Phishing - the threat that still exists

Nirmal, K.; Janet, B.; Kumar, R.

doi:10.1109/iccct2.2015.7292734

Cited by 13 publications

(6 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most phishing detection methods consist of whitelisting and blacklisting and content-based filtering [9]. Shahriar et.…”

Section: Defense Strategymentioning

confidence: 99%

Phishing and Advanced Persistent Threats

Brandao¹,

Mamede²

2022

J Mathe & Comp Appli

View full text Add to dashboard Cite

The paper addresses one of the techniques mor used by Advanced Persistent Threats attacks, phishing. The paper demonstrates the complexity of the technique, explains how attacks can be carried out, and presents defense techniques, and strategies against phishing attacks. The article also presents a summary description of what an Advanced Persistent Threat attack is. This description characterizes this type of attack.

show abstract

“…Most phishing detection methods consist of whitelisting and blacklisting and content-based filtering [9]. Shahriar et.…”

Section: Defense Strategymentioning

confidence: 99%

Phishing and Advanced Persistent Threats

Brandao¹,

Mamede²

2022

J Mathe & Comp Appli

View full text Add to dashboard Cite

show abstract

“…PhishTank describes phishing as a fraudulent attempt to steal personal information, primarily via email. Phishing is also associated with the theft of personal information related to financial systems, such as passwords for online banking or email passwords [55]. In Spear phishing attack the attacker traps the user by sending him an alluring email.…”

Section: ) Attack On Application Softwarementioning

confidence: 99%

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

et al. 2021

View full text Add to dashboard Cite

This paper presents an overview of device identification techniques and the Manufacturer Usage Description (MUD) standard used for the Internet of things to reduce the IoT attack surface. The ongoing diversity and the sheer increase in the number of connected IoT devices have crumpled security efforts. There is a need to reconsider and redesign the underlying concept of developing security systems to resolve IoT security challenges. In this backdrop, device profiling and identification have emerged as an exciting technique that helps to reduce IoT device attack surface. One of the known approaches for device identification is to fingerprint a device. There are many ways to fingerprint the device, mostly using device network flows or device local attributes. The device identification ensures the authenticity of the device attached to the network, like user authentication. Since IoT devices mostly work using machine-to-machine (M2M) communication, this requires identifying each device properly. But there is no unified approach for device identification for the ever-growing world of IoT devices and applications. One of the major steps forward in this direction is the development of the Manufacturer Usage Description (MUD) standard that defines the role of a device within the network. It limits the device to execute the primary task only, which will help to reduce the attack surface. Since the inception of MUD, many security frameworks use this standard for IoT security. However, there is a need to scrutinize the security frameworks based on the MUD, to find out the claimed effectiveness of the standard in IoT security. This paper initially identifies and classifies the potential vulnerabilities in IoT devices. Then, the study provides an overview of the research that focuses on device identification techniques and analyzes their role in IoT security. Finally, the research presents an overview of MUD technology, its implementation scenarios, the limitation of the latest MUD standard, and its applications in the industry. The prime aim of this work is to examine the MUD benefits in IoT security along with the weaknesses and challenges while implementing this standard along with future directions. INDEX TERMSManufacturer usage description (MUD), Internet of Things (IoT), device identification (DI), software defined network (SDN), machine learning (ML), deep learning (DL). NOMAN MAZHAR received the B.E. degree in software engineering and the M.S. degree in information technology from the

show abstract

“…In other cases, although the domain name used was brand-new where the domain name was not in any blacklist, retaining the actual HTML content or attempting to submit a form post to the actual target from the fake page resulted in having the website flagged as phishing. 17 Case 1. Content of a genuine web page was duplicated and was hosted on a phishing domain.…”

Section: Analysis Of a State-of-the-art Antiphish Systemmentioning

confidence: 99%

Enhancing online security using selective DOM approach to counter phishing attacks

Nirmal

Janet

Kumar

2019

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Today's computer era has paved the way for innovations like self-driving cars, quantum computing, and other ingenious advancements. As technology advances at a rapid pace, some issues yet remain unresolved. One of the issues is phishing, which dates back to the 1980s. Phishing is an art used by cybercriminals from the 1980s until to date targeting online users to harvest financial, confidential, and other sensitive information. The art and the methodologies used by cybercriminals have not evolved much from the AOL (American online) heydays. However, the counter mechanisms to defeat phishing have undergone considerable changes over the past two decades. Although sophisticated antiphishing systems are in place, statistics shows that phishing is a major threat. Our practical research proves that one of the state-of-the-art antiphishing systems can be bypassed using simple techniques. The research further demonstrates why today's antiphishing mechanisms fail and the need for a novel mechanism that will identify the authenticity of the website. In this manuscript, an antiphishing algorithm, PhishSec (PH-Sec), is introduced. PhishSec will not consider the URL of the website as the primary factor to determine the authenticity, rather take a reverse approach where the URL of the website is derived by analyzing the content of the visited website to establish its authenticity. To accomplish this, the HTML DOM (document object model) of a given web page on load is considered. This manuscript quotes the research results of the analysis of a state-of-the-art antiphishing system along with the introduced algorithm to counter-attack phishing. The introduced system detects phishing attacks with 99.21% of accuracy.

show abstract

Phishing - the threat that still exists

Cited by 13 publications

References 15 publications

Phishing and Advanced Persistent Threats

Phishing and Advanced Persistent Threats

Role of Device Identification and Manufacturer Usage Description in IoT Security: A Survey

Enhancing online security using selective DOM approach to counter phishing attacks

Contact Info

Product

Resources

About