1 |
Towards a framework for securing a business against electronic identity theftBechan, Upasna 30 November 2008 (has links)
The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems)
|
2 |
Towards a framework for securing a business against electronic identity theftBechan, Upasna 30 November 2008 (has links)
The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems)
|
3 |
Phishing within e-commerce: reducing the risk, increasing the trustMegaw, Gregory M January 2010 (has links)
E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
|
4 |
New method for learning decision trees from rules and its illustration for online identity application fraud detectionAbdelhalim, Amany 10 November 2010 (has links)
A decision tree is a graph or model for representing all the alternatives in a decision making process. Most of the methods that generate decision trees for a specific problem use examples of data instances in the decision tree generation process. We propose a new method called "RBDT-1"- rule based decision tree -for learning a decision tree from a set of decision rules that cover the data instances. RBDT-l method uses a set of declarative rules as an input for generating a decision tree. The method's goal is to create on-demand a short and accurate decision tree from a stable or dynamically changing set of rules. The rules used by RBDT-1 could be generated either by an expert or induced directly from a rule induction method or indirectly by extracting them from a decision tree.
We conduct a comparative study of RBDT-1 with four existing decision tree methods based on different problems. The outcome of the study shows that in terms of tree complexity (number of nodes and leaves in the decision tree) RBDT-1 compares favorably to AQDT-1 and AQDT-2 which are methods that create decision trees from rules. RBDT-1 compares favorably also to ID3 while is as effective as C4.5 where both (ID3 and C4.5) are famous methods that generate decision trees from data examples. Experiments show that the classification accuracies of the different decision trees produced by the different methods under comparison are equal. To illustrate how RBDT-1 can successfully be applied to an existing real life problem that could benefit from the method, we choose identity application fraud detection. We designed a new unsupervised framework to detect fraudulent applications for identity certificates by extracting identity patterns from the web, and crossing these patterns with information contained in the application forms in order to detect inconsistencies or anomalies. The outcome of this process is submitted to a decision tree classifier generated using RBDT-1 on the fly from a rule base which is derived from heuristics and expert knowledge, and updated as more information are obtained on fraudulent behavior. We evaluate the proposed framework by collecting real identity information online and generating synthetic fraud cases, achieving encouraging performance results.
|
Page generated in 0.1609 seconds