Protection Against Semantic Social Engineering Attacks
作者: Ryan Heartfield , George Loukas
DOI: 10.1007/978-3-319-97643-3_4
关键词:
摘要: Phishing, drive-by downloads, file and multimedia masquerading, domain typosquatting, malvertising other semantic social engineering attacks aim to deceive the user rather than exploit a technical flaw breach system’s security. We start with chronological overview illustrate growing prevalence of such from their early inception 30 years ago, identify key milestones indicative trends which have established them as primary weapons choice for hackers, cyber-criminals state actors today. To demonstrate scale widespread nature threat space, we over 35 individually recognised types attack, existing within cross-contaminating between vast range different computer platforms interfaces. Their extreme diversity little no traces they leave make particularly difficult protect against. Technical protection systems typically focus on single attack type platform wider landscape deception-based attacks. address this issue, discuss three high-level defense approaches preemptive proactive protection, including adopting killchain concept simplifies targeted defense; principles passive threats; based defense-in-depth lifecycle designed harness non-technical capabilities providers base. Here, human-as-a-security-sensor paradigm can prove useful by leveraging collective natural ability users themselves in detecting deception attempts against them.
springer.com
sci-hub.se 参考文章(90)
Ira S. Winkler, The Non-Technical Threat to Computing SYstems Computing Systems. ,vol. 9, pp. 3- 14 ,(1996)
Frank Reichartz, André Bergholz, Siehyun Strobel, Gerhard Paass, Jeong Ho Chang, Improved Phishing Detection using Model-Based Features. conference on email and anti-spam. ,(2008)
Martin Johns, Sebastian Lekies, Tamper-Resistant LikeJacking Protection recent advances in intrusion detection. pp. 265- 285 ,(2013) , 10.1007/978-3-642-41284-4_14
Bruce Schneier, Semantic network attacks. Communications of The ACM. ,vol. 43, pp. 168- ,(2000)
Lorrie Cranor, Ponnurangam Kumaraguru, Phishguru: a system for educating users about semantic attacks Carnegie Mellon University. ,(2009)
Jacopo Corbetta, Luca Invernizzi, Christopher Kruegel, Giovanni Vigna, Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection recent advances in intrusion detection. pp. 130- 149 ,(2014) , 10.1007/978-3-319-11379-1_7
John C. Mitchell, Neil Chou, Yuka Teraguchi, Robert Ledesma, Client-Side Defense Against Web-Based Identity Theft. network and distributed system security symposium. ,(2004)
Tushar Bhardwaj, Tarun Kumar Sharma, Manu Ram Pandit, Social Engineering Prevention by Detecting Malicious URLs Using Artificial Bee Colony Algorithm soft computing for problem solving. pp. 355- 363 ,(2014) , 10.1007/978-81-322-1771-8_31
Hossain Shahriar, Hisham Haddad, Vamshee Krishna Devendran, Request and Response Analysis Framework for Mitigating Clickjacking Attacks International Journal of Secure Software Engineering. ,vol. 6, pp. 1- 25 ,(2015) , 10.4018/IJSSE.2015070101
Gianluca Stringhini, Olivier Thonnard, That Ain’t You: Blocking Spearphishing Through Behavioral Modelling Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 78- 97 ,(2015) , 10.1007/978-3-319-20550-2_5