Phishing is a common attack used to obtain sensitive information using visually similar websites to that of legitimate websites. With the growing technology, phishing attacks are on the rise. Machine ...Learning is a very popular approach to detect phishing websites. This paper explains the existing machine learning methods that are used to detect phishing websites. The paper explains the improved Random Forest classification method, SVM classification algorithm and Neural Network with backpropagation classification methods which have been implemented with accuracies of 97.369%, 97.451% and 97.259% respectively.
Identity management (IdM) plays a significant role in managing user identities (IDs). However, IdM is challenging to handle the rapidly rising numerous kinds of Web-based applications nowadays. The ...OpenID 2.0 communication protocol is an improved solution for managing a user's IDs based on the OpenID URL identity. OpenID URL identity is not very much secure in specific Web-based attacks; for instance, session hijacking and phishing attacks often occur. The earlier OpenID-based methods secure OpenID URL identity with single, double, and triple authentication schemes. But Identity Provider (IdP) side is still not secure in Web attacks: if an attacker steals the IdP-side legal user information, then existing OpenID-based security techniques are unreliable. The anticipated OpenID Reverse Authentication Authorizing and Accounting (RAAA) user authentication-based protocol secured OpenID URL identity by providing two beneficial fields Secret Alphanumeric String (SAS) and Special Innovative PIN (SIP) that utilize in testing website both sides in reverse and cost-effective way. In this experiment, IdP and Relying Party (RP), both sides are being used secretly. Therefore, experimental websites also test to check the proposed triple authentication protocol. In this paper, we have compared our RAAA user authentication protocol with already available SSO protocol methods. The tested websites and comparative results represent that the anticipated design protocol is very much secure and reliable solution. The advanced cryptographic Single-Sign-On (SSO) secure protocol reduces the higher-level session hijacking and phishing attacks risk in an OpenID-based environment. We suggest future SSO protocol methods will be needed more in terms of the authorized user's identity authentication in Web-based applications.
Analysis of Cyberattacks and its Detection Mechanisms Sudar, K.Muthamil; Deepalakshmi, P.; Nagaraj, P. ...
2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN),
2020-Nov.-26
Conference Proceeding
With the help of Internet, there are tremendous innovations and developments in technologies. Most of the business organizations are forced to use the flexible and modern network technologies for ...business processing. This opens the door for cyber criminals to initiate cyberattacks to disrupt the business process. There are lot of reasons behind these cyberattacks like stealing login credentials, financial information and confidential information, disrupting the services available to legitimate users and to gain unauthorized access. To defend against cyberattacks, several mechanisms were proposed by researchers. In this paper, we analyzed about different types of cyberattacks and detection mechanisms to defend against those attacks. We also analyzed about different datasets and evaluation metrics used to evaluate the performance of every detection mechanism.
In this scientific paper, a test is made on how reliable and secure databases are. The simulation shows how easily hackers can access a database and use its contents maliciously. It is performed on a ...virtual machine Kali Linux using software program - TheHarvester. People's personal email addresses have been used and shown for educational purposes only. The aim is to analyse the accessibility of data collections.
A cybercrime is what that best describes a Phishing Attack through which even a normal citizen of a country copies a true person/institution by encouraging them as an official person via e-mail or ...other means of communication. A person who is prone to do malicious things is known as an attacker who sends malicious Links or Payloads which may evolve into cyber attack via phishing e-mails that can execute multiple tasks, including capturing the victim's login credentials or account data.. Due to cash loss and identity theft, these e-mails damage victims in numerous ways as in economically, mentally and much more. In this study, we have done phishing attacks which is a malicious act, usually made through email, to steal personal and private data of the Users without their knowledge. We have performed this using LinkedIn and Facebook Login Pages so that the attack could appear to the victim as a real scenario. Somehow, the attacker manipulates the users such a way that the user visits a faked web site which is send by the attackers through faked e-mails or instant messages, and without a sound gives his personal information such as user name, password, i.e. Confidential data and other private data which is of utmost importance to the victim to the user unknowingly. The method to perform this Attack is described in this study. Several techniques are mentioned for the purpose of accomplishing phishing attack and eventually providing prevention method to avoid phishing attack. We have also covered the ways in which Machine Learning Algorithms could somehow detect the Phishing Links & could play a essential method in detecting and preventing from serious loss of data i.e. Loss of Credentials. We will also learn ways in which we can classify b/w Malicious Links and other normal Links.
This paper evaluates the background research to identify the possibility of using a new vector of social engineering attack using a psychological concept which thus far had been only used in ...marketing and promotional campaigns. Subliminal and supraliminal messages have been studied by academia with respect to its ability to influence individual behavior. Social engineering attacks are defined as the art of manipulating people into performing actions or divulging confidential information. Most of modern social engineering attacks depend on phishing and spear phishing attacks. This paper explores the possibility of identifying a correlations between the above mentioned psychological concepts and phishing/spear phishing attacks in the domain of cyber security.
Phishing attacks are one of the most widespread problems over the internet. A lot of internet users fall into the hands of attackers every day which accounts into millions of dollars of fraud around ...the globe every day. The availability of the internet among people who don't have the knowledge of cyber-attacks adds more to this problem. Thus, there is a need to employ intelligent algorithms to solve these serious problems. In this paper, we present different ways in which phishing URLs can be detected using machine learning algorithms. The URL based features as well as network-based features were used to feed to the machine learning classifiers. Similarly, other features that might add relevance to our problem are also discussed. The unbalanced dataset is made balanced using various oversampling and undersampling techniques and the performance for the various machine learning algorithms is evaluated for the dataset. The evaluation shows that the machine learning algorithms can show promising results in terms of precision, recall, f- score, and ROC AUC.
Cyber-crime is spreading throughout the world, exploiting any type of vulnerability in the cloud computing platform. Ethical hackers are primarily concerned in identifying flaws and recommending ...mitigation measures. In the cyber security world, there is a pressing need for the development of effective techniques. The majority of IDS techniques used today are incapable of dealing with the dynamic and complex nature of cyber-attacks on computer networks. In cyber security, machine learning approaches have been utilized to handle important concerns such as intrusion detection, XSS, SQLI, and phishing detection. Machine learning approaches have been employed in order to detect the issues such as XSS, SQLI, Phishing attacks etc. In this study XSS attack is detected using CNN approach, SQLI attack is detected using Logistic Regression approach, phishing is detected using SVM approach. In addition to the above specified attacks: DTC, BNB, KNN approaches are employed to detect the intrusion in the system. As a result, CNN approach yields 98.59% accuracy for detecting XSS attacks, Logistic Regression approach yields 92.85% accuracy for SQLI, SVM approach yields 85.62% accuracy for phishing attacks. Approaches like DTC, BNB, KNN yields an accuracy of 99.47%, 90.67% and 99.16% respectively for detecting intrusions.
A literature survey on anti-phishing in websites Zaimi, Rania; Hafidi, Mohamed; Lamia, Mahnane
Proceedings of the 4th International Conference on Networking, Information Systems & Security,
04/2021
Conference Proceeding
Phishing and fraud sites have been widespread on the internet in recent times, which's become a source of great concern and a serious cybersecurity problem, as internet fraudsters target sensitive ...data and personal information of users, especially the username and password. Numerous approaches have been proposed and used to prevent and reduce these phishing websites and attacks, and protect users and their privacy. In this paper, we categorized the present anti-phishing approaches into two main classes: Content-based and Non-content-based. The content-based approach is also classified into URL content analysis and webpage content analysis. This helps in finding out numerous anti-phishing techniques and algorithms to choose the best approach in future contributions.
In recent years, cybercrime has focused profoundly on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attacks. Phishing is an online ...extortion which combines social engineering tools and technical tricks designed to earn computer users' hypersensitive personally identifiable information (PII). To prevent from phishing attacks, phishing awareness needs to be considered. This research aims to highlights the problem of phishing and to examine the user's computer security behaviour in developing an anti-phishing educational framework. The paper introduces Technology Threat Avoidance Theory (TTAT): a theoretical model which is used to address various design issues and principles that were used as guidelines for structuring and presenting information.