Phishing knowledge based user modelling in software design
نویسندگان
چکیده
Due to the limitations of anti-phishing software and limitations in creating such software, we propose the usage of metamodelling frameworks and software tools for implementing software systems where phishing prevention is already designed as a part of the system itself. An expressive computational, verifiable and validatable metamodel is created that captures user behaviour. Next it is shown through examples that the metamodel follows and describes reported phishing scams accurately. The model is then used to create specification in an executable formal specification tool. The formal specification, which can be executed to observe user behaviour, can be used as a building block in the specification of a larger software system, resulting in an inherently phishing-resilient software system design in the form of a formal specification.
منابع مشابه
Integrating self-efficacy into a gamified approach to thwart phishing attacks
Security exploits can include cyber threats such as computer programs that can disturb the normal behavior of computer systems (viruses), unsolicited e-mail (spam), malicious software (malware), monitoring software (spyware), attempting to make computer resources unavailable to their intended users (Distributed Denial-of-Service or DDoS attack), the social engineering, and online identity theft...
متن کاملA Zero Knowledge Password Proof Mutual Authentication Technique Against Real-Time Phishing Attacks
Phishing attack is a kind of identity theft trying to steal confidential data. Existing approaches against phishing attacks cannot prevent real-time phishing attacks. This paper proposes an Anti-Phishing Authentication (APA) technique to detect and prevent real-time phishing attacks. It uses 2-way authentication and zero-knowledge password proof. Users are recommended to customize their user in...
متن کاملPoster: Towards a Model for Analysing Anti-Phishing Authentication Ceremonies
Phishing uses both social engineering and technical means to carry out attacks. Therefore, human factors incorrect human trust decisions play an important role in phishing. Many online authentication techniques place a disproportional burden on human abilities. Assumptions made about human-protocol behaviour are often flawed. In our approach we use the concept of a ceremony to analyse and impro...
متن کاملPhish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks
Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have ...
متن کاملMinimizing SSO Effort in Verifying SSL Anti-phishing Indicators
In an on-line transaction, a user sends her personal sensitive data (e.g., password) to a server for authentication. This process is known as Single Sign-On (SSO). Subject to phishing and pharming attacks, the sensitive data may be disclosed to an adversary when the user is allured to visit a bogus server. There has been much research in anti-phishing methods and most of them are based on enhan...
متن کامل