Malware Forensics

Contact Info

Product

Resources

About