The increasing use of internet all over the world, be it in households or in corporate firms, has led to an
unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are
the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL
attacks and some other hacking attacks are kept into this category. Security against these attacks is the
major issue of internet security in today’s scenario where internet has very deep penetration. Internet has
no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance
it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks
attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are
some of the most common and recent attacks to compromise the privacy of the internet users. Many a times
if the user isn’t careful, then these attacks are able to steal the confidential information of user (or
unauthorized access). Generally these attacks are carried out with the help of social networking sites,
popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and
many other social networking sites are facing these security attack problems.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
Knowledge base compound approach against phishing attacks using some parsing ...csandit
The increasing use of internet all over the world, be it in households or in corporate firms, has
led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet.
Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s
scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made
communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the
security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and
other hacking attacks are some of the most common and recent attacks to compromise the
privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks
using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This
approach employs various parsing operations and query processing which use many techniques
to detect the phishing attacks as well as other web attacks. The aforementioned approach is
completely based on operation through the browser and hence only affects the speed of
browsing. This approach also includes Crawling operation to detect the URL details to further
enhance the precision of detection of a compromised site. Using the proposed methodology, a
new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing
as well as other web based attacks
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks
Phishing is the fraudulent acquisition of personal information like username, password, credit card information, etc. by tricking an individual into believing that the attacker is a trustworthy entity. It is affecting all the major sector of industry day by day with lots of misuse of user’s credentials. So in today
online environment we need to protect the data from phishing and safeguard our information, which can be done through anti-phishing tools. Currently there are many freely available anti-phishing browser extensions tools that warns user when they are browsing a suspected phishing site. In this paper we did a literature survey of some of the commonly and popularly used anti-phishing browser extensions by reviewing the existing anti-phishing techniques along with their merits and demerits.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
In network security the organizations are ever-growing to identify insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. We describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the users behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst. U. Indumathy | M. Nivedha | Mrs. K. Alice"Anomaly Threat Detection System using User and Role-Based Profile Assessment" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd10956.pdf http://www.ijtsrd.com/engineering/computer-engineering/10956/anomaly-threat-detection-system-using-user-and-role-based-profile-assessment/u-indumathy
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
In the future, it is expected that the industry will be marked with multiple technologies. These technologies will play a crucial role in the improvement of the levels of efficiency that companies exhibit. On the other hand, one of the major weaknesses that will likely arise is a threat to the privacy, integrity, and security of data (Sloane, 2018). Through the use of various technologies such as the internet of things, companies will find it hard to protect their data against breaches (Griffy-Brown, Lazarikos & Chun, 2019). Data breaches will be based on the use of the latest technologies to exploit weaknesses found in the various systems. It is, therefore, recommended that companies must adopt a holistic approach in the development of protective, preventive, and reliable mechanisms of ensuring and guaranteeing information security and reduce the risks of data breaches (Ghosh, Mishra & Mishra, 2019). However, with the current trends, it is expected that more breaches will continue to happen, ranging from the use of phishing, hacking, malware, and also but not limited to ransomware.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
SQL Vulnerability Prevention in Cybercrime using Dynamic Evaluation of Shell and Remote File Injection Attacks R. Ravi,
Department of Computer Science & Engineering,
Francis Xavier Engineering College, Tamil Nadu, India
Dr. Beulah Shekhar,
Department of Criminology,
Manonmanium Sundaranar University, Tamil Nadu, India
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...IJNSA Journal
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. Many a times if the user isn’t careful, then these attacks are able to steal the confidential information of user (or unauthorized access). Generally these attacks are carried out with the help of social networking sites, popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and many other social networking sites are facing these security attack problems.
This paper discusses a Knowledge Base Compound approach which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks. With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks.
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and.
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Knowledge base compound approach against phishing attacks using some parsing ...csandit
The increasing use of internet all over the world, be it in households or in corporate firms, has
led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet.
Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s
scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made
communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the
security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and
other hacking attacks are some of the most common and recent attacks to compromise the
privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks
using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This
approach employs various parsing operations and query processing which use many techniques
to detect the phishing attacks as well as other web attacks. The aforementioned approach is
completely based on operation through the browser and hence only affects the speed of
browsing. This approach also includes Crawling operation to detect the URL details to further
enhance the precision of detection of a compromised site. Using the proposed methodology, a
new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing
as well as other web based attacks
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of
Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this
category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very
convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. This paper discusses a Knowledge Base Compound approach
which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before
visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks.
With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks
Phishing is the fraudulent acquisition of personal information like username, password, credit card information, etc. by tricking an individual into believing that the attacker is a trustworthy entity. It is affecting all the major sector of industry day by day with lots of misuse of user’s credentials. So in today
online environment we need to protect the data from phishing and safeguard our information, which can be done through anti-phishing tools. Currently there are many freely available anti-phishing browser extensions tools that warns user when they are browsing a suspected phishing site. In this paper we did a literature survey of some of the commonly and popularly used anti-phishing browser extensions by reviewing the existing anti-phishing techniques along with their merits and demerits.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Anomaly Threat Detection System using User and Role-Based Profile Assessmentijtsrd
In network security the organizations are ever-growing to identify insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. We describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the users behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst. U. Indumathy | M. Nivedha | Mrs. K. Alice"Anomaly Threat Detection System using User and Role-Based Profile Assessment" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-3 , April 2018, URL: http://www.ijtsrd.com/papers/ijtsrd10956.pdf http://www.ijtsrd.com/engineering/computer-engineering/10956/anomaly-threat-detection-system-using-user-and-role-based-profile-assessment/u-indumathy
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
In the future, it is expected that the industry will be marked with multiple technologies. These technologies will play a crucial role in the improvement of the levels of efficiency that companies exhibit. On the other hand, one of the major weaknesses that will likely arise is a threat to the privacy, integrity, and security of data (Sloane, 2018). Through the use of various technologies such as the internet of things, companies will find it hard to protect their data against breaches (Griffy-Brown, Lazarikos & Chun, 2019). Data breaches will be based on the use of the latest technologies to exploit weaknesses found in the various systems. It is, therefore, recommended that companies must adopt a holistic approach in the development of protective, preventive, and reliable mechanisms of ensuring and guaranteeing information security and reduce the risks of data breaches (Ghosh, Mishra & Mishra, 2019). However, with the current trends, it is expected that more breaches will continue to happen, ranging from the use of phishing, hacking, malware, and also but not limited to ransomware.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
SQL Vulnerability Prevention in Cybercrime using Dynamic Evaluation of Shell and Remote File Injection Attacks R. Ravi,
Department of Computer Science & Engineering,
Francis Xavier Engineering College, Tamil Nadu, India
Dr. Beulah Shekhar,
Department of Criminology,
Manonmanium Sundaranar University, Tamil Nadu, India
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
MULTI-LEVEL PARSING BASED APPROACH AGAINST PHISHING ATTACKS WITH THE HELP OF ...IJNSA Journal
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL attacks and some other hacking attacks are kept into this category. Security against these attacks is the major issue of internet security in today’s scenario where internet has very deep penetration. Internet has no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance it has made communication lightning fast and that too at a very cheap cost. But internet can pose added threats for those users who are not well versed in the ways of internet and unaware of the security risks attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are some of the most common and recent attacks to compromise the privacy of the internet users. Many a times if the user isn’t careful, then these attacks are able to steal the confidential information of user (or unauthorized access). Generally these attacks are carried out with the help of social networking sites, popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and many other social networking sites are facing these security attack problems.
This paper discusses a Knowledge Base Compound approach which is based on query operations and parsing techniques to counter these internet attacks using the web browser itself. In this approach we propose to analyze the web URLs before visiting the actual site, so as to provide security against web attacks mentioned above. This approach employs various parsing operations and query processing which use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned approach is completely based on operation through the browser and hence only affects the speed of browsing. This approach also includes Crawling operation to detect the URL details to further enhance the precision of detection of a compromised site. Using the proposed methodology, a new browser can easily detects the phishing attacks, SSL attacks, and other hacking attacks. With the use of this browser approach, we can easily achieve 96.94% security against phishing as well as other web based attacks.
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and.
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
Small business e-commerce websites make an excellent target for malicious attacks. Small businesses do not have the resources needed to effectively deal with attacks. Large and some mid-size organization have teams that are dedicated to dealing with security incidents and preventing future attacks. Most small businesses do not have the capabilities of dealing with incidents the way large organizations do. Security of e-commerce websites is essential for compliance with laws and regulations as well as gaining and maintaining the trust of consumers, partners and stakeholders. Many security standards have been established by various organizations to help guide security of small business servers, however, many of those standards or guidelines are too costly or time consuming. This paper1 will discuss how attacks are carried out and how a small business can effectively secure their networks with minimum cost.
Risk and Threat Assessment Report Anthony WolfBSA 5.docxjoellemurphey
Risk and Threat Assessment Report
Anthony Wolf
BSA/ 520
May 11th, 2020
Jeffery McDonough
Running head: RISK AND THREAT ASSESSMENT REPORT
1
RISK AND THREAT ASSESMENT REPORT
2
Risk and Threat Assessment Report
The rise of innovation and technological advancement has affected the aspects of technology in different ways. Improvement of software and operating systems gives hackers a reason to strive and develop more complex forms of overweighing security measures on those applications. Traditional application security best practices and secure coding are often recommended in protecting different applications against runtime attacks.
Runtime application self-protection is an emerging application in the protection of software applications, data, and databases. The increase in attacks has triggered the development of security technology that is linked or build into an application runtime environment. Besides, database deployment is safeguarded by run time application self-protection that can control the execution of applications, detecting, and preventing real-time attacks. The threats and risks associated with operating systems, networks, and software systems are significant concerns to users.
The internet has changed how people do their businesses. With the growth of e-commerce and other online transactions, there has been a subsequent increase in internet risk threats that are commonly occasioned by hacking and malware attacks. There are different types of e-commerce threats and might be accidental, deliberately done by perpetrators, or occur due to human error. The most prevalent threats are money theft, unprotected services, credit card fraud, hacking, data misuse, and phishing attacks. Heats associated with online transactions can be prevented or reduced by keeping the credit cards safe. Consumers/customers should be advised to avoid carrying their credit cards in their wallets since they increase the chances of misplacement. Each buyer should be cautious when using their you’re their online credit information.
The advancement in technology has seen an increase in online transactions. The practice of doing business transactions via the internet is called e-commerce. Their growth has subsequently lead to the rise in internet risk threats that are commonly occasioned by hacking and malware attacks. E-commerce is the activity of conducting transactions via the internet. Internet transactions can be drawn on various technologies, including internet marketing, electronic data exchanges, automated data collection systems, electronic fund transfer, and mobile commerce.
Online transaction threats occur by using the internet for unfair means with the aim of fraud, security breach, and stealing. The use of electronic payment systems has a substantial risk of fraud. It uses the identity of a customer to authorize a payment like security questions and passwords. If someone accesses a customer's password, he will gain access to his accounts and ...
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
The Internet or World Wide Web has become prominent platform for business and commerce and is witnessing user growth with increased penetration of mobile Internet. Huge traffic is being generated, some of it being legitimate and the rest being malicious. Hence the implementation and maintenance of Information Security programs is been done .In the age of the Internet, protecting our information has become just as important as protecting our property. Malware authors have found and exploited new zero-day vulnerabilities resulting in damage to end-user system. Ransomware, a malware that has taken malware attacks to a new level by locking files of the affected user and demand Bitcoin payment to unlock those files. On the other hand the Volume and frequency of Distributed Denial of Service (DDoS) attacks have increased. Many unpatched machines without the knowledge of its owners have become a part of Botnets which carry out DDoS attacks. This paper focuses on strategies to be adopted to protect individual hosts from malware attacks and other types of intrusions using Deception, White-Listing and Reputation Services.
We are a new generation IT Software Company, helping our customers to optimize their IT investments, while preparing them for the best-in-class operating model, for delivering that “competitive edge” in their marketplace.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Multi level parsing based approach against phishing attacks with the help of knowledge bases
1. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
MULTI-LEVEL PARSING BASED APPROACH AGAINST
PHISHING ATTACKS WITH THE HELP OF
KNOWLEDGE BASES
Gaurav Kumar Tak1 and Gaurav Ojha2
1
2
School of Computer Science and Information Technology, Lovely Professional
University, Phagwara, Punjab – 144402, India
Department of Information Technology, Indian Institute of Information Technology and
Management, Gwalior, Madhya Pradesh - 474010, India
ABSTRACT
The increasing use of internet all over the world, be it in households or in corporate firms, has led to an
unprecedented rise in cyber-crimes. Amongst these the major chunk consists of Internet attacks which are
the most popular and common attacks are carried over the internet. Generally phishing attacks, SSL
attacks and some other hacking attacks are kept into this category. Security against these attacks is the
major issue of internet security in today’s scenario where internet has very deep penetration. Internet has
no doubt made our lives very convenient. It has provided many facilities to us at penny’s cost. For instance
it has made communication lightning fast and that too at a very cheap cost. But internet can pose added
threats for those users who are not well versed in the ways of internet and unaware of the security risks
attached with it. Phishing Attacks, Nigerian Scam, Spam attacks, SSL attacks and other hacking attacks are
some of the most common and recent attacks to compromise the privacy of the internet users. Many a times
if the user isn’t careful, then these attacks are able to steal the confidential information of user (or
unauthorized access). Generally these attacks are carried out with the help of social networking sites,
popular mail server sites, online chatting sites etc. Nowadays, Facebook.com, gmail.com, orkut.com and
many other social networking sites are facing these security attack problems.
This paper discusses a Knowledge Base Compound approach which is based on query operations and
parsing techniques to counter these internet attacks using the web browser itself. In this approach we
propose to analyze the web URLs before visiting the actual site, so as to provide security against web
attacks mentioned above. This approach employs various parsing operations and query processing which
use many techniques to detect the phishing attacks as well as other web attacks. The aforementioned
approach is completely based on operation through the browser and hence only affects the speed of
browsing. This approach also includes Crawling operation to detect the URL details to further enhance the
precision of detection of a compromised site. Using the proposed methodology, a new browser can easily
detects the phishing attacks, SSL attacks, and other hacking attacks. With the use of this browser approach,
we can easily achieve 96.94% security against phishing as well as other web based attacks.
KEYWORDS
Phishing, SSL, Artificial Intelligence, Internet Attacks, Knowledge Base, Parsing
1. INTRODUCTION
In present world, Internet plays a very important role in everyone’s daily life. Nowadays any
work can be performed over the internet. Just to name a few Internet Banking, Online Ticket
DOI : 10.5121/ijnsa.2013.5602
15
2. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Booking, Hotel Booking, Social Networking, Online Shopping etc are getting more popular day
by day. Hence security over the internet is of utmost importance in today’s scenario.
On the World Wide Web, Cyber-crime is one of the major security issues, troubling internet
security. These crimes can be defined as immoral actions performed with the use of internet. They
include illegal access of data, illegal interception of data, eavesdropping of authorized data over
an information technology infrastructure , data interference (which includes unauthorized
damaging, deletion, deterioration, alteration or suppression of computer data), Unethical access of
web services, Disturbance of social-peace, systems interference (interfering with the functioning
of a computer system by inputting, transferring, destroying, removing, deteriorating, altering or
suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.[16][13]
Some of the cyber-crime issues have become high-profile, particularly those surrounding hacking,
copyright infringement, child pornography and child grooming.
However in the context of internet security, phishing is the most commonly used web attack.
Phishing can be defined as the fraudulent process of masquerading as a trustworthy entity in an
electronic communication so as to acquire sensitive user information (such as usernames,
passwords) and other confidential information (like security key and credit card or debit card
details, master card details). In phishing attacks often unsuspecting users are lured using
communications purporting to be from popular social web sites, auction sites, online payment
Gateway or IT administrators. These attacks are usually carried out by e-mail or instant
messaging in which the users are directed to a fake website whose look and feel are almost
identical to the legitimate one. Here the user is prompted to enter personal details which go
directly into the hands of the cyber criminals. Even while using server authentication, it may
require tremendous amount of time and skills to establish that the website is fake. Phishing is an
example of social engineering techniques used to fool users by exploiting the poor usability of
current web security technologies. It can be used to break the security system of many web
services, to access many authorized information unethically.
Figure 1. The Client-Server architecture over the World Wide Web
16
3. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Most of the services over the Internet are mainly based on the client–server architecture which
provides communication all over the World Wide Web. The Client–server model of computing is
a sort of distributed application structure. It divides the whole of the workload between different
service providing stations and service requester stations, known as servers and clients
respectively. Generally, when a client requires accessing some web pages, then it reaches to the
server with the help of a web browser. Result of the request also follows the same process but in
reverse order. A server machine is a host which is running one or more server programs sharing
its resources with clients. A client shares none of its resources. However it can always request a
server's content or service function. Hence, clients initiate communications with servers when
needed.
Phishing attack can be defined as an attempt by a person or a group of people to steal some
information (for security purpose) such as user ID, passwords, credit card information, etc. from
unsuspecting victims for identity theft, financial gain or other fraudulent activities. Fake websites
which looks very similar to the genuine ones are hosted to achieve this. Many a times it is too
difficult to differentiate the fake from the genuine one. Thus more often than not the internet users
assume that they are entering data into a genuine website without realizing that they are giving
away their precious information to a phishing attacker who can misuse it for many purposes
according to his convenience. Architecture of phishing attack is shown in Figure 2 below.
Figure 2. Architecture of Phishing Attacks
In this document, we are proposing a new technique for stopping phishing attacks by introducing
the concept of parsing the web-URL (Uniform Resource Locator) before visiting it. The technique
also proposes the use of knowledge base to retrieve some information that is stored previously.
Using the Knowledge Base, we can gain the better security against phishing attacks and reduce
the time complexity of the operations. Multi parsers are used for multiple operations, hence
easing detection of the phishing attacks. Here in this methodology the browser will be more
participating in the process of detecting and prevention of phishing attacks.
A Knowledge Base is the modelling of previously occurred events in order to predict future
events by employing some artificial intelligence techniques [5]. It is a sort of database for
knowledge management, providing the means for the computerized collection, organization, and
17
4. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
retrieval of knowledge. Also a collection of data representing related experiences, their results is
related to their problems and solutions.
They are basically artificial intelligent tools providing intelligent decisions. Knowledge is
obtained and represented using various knowledge representation techniques rules, frames and
scripts. The basic advantages offered by such system are documentation of knowledge, intelligent
decision support, self-learning, reasoning and explanation. [6]
Each knowledge base follows the DIKW chain processing in its thinking and reasoning process.
The Chain consist four elements which are as follows: data, information, knowledge and wisdom.
All elements are different in nature and have their own impact at the time of decision making.
Data concern with the observation and some raw facts. Data are meaningless without an
additional processing viz. filtering, comparing etc. Information can be defined as the processed
data. In short, Knowledge is defined as follows: knowledge is an outcome of processes like
synthesis, filtration, comparison and analysis of information which are already available with the
knowledge base and to produce meaningful and logical results. The elements of the chain can be
arranged as shown in Figure 3.
Figure 3. The DIKW Chain
As we all know that phishing attack is a URL based attack which happens between the Internet
user and the browser, so our proposed methodology gives the new security layer between browser
and the User using the Knowledge Base and some parsing operations.
2. RELATED WORK
Many techniques and algorithms have been developed and implemented for prevention of
phishing and to secure the theft of confidential information (usernames, passwords, security key,
credit card /debit card/master card details). But there are still many issues remaining on this
matter.
Many techniques and schemes are being proposed to provide a secure environment for e-banking
services, e-commerce services and payment gateway services and to block the sniffing,
18
5. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
eavesdropping etc. So that transmission of the confidential information will be preserved and
unauthorized personnel can’t access that information.
But day by day, phishing attacks are increasing. While most phishing attacks target the financial
transaction website (Banking site, e-commerce, e-shopping website, payment gateway websites),
more and more phishing incidents targeting online game operators and large ISPs (internet service
provider) have also been discovered.
Many approaches (e.g. toolbars) have been proposed to prevent phishing attacks. The antiphishing toolbars is also a common but not so user friendly approach out of them. It is based on
web browser plug-ins that warns browsers when they visit any suspected phishing site.
Commonly, anti-phishing tools use two major approaches for mitigating phishing sites. The first
approach is based on heuristics to check the host name and the URL for common spoofing
techniques. The second method lists out some blacklist phishing URLs. The heuristics approach is
not 100% accurate since it produces low false negatives (FN), i.e. a phishing site is mistakenly
judged as legitimate, which implies they do not correctly identify all phishing sites. The heuristics
often produce high false positives (FP), i.e. incorrectly identifying a legitimate site as fraudulent.
Blacklists have a high level of accuracy because they are constructed by paid experts who verify a
reported URL and add it to the blacklists if it is considered as a phishing website. [16][13][9]
Delayed password disclosure [7] is another new method to avoid phishing attacks. This method
discusses a user interface that checks the authenticity of the website as the user enters his/her
password. This is based on the feedback generated by the interface as user enters the password;
hence if the feedback generated is not according to the authentic website an alarm is triggered.
Another method to create awareness amongst users against phishing is Trust bar construction [8].
This method associates logos with the public key of the website being visited hence easing the
way of authentication of website. PassmarkTM is a similar method currently being used by Bank
of America. This method fights phishing by authenticating the website back to the user. Here the
website first identifies user by previous cookies and before the password submission it sends back
a user specific image. If the user identifies the image then and only then he should enter the
password.
The detection and identification of phishing websites in real-time, particularly for ebanking/payment gateway website, is a very complex and dynamic problem which involves many
factors and criteria. Many methods like improving site authenticity, one time password, having
separate login and transaction password, personalized e-mail communication, user education
about phishing are being implemented to prevent phishing attacks, but they don’t provide high
security.
3. PROPOSED METHODOLOGY
The proposed browser based methodology against phishing attacks utilizes some of the basic
information of the domains. For instance, more often than not a phishing website will be a newly
registered domain. Furthermore they will have some identical portion of the legitimate website
domain. Here we propose a knowledge base approach against phishing attacks which also uses
some parsing techniques to detect the attack.
3.1. Knowledge Bases
Our methodology uses some knowledge bases which are described as follows:
19
6. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
3.1.1. Knowledge Base I
Knowledge Base Initial or KBI stores the pattern and other detection methods of previously
detected phishing attacks and other web attacks. It validates the URL and also relates the URL
with the previously detected phishing attacks. If pattern of new URL matches with the previously
stored Phishing attacks, then it generates a phishing alert before visiting the URL. Since KBI only
stores the recent and frequently occurring phishing attacks so the size of Knowledge Base I can
vary according to the requirements of the situations and the security threats posed in the scenario.
This is also named as Knowledge Base Initial because it is used in the beginning of the
methodology.
3.1.2. Knowledge Base T
Knowledge Base Trusted or KBT maintains all the trusted and secure URLs which are previously
visited on the same browser. The user can further manually add the frequently visited legitimate
websites to this knowledge base for whom he wishes not to carry out security checks every time.
If the URL is present in this knowledge base then it is deemed secure. Else if the URL would be
considered to lie in the danger zone of security then all the security analysis will take place for
that URL before visiting it.
3.1.3. Knowledge Base A
This Knowledge Base defines all the URL-pattern based phishing and SSL attacks which have
detected previously by the browser till date. This Knowledge Base is used before the operation of
‘Parser-1’.
3.1.4. Knowledge Base B
This Knowledge stores the all information (like license year, rating of the domain, popularity of
the domain etc.) of the URLs which is previously visited and detected as the Phishing attacks.
3.1.5. Knowledge Base C
This Knowledge Base defines all the URL-pattern based phishing and SSL attacks which have
detected previously by the browser till date. This Knowledge Base is used before the operation of
‘Parser-1’.
3.1.6. Knowledge Base D
This Knowledge Base stores all the URLs which are previously visited. It is responsible for
maintaining the history of the all the URLs which are previously visited. This knowledge base is
already a common feature in almost all the web browsers.
Currently most of the browsers (like Mozilla Firefox, Internet Explorer, Opera, etc.) maintain the
history of the previously visited URLs. When an internet user types the URL keywords in the
address bar of browser then it automatically suggests all the URLs pertaining to that keywords
which were frequently visited using this Knowledge Base (history of URLs). Figure 4 below
represents all suggested URLs by the browser ‘Mozilla Firefox’.
20
7. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Figure 4. The browser shows a list of previously visited URLs (Firefox 19)
3.2. Parsers
Some Parsers are also used in the detection of URL based attack in the proposed methodology,
which are described as follows:
3.2.1. Parser 1
It is used to detect the pattern based URL attacks. This parser provides the security against
phishing attacks as well as SSL attacks. It also analyzes the usage of some special character (like
‘-‘,’.’ etc.) in the URL to detect the attacks. This parser’s operation is based on the fact, that
phishing attackers use the some fraction of the actual legitimate URL so as to generate a close to
real phishing URL.
For example take the URL http://www.firstgenericbank.com.account-updateinfo.com/, it is a
phishing URL of First Generic Bank. The user can be fooled to believe this is a legitimate website
as it contains part of the original URL separated by 4 dots. The following Figure 5 represents the
Phishing attack example over the generic bank website.
3.2.2. Parser 2
When a URL is parsed into this, all the details of the website such as license year, rating of the
domain, popularity of the domain etc. become available to the browser. Using these details
parser-B can declares if the URL is phishing website URL or a legitimate website URL. This
parser takes account of the fact that phishing URLs are newly registered one with low rating and
popularity. Hence if the URL is newly registered, then it can be a phishing attack on any existing
URL.is used to detect the pattern based URL attacks. Some Browser (Like Internet Explorer 7.0,
Opera etc.) also use this approach for the detection of web attacks. Internet Explorer 7.0 browser
also use the site rating to detect the phishing websites, but many a times it is not user friendly and
21
8. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
unable to detect all attacks. Figure 5 represents the information of URL http://www.facebook.com
in Opera Browser.
Figure 5. The browser shows a list of previously visited URLs (Firefox 19)
3.2.3. Parser 3
This parser performs an important step for security against the phishing attacks. It performs the
fraud check analysis of an URL and generates a warning message if URL is not secure.
3.2.4. Parser 4
It searches for other URLs whose pattern matches with the requested URL. It finds all details of
the other similar URLs and compares all the details (like year of domain registration, rating of the
domain, popularity of the domain etc.) with the requested URL details. It then displays all the
results in the preference on the browser screen before visiting the requested URL.
Parser 2 and Parser 4 act like web crawlers and scan the World Wide Web to get the required
information to detect the phishing as well as other web attacks. Both parsers work in automated
22
9. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
manner, they also provide the indexing and relative weights to compare the outcomes. Some
policies have been also defined for both parsers for their crawling operation.
Figure 6. A sample phishing website
In implementation of parser 4 and 5, the Open Source Crawler “crawler4j” has been used. The
java code of the “crawler4j” is as follows –
import
import
import
import
java.util.ArrayList;
java.util.regex.Pattern;
edu.uci.ics.crawler4j.crawler.Page;
edu.uci.ics.crawler4j.crawler.WebCrawler;
import edu.uci.ics.crawler4j.url.WebURL;
public class MyCrawler extends WebCrawler
{
Pattern filters = Pattern.compile(".*(.(css|js|bmp|gif|jpe?g"
+ "|png|tiff?|mid|mp2|mp3|mp4"
+ "|wav|avi|mov|mpeg|ram|m4v|pdf"
+ "|rm|smil|wmv|swf|wma|zip|rar|gz))$");
}
public MyCrawler()
23
10. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
{
}
public boolean shouldVisit(WebURLurl)
{
String href= url.getURL().toLowerCase();
if(filters.matcher(href).matches())
{
return false;
}
if(href.startsWith("http://www.ics.uci.edu/")) {
return true;
}
return false;
}
public void visit(Page page)
{
int docid = page.getWebURL().getDocid();
String url = page.getWebURL().getURL();
String text = page.getText();
ArrayList<WebURL> links = page.getURLs();
}
}
3.3. Re-visit Policy
In the proposed methodology, the parsers also use the re-visit policy when needed because web
has its dynamic nature. The re-visit policy can be easily understood using the freshness function
described in the following sub-sections.
3.3.1. Freshness
This is used as binary measure which indicates whether the local copy is accurate or not. The
freshness of any page ‘p’ in the repository at time t is defined as:
3.3.2. Age
It is a measure which indicates how outdated the local copy of page is. The age of a page ‘p’ in
the repository, at time t is defined as:
24
11. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
4. EXECUTION OF THE PROPOSED METHODOLOGY
Execution of proposed methodology depends on the sequence of knowledge bases and
corresponding parsers. Final result of the proposed methodology is not affected by the sequence
of the operations. Sequence affects only the space complexity and time complexity of the
methodology.
Execution of proposed methodology in divided into several steps which are described as follows
in the following sections.
4.1. Historical Attack Detection
This step is composed with 2 operations which are occurred using ‘Knowledge Base I’ and
‘Knowledge Base T’.
Figure 7. Flowchart of Step 1 of the proposed methodology
Knowledge Base Initial (KBI) is used to detect the attacks which has the same pattern with the
previous detected attacks stored in it. Knowledge Base Trusted (KBT) is used to find the trusted
status of requested URL which was previously declared by the user. In Historical attack detection
the browser first tallies the URL with the KBI to check if its pattern matches that of any frequent
phishing attack stored in the knowledge base. If it is safe then it proceeds to match up with the
KBT. In this knowledge base it matches the URL against the trusted URLs stored by the user.
4.2. URL Pattern based Attack Detection
Figure 8. Flowchart of Step 2 of the proposed methodology
25
12. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
It is composed 2 operations which are related to ‘Knowledge Base A’ and ‘parser 1’. This Step 2
provides the security against those attacks which are purely URL-pattern based phishing as well
as SSL attacks. Knowledge Base A detects only those attacks which were detected previously by
the browser and were stored in its database. During the step 2, ‘parser 1’ scans the requested URL
and finds the occurrence of special characters (‘-‘,’.’ etc) and their repetition in the URL. It is
used to detect the pattern based phishing attacks. Generally phishing websites use these special
characters repeatedly to hide its fraudulent nature. Working of step 2 is represented in Figure 8.
Google Chrome has auto SSL attack detection feature inbuilt within itself. Figure shows the
Chrome behavior towards SSL URLs. In the browser, ‘https’ text is shown in red with an arrow
sign to signify that the URLs being accessed have an invalid SSL certificate. Thus the page being
accessed is encrypted but the license of the website has expired. Hence it can be a false website in
place of the previous popular one which the user wanted to actually access.
4.3. URL Information Analysis
URL information can be very helpful in detection of the phishing attacks. This step is based on
the fact that the phishing URLs are newly registered and have lower rating and popularity over
the internet. Figure represents the working of URL information analysis step.
Figure 9. Representation of Gmail in Google Chrome
In this step requested URL is analysed with the Knowledge Base B and information of URL is
analysed using the historical data of URL (if the URL was visited previously) and displays the
results and generates warning if URL is phishing attack based URL.
26
13. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
If the URL is not present in the history of Knowledge Base B then it goes to the parser 2 for the
information analysis. ‘Parser 2’ works to finds the information of URL as a web crawler (which is
described above) and performs the proper analysis after crawling for the details of the URL over
the internet. After all the details have been collected it generates a result depending on whether
the URL is a popular site or a newly created one.
Figure 10. Flowchart of Step 3 of the proposed methodology
4.4. Fraud URL Detection
This step is performed by the Knowledge Base C and parser 3.Knowledge Base C performs the
fraud check analysis of the requested URL (if it is available in the history of Knowledge base). It
displays the result and appropriate messages. If the URL is not visited previously then parser 3
performs the Fraud check analysis to provide the security against phishing attacks (or other web
attacks) using some security algorithms. Figure 13 describes the fraud check analysis.
Figure 11. Flowchart of Step 4 of the proposed methodology
4.5. Comparison with other URLs
The above step is similar to the step 3, During the step 3, URL information analyzed using some
assumption (phishing URLs have their early license year and lower rating level) of phishing
attacks, but during the step 5, the URL information is compared with the other URLs information
which have some similarities in URL string with the requested URL string.
27
14. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
Knowledge Base D provides the information of the requested URL and other URLs, using its
history (if the URL is visited previously and history is maintained in the Knowledge Base) then
compares all the information and produces the results.
If the URL is not visited previously, then the comparison is performed by the parser 4 using
crawling operation over internet using some standard crawling techniques.
Figure 14 describes the step 5 of proposed methodology.
Figure 12. Flowchart of Step 5 of the proposed methodology
After completing the step 5, execution of proposed methodology will finish. Proposed
methodology have more time complexity and space complexity but it provides the better security
against web attacks in comparison with the other methodologies which are already proposed. The
step by step approach ensures that a wide majority of web attacks are detected.
5. IMPLEMENTATION AND RESULTS
We have implemented the proposed methodology in a virtual scenario, where we explored all the
visited URLs of browsers on different machines using the history feature. All the URLs have been
stored in a database for detect the phishing attacks and perform the analysis. We have used Java
programming, JSP and MySQL, apache tomcat web server to execute the proposed methodology.
We have also implemented some advanced feature using build -network APIs and crawling.
Proposed methodology also uses the crawling step to analyze the URL over World Wide Web.
We are planning to implement this methodology with some new add-ons to install in present web
browsers (like other Firefox add-ons) using some advanced techniques.
Table 1. URL and some web attacks analysis (2012 - 13)
Month
Oct
Nov
Dec
Jan
Feb
No. of URLs visited
Phishing Attacks
Detected phishing attacks with the browser
SSL Attacks
Detected SSL attacks with the browser
Execution Time (in minutes)
1098
24
17
21
16
0
1086
20
15
15
13
0
1007
19
17
14
13
161
1149
25
22
12
11
202
1368
27
27
15
15
281
We have analysed the URL visited over the 5-months of period. In starting stage of
implementation, security risks are more because of absence of data in the different knowledge
28
15. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
base. The implemented scenario provides 98.14 % security against phishing attacks and some
hacking attacks. We have not executed our proposed methodology for the duration of Oct, 2012
and Feb, 2013 but during Dec, 2012 to Feb, 2013, we have executed the above methodology.
The above table shows the number of phishing attacks encountered and the execution time taken
by our methodology from October 2012 to Feb 2013. The execution time for the first two months
is actually zero as we have not implemented our methodology then. We have implemented our
methodology from December 2012 onwards.
Kindly note that the approximate time of execution per URL visit, for the first month comes out
to be about 11 seconds. This increases to 12 seconds in the second month and to 14 seconds in the
third month. This gradual increase can be attributed to the fact that the knowledge base is
increasing in size hence the browser searches for more security attack then before.
3. CONCLUSION AND LIMITATIONS
Our proposed methodology is inspired by a problem with a large number of Phishing, SSL and
other web attacks, we have encountered. We have recorded the web URLs activities of with the
usage of proposed methodology and without usage of proposed methodology over 5 months.
From data, we have analysed the attacks and detected attacks over the time. The experiment
results provide the complete scenario of the problem and security over the web. Our system
indicated that the 96.94% security against phishing attacks as well as SSL-attacks over the
browsing. Table 1 represents the recorded data over the 5 months’ time period.
Limitations of the proposed method are that due to various parsing operations, its time complexity
and space complexity is higher. So many times, it increases the browsing time of web browser.
Due to slower speed of browsing, generally web users avoid this type of higher web security.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
PHP, AJAX, MySQL and JavaScript Tutorials, http://www.w3schools.com/
Prentice Hall - Deitel - Java How to Program, 4th Edition, Java_2_Complete_Reference_5E, Java
- How to Program, 6th Edition
Ahn, Luis von, Blum, Manuel, Hopper, Nicholas, and Langford, John. CAPTCHA: Using Hard AI
Problems for Security. In Eurocrypt
Gedam,Dhiraj Nilkanthrao,RSA Based Confidentiality And Integrity Enhancements in SCOSTACL, A thesis report, Department of Computer Science and engineering, Indian Institute of
Technology ,Kanpur, India, (July,2009)
J. Ullman, Database and knowledge base systems, In Database and knowledge-base systems,
Volume 2, Computer Science Press, 1989
Akerkar RA and Sajja Priti Srinivas: “Knowledge-based systems”, Jones & Bartlett Publishers,
Sudbury, MA, USA (2009)
Delayed password disclosure Markus Jakobsson, Steven Myers, Palo Alto Research Center, 3333
Coyote Hill Road, Palo Alto, CA 94303, USA. School of Informatics, Indiana University,
Bloomington, IN, USA Journal: Int. J. of Applied Cryptography 2008 - Vol. 1, No.1 pp. 47 - 59
Herzberg, A. and Gbara, A. (2004) Technical Report 2004-23, Protecting (even) Naïve Web
Users, or: Preventing Spoofing and Establishing Credentials of Web Sites, DIMACS, October 30,
Available at: http://dimacs.rutgers.edu/TechnicalReports/2004.html., S.hyun. & Kim Mi Na,
(2008) “This is my paper”, ABC Transactions on ECE, Vol. 10, No. 5, pp120-122.
Sophos White Paper, Phishing and the threat to corporate networks, (2005)
Beginning PHP5, Apache, and MySQL Web Development by Elizabeth Naramore, Jason Gerner,
Yann Le Scouarnec, Jeremy Stolz, Michael K. Glass; ISBN: 9780764579660
Chen, Juan and Guo, Chuanxiong, Online Detection and Prevention of Phishing Attacks, in Proc.
Chinacom ‘06.
29
16. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.6, November 2013
[12]
[13]
[14]
[15]
[16]
Alnajim, A. and Munro, M. 2009. An Anti-Phishing Approach that Uses Training Intervention for
Phishing Websites Detection. In Proceedings of the 2009 Sixth international Conference on
information Technology: New Generations (2009). ITNG. IEEE Computer Society, Washington,
DC, 405-410. DOI= http://dx.doi.org/10.1109/ITNG.2009.109
Yu, W.D.; Nargundkar, S.; Tiruthani, N., "A phishing vulnerability analysis of web based
systems," Computers and Communications, 2008. ISCC 2008. IEEE Symposium on, vol., no.,
pp.326-331, 6-9 (July 2008)
Abu-Nimeh, S.; Nair, S., "Bypassing Security Toolbars and Phishing Filters via DNS Poisoning,"
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE, vol., no., pp.1-6,
(Nov. 30 2008-Dec. 4 2008)
Aburrous, Maher Ragheb, Alamgir, Hossain,Keshav Dahal, Thabatah, Fadi, "Modelling Intelligent
Phishing Detection System for E-banking Using Fuzzy Data Mining," cw, pp.265-272, 2009
International Conference on CyberWorlds, (2009)
Ollmann G., the Phishing Guide Understanding & Preventing Phishing Attacks, NGS Software
Insight Security Research
Authors
Gaurav Kumar Tak is an assistant professor in the School of Computer Engineering,
Lovely Professional University. His primary research areas of interest are Cyber-crime and
Security, Wireless Ad-hoc Network and Web Technologies. He has written several research
papers in these areas and continues to work for improving the security of web applications
and making the web safe to surf.
Gaurav Ojha is a student in the Department of Information Technology, Indian Institute of
Information Technology and Management, Gwalior. His areas of interest are Web
technologies, Open source software and Internet Security.
30