A Mobile Anti-Phishing System Using Linkguard Algorithm

Phishing is a type of cyber-attack where the attacker deploys a combination of social engineering and technological skills to trick users into revealing private information like bank account details, usernames and passwords by creating an imitation of an existing web page. This research developed an Android-based anti-phishing system leveraging on the ubiquity of mobile devices and their increasing applications for business and personal purposes. The system was developed by implementing an end-host based algorithm called the Linkguard algorithm which is effective in detecting and preventing both known and unknown phishing attacks. A total of over 500 links which was a blend of both phishing and non-phishing links were collected from Phishtank and Alexa to validate the proposed system which achieved an accuracy of 96%. It is recommended that concerted efforts should be geared towards continuously sensitizing users to improve their phishing awareness as this cybercrime keeps evolving and users play a very crucial role in mitigating it. Keywords— android, cybercrime, Linkguard algorithm, mobile, phishing

Download Full-text

A Study on Various Phishing Techniques and Recent Phishing Attacks

International Journal of Advanced Research in Science, Communication and Technology ◽

10.48175/ijarsct-2094 ◽

2021 ◽

pp. 142-148

Author(s):

Bhuvana ◽

Arundhathi S Bhat ◽

Thirtha Shetty ◽

Mr. Pradeep Naik

Keyword(s):

Private Information ◽

Textual Analysis ◽

Personal Information ◽

Research Paper ◽

The Internet ◽

Web Page ◽

Phishing Attacks ◽

Email Classification

Now-a-days internet has become a very unsafe space to deal with. Hackers are constantly trying to gain the user's personal information, and detailed credentials. So many websites on the internet, even though safe, this safety cannot be assured by all websites. These rule breakers avoid abiding by rules, and try to employ methods like trickery and hacking to gain illegal access to private information. T o be able to overcome this problem, we need to first understand the intricacies of how the virus is designed. This paper mainly deals with the different phishing techniques and recent phishing attacks that took place during COVID 19. like Link Manipulation, Filter Evasion, Website Forgery, Phone Phishing and Website Forgery. We have also studied a subtle method to perform phishing attacks that makes links appear legitimate, but actually redirect a victim to an attacker's website called Convert Redirect. In this paper , we present some phishing examples like Paypal phishing which involves sending an email that fraudulently claims to be from a well known company and Rapidshare Phishing where in the spoofed web page, phishers attempt to confuse their victims just enough to entice them to enter their login name and password. To perform these types of phishing the Phishers uses so many phishing techniques like Link Manipulation, Filter Evasion, Website Forgery, Phone Phishing and Website Forgery. Phishing techniques include the domain of email messages. Phishing emails have hosted such a phishing website, where a click on the URL or the malware code as executing some actions to perform is socially engineered messages. Lexically analyzing the URLs can enhance the performance and help to differentiate between the original email and the phishing URL. As assessed in this study , in addition to textual analysis of phishing URL, email classification is successful and results in a highly precise anti phishing. From the thorough analysis of the research paper, we have understood how phishing attacks work and the different methods employed to carry out the attack. Also, we have studied some of the most recent phishing attacks and measures taken by the authorities to overcome and prevent any such attacks in future.

Download Full-text

Efficient Detection of Phising Hyperlinks using Machine Learning

International Journal on Cybernetics & Informatics ◽

10.5121/ijci.2021.100204 ◽

2021 ◽

Vol 10 (02) ◽

pp. 23-33

Author(s):

Anshumaan Mishra ◽

Fancy Fancy

Keyword(s):

Machine Learning ◽

Random Forest ◽

Confusion Matrix ◽

Social Engineering ◽

Support Vector ◽

Machine Learning Method ◽

Cyber Attack ◽

Bank Account ◽

Efficient Detection ◽

Gain Access

Phishing is a type of Social Engineering cyber-attack, hackers use it to gain access to confidential credentials like bank account credentials details, details of their personal life like debit card details, social media credentials, etc. Phishing website links seem to seem just like the genuine ones and it's a tedious and troublesome task to differentiate among those websites. In this paper, features are extracted from a separate dataset of phishing and benign website URLs and then using the Machine Learning method we determine the phishing websites. We also rank the features based on the contribution of each feature used in determining the outcome of a URL link using built python libraries. Most of the phishing URLs use a large URL length when used for an attack. Hence, we proposed three machine learning models Random Forest, Support Vector Machine (SVM), Decision trees models for the efficient detection of phishing using fake URLs. The performance of the models is also compared among themselves using a confusion matrix to determine the highest performance. The implemented models have shown an accuracy of 84.81 (for Random Forest and SVM),83.96 (Decision tree)

Download Full-text

Phishfort – Anti-Phishing Framework

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.4.14673 ◽

2018 ◽

Vol 7 (3.4) ◽

pp. 42

Author(s):

Eric Abraham Kalloor ◽

Dr Manoj Kumar Mishra ◽

Prof. Joy Paulose

Keyword(s):

Human Nature ◽

Social Engineering ◽

Sensitive Information ◽

Web Page ◽

Close Attention ◽

Unauthorized Access ◽

Browser Extension ◽

Phishing Attacks ◽

Confidential Data

Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.

Download Full-text

Detecting Colluding Inter-App Communication in Mobile Environment

Applied Sciences ◽

10.3390/app10238351 ◽

2020 ◽

Vol 10 (23) ◽

pp. 8351

Author(s):

Rosangela Casolare ◽

Fabio Martinelli ◽

Francesco Mercaldo ◽

Antonella Santone

Keyword(s):

Model Checking ◽

Mobile Devices ◽

Private Information ◽

End Users ◽

Home Automation ◽

Mobile Environment ◽

Data Support ◽

Bank Transfer ◽

Android Applications

The increase in computing capabilities of mobile devices has, in the last few years, made possible a plethora of complex operations performed from smartphones and tablets end users, for instance, from a bank transfer to the full management of home automation. Clearly, in this context, the detection of malicious applications is a critical and challenging task, especially considering that the user is often totally unaware of the behavior of the applications installed on their device. In this paper, we propose a method to detect inter-app communication i.e., a colluding communication between different applications with data support to silently exfiltrate sensitive and private information. We based the proposed method on model checking, by representing Android applications in terms of automata and by proposing a set of logic properties to reduce the number of comparisons and a set of logic properties automatically generated for detecting colluding applications. We evaluated the proposed method on a set of 1092 Android applications, including different colluding attacks, by obtaining an accuracy of 1, showing the effectiveness of the proposed method.

Download Full-text

CONSIDERATIONS OF CRIMINAL LAW AND FORENSIC SCIENCE REGARDING THE ILLEGAL ACCESS TO A COMPUTER SYSTEM

Agora International Journal of Juridical Sciences ◽

10.15837/aijjs.v11i2.3160 ◽

2018 ◽

Vol 11 (2) ◽

pp. 49-57

Author(s):

Adrian Cristian MOISE

Keyword(s):

Computer System ◽

Criminal Law ◽

Personal Information ◽

Social Engineering ◽

Criminal Code ◽

Criminal Offence ◽

Web Page ◽

Council Of Europe ◽

Visual Identity ◽

The Social

Starting from the provisions of Article 2 of the Council of Europe Convention on Cybercrime and from the provisions of Article 3 of Directive 2013/40/EU on attacks against information systems, the present study analyses how these provisions have been transposed into the text of Article 360 of the Romanian Criminal Code. Illegal access to a computer system is a criminal offence that aims to affect the patrimony of individuals or legal entities.The illegal access to computer systems is accomplished with the help of the social engineering techniques, the best known technique of this kind is the use of phishing threats. Typically, phishing attacks will lead the recipient to a Web page designed to simulate the visual identity of a target organization, and to gather personal information about the user, the victim having knowledge of the attack.

Download Full-text

Modeling Human Behavior to Reduce Navigation Time of Menu Items

Advances in Human and Social Aspects of Technology - Human Behavior, Psychology, and Social Interaction in the Digital Era ◽

10.4018/978-1-4666-8450-8.ch008 ◽

2015 ◽

pp. 162-187 ◽

Cited By ~ 1

Author(s):

Tiantian Xie ◽

Yuxi Zhu ◽

Tao Lin ◽

Rui Chen

Keyword(s):

Genetic Algorithm ◽

Markov Chain ◽

Mobile Devices ◽

Human Behavior ◽

Crucial Role ◽

Prediction Accuracy ◽

Prediction Models ◽

Menu Item ◽

Structure Complexity

With the increase in the number of menu items and the menu structure complexity, users have to spend more time in locating menu items when using menu-based interfaces. Recently, adaptive menu techniques have been explored to reduce the time and menu item prediction plays a crucial role in the techniques. Unfortunately, there still lacks effective prediction models for menu items. This chapter per the authors explores the potential of three prediction models based on Markov chain in predicting top n menu items with human behavior data while interacting with menus - the users' historical menu item selections. The results show that Weighted Markov Chain using Genetic Algorithm can obtain the highest prediction accuracy and significantly decrease navigation time by 22.6% when N equals 4 as compared to the static counterpart. Two application scenarios of these models on mobile devices and desktop also demonstrated the potentials in daily usage to reduce the time spent to search target menu items.

Download Full-text

On tackling social engineering web phishing attacks utilizing software defined networks (SDN) approach

2016 2nd International Conference on Open Source Software Computing (OSSCOM) ◽

10.1109/osscom.2016.7863679 ◽

2016 ◽

Cited By ~ 2

Author(s):

Mohammad Masoud ◽

Yousef Jaradat ◽

Amal Q. Ahmad

Keyword(s):

Social Engineering ◽

Software Defined Networks ◽

Phishing Attacks

Download Full-text

THE PLACE OF SOCIAL ENGINEERING IN THE PROBLEM OF DATA LEAKS AND ORGANIZATIONAL ASPECTS OF CORPORATE ENVIRONMENT PROTECTION AGAINST FISHING E-MAIL ATTACKS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.615 ◽

2021 ◽

Vol 1 (13) ◽

pp. 6-15

Author(s):

Yuriy Yakymenko ◽

Dmytro Rabchun ◽

Mykhailo Zaporozhchenko

Keyword(s):

Social Engineering ◽

Corporate Environment ◽

Phishing Attacks ◽

Internet Users ◽

Significant Damage ◽

Hands On ◽

Periodic Testing ◽

Almost All ◽

E Mail ◽

Security Incidents

As the number and percentage of phishing attacks on company employees and regular users have tended to increase rapidly over the last two years, it is necessary to cover the issue of protection against this type of social engineering attacks. Throughout the pandemic, intruders are finding more and more new ways to cheat, so even experienced Internet users can become a victim to their scams. Due to the fact that e-mail is used in almost all companies, most fishing attacks use e-mail to send malicious messages. The article discusses the main methods used by attackers to conduct phishing attacks using e-mail, signs that the user has become a victim to social engineers, and provides recommendations how to increase the resilience of the corporate environment to such attacks using organizational methods. Because the user is the target of phishing attacks, and the tools built into the browser and email clients in most cases do not provide reliable protection against phishing, it is the user who poses the greatest danger to the company, because he, having become a victim of a fishing attack, can cause significant damage to the company due to his lack of competence and experience. That is why it is necessary to conduct training and periodic testing of personnel to provide resistance to targeted phishing attacks. Company employees should be familiar with the signs of phishing, examples of such attacks, the principles of working with corporate data and their responsibility. The company's management must create and communicate to the staff regulations and instructions that describe storage, processing, dissemination and transfer processes of information to third parties. Employees should also report suspicious emails, messages, calls, or people who have tried to find out valuable information to the company's security service. Raising general awareness through hands-on training will reduce the number of information security incidents caused by phishing attacks.

Download Full-text

INTELLIGENT PHISHING WEBSITE DETECTION AND PREVENTION SYSTEM BY USING LINK GUARD ALGORITHM

International Journal of Communication Networks and Security ◽

10.47893/ijcns.2013.1083 ◽

2013 ◽

pp. 37-44

Author(s):

M. MADHURI ◽

K. YESESWINI ◽

U. VIDYA SAGAR

Keyword(s):

Working Group ◽

Data Archive ◽

Web Page ◽

False Negatives ◽

Network Attack ◽

Time Index ◽

Phishing Attacks ◽

Prevention System ◽

New Type ◽

Windows Xp

Phishing is a new type of network attack where the attacker creates a replica of an existing Web page to fool users (e.g., by using specially designed e-mails or instant messages) into submitting personal, financial, or password data to what they think is their service provides’ Web site. In this project, we proposed a new end-host based anti-phishing algorithm, which we call Link Guard, by utilizing the generic characteristics of the hyperlinks in phishing attacks. These characteristics are derived by analyzing the phishing data archive provided by the Anti-Phishing Working Group (APWG). Because it is based on the generic characteristics of phishing attacks, Link Guard can detect not only known but also unknown phishing attacks. We have implemented LinkGuard in Windows XP. Our experiments verified that LinkGuard is effective to detect and prevent both known and unknown phishing attacks with minimal false negatives. LinkGuard successfully detects 195 out of the 203 phishing attacks. Our experiments also showed that LinkGuard is light weighted and can detect and prevent phishing attacks in real time. Index

Download Full-text

SOD2G: A Study on a Social-Engineering Organizational Defensive Deception Game Framework through Optimization of Spatiotemporal MTD and Decoy Conflict

Electronics ◽

10.3390/electronics10233012 ◽

2021 ◽

Vol 10 (23) ◽

pp. 3012

Author(s):

Sang Seo ◽

Dohoon Kim

Keyword(s):

Decision Making ◽

Real Time ◽

Private Information ◽

Social Engineering ◽

Positive Direction ◽

Organizational Environments ◽

Multi Stage ◽

Player Game ◽

Deception Game ◽

Zero Sum

Existing moving target defense (MTD) and decoy systems are conceptually limited in avoiding and preventing attackers’ social-engineering real-time attacks by organization through either structural mutations or induction and isolation only using static traps. To overcome the practical limitations of existing MTD and decoy and to conduct a multi-stage deception decision-making in a real-time attack-defense competition, the current work presents a social-engineering organizational defensive deception game (SOD2G) as a framework, consi dering hierarchical topologies and fingerprint characteristics by organization. The present work proposed and applied deception concepts and zero-sum-based two-player game models as well as attacker and defender decision-making process based on deceivable organizational environments and vulnerability information. They were designed in consideration of limited organizational resources so that they could converge in the positive direction to secure organizational defender dominant share and optimal values of the defender deception formulated by both scenario and attribute. This framework could handle incomplete private information better than existing models and non-sequentially stratified, and also contributed to the configuration of the optimal defender deception strategy. As the experimental results, they could increase the deception efficiency within an organization by about 40% compared to existing models. Also, in the sensitivity analysis, the proposed MTD and decoy yielded improvements of at least 60% and 30% in deception efficiency, respectively, compared to the existing works.

Download Full-text