Global ETD Search

61	Towards a framework for securing a business against electronic identity theft Bechan, Upasna 30 November 2008 (has links) The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems) Phishing Identity theft Standards Qualitative Design science ISO/IEC 17799 Interviews Framework Security 005.8 Phishing Identity theft Identity theft -- Prevention Identity theft -- Prevention Computer -- Access control
62	Genus och säkerhetsbeteende : En litteraturstudie om kön och säkerhetsbeteende / Gender and security behavior : A literature study on gender and safety behavior Hadjimuradov, Abdulla January 2021 (has links) Vi lever i en tid där informationstekniken tar större och större plats i vardagen för varje år, både på jobbet och på fritiden. Det är en spännande tid där många delar av det vardagliga livet övergått till att bli mer digitalt. Samtidigt ställer denna digitalisering i allt högre utsträckning krav på användaren när det kommer till säkerheten för den personliga integriteten online. Med tanke på den exponentiella utveckling av digitaliseringen och informationsteknologin det senaste decenniet, är det intressant att söka utröna huruvida säkerhetsbeteendet bland användare har ökat i samma takt eller om säkerhetsbeteendet har halkat efter. Den genomförda litteraturstudien hade som mål att undersöka vilka skillnader relaterat till kön som identifierats inom tidigare informationssäkerhetsforskning. Olika kombinationer av sökbegrepp användes för att söka igenom fem databaser med hjälp av urvalskriterier för att hitta relevanta artiklar. Detta resulterade i 30 accepterade artiklar som genomgick en kvalitativ dataanalys med hjälp av tematisk analys. Undersökningen visade på att tidigare forskning hade identifierat vissa skillnader som relaterade till kön, men också att fler studier gällande könsskillnader inom informationssäkerhet behövs för att kunna förstå sig på mänskliga fel och för att kunna hitta åtgärder som förbättrar säkerhetsbeteendet och säkerhetsmedvetenheten bland människor. / We live in a time where information technology is taking up more and more space in everyday life for each year, both at work and in our free time. This is an exciting time where everything is becoming more digital, at the same time as everything is becoming more digital, demands are also being raised on all users. Given the drastic development of digitalization and information technology in the last decade, it is interesting to identify whether security behavior among users has increased at the same rate or whether security behavior has lagged behind. The aim of the completed literature study was to investigate the differences related to gender that had been identified in previous information security research. Different combinations of search terms are used to search through five databases using selection criteria to find relevant articles. Resulted in 30 accepted articles that underwent a qualitative data analysis using thematic analysis. The study showed that previous research identified certain differences related to gender, but also that more studies regarding gender differences in information security are needed to be able to understand human errors and to be able to find measures that improves security behavior and security awareness among people. Gender gender differences password phishing cybersecurity Kön könsskillnader lösenord phishing cybersäkerhet Information Systems, Social aspects
63	Estimating human resilience to social engineering attacks through computer configuration data : A literature study on the state of social engineering vulnerabilities / Uppskattning av försvar motattacker som använder social manipulering genom datorkonfigurationsdata Carlander-Reuterfelt Gallo, Matias January 2020 (has links) Social engineering as a method of attack is increasingly becoming a problem for both corporations and individuals. From identity theft to enormous financial losses, this form of attack is notorious for affecting complex structures, yet often being very simple in its form. Whereas for other forms of cyber- attack, tools like antivirus and antimalware are now industry standard, have proven to be reliable ways to keep safe private and confidential data, there is no such equivalent for social engineering attacks. There is not, as of this day, a trustworthy and precise way of estimating resilience to these attacks, while still keeping the private data private. The purpose of this report is to compile the different aspects of a users computer data that have been proven to significantly indicative of their susceptibility to these kinds of attacks, and with them, devise a system that can, with some degree of precision, estimate the resilience to social engineering of the user. This report is a literature study on the topic of social engineering and how it relates to computer program data, configuration and personality. The different phases of research each led to a more comprehensive way of linking the different pieces of data together and devising a rudimentary way of estimating human resilience to social engineering through the observation of a few configuration aspects. For the purposes of this report, the data had to be reasonably accessible, respecting privacy, and being something that can be easily extrapolated from one user to another. Based on findings, ranging from psychological data and behavioral patterns, to network configurations, we conclude that, even though there is data that supports the possibility of estimating resilience, there is, as of this day, no empirically proven way of doing so in a precise manner. An estimation model is provided by the end of the report, but the limitations of this project did not allow for an experiment to prove its validity beyond the theories it is based upon. / Social Manipulering som attackmetod har blivit ett ökande problem både för företag och individer. Från identitetsstöld till enorma ekonomiska förluster, är denna form av attack känd för att kunna påverka komplexa system, men är ofta i sig mycket enkel i sin form. Medans andra typer av cyberattacker kan skyddas med verktyg som antivirus och antimalware och tillförlitligt hålla privat och konfidentiell information säker så finns det inga motsvarande verktyg för att skydda sig mot Social Manipulering attacker. Det finns alltså inte idag ett pålitligt och säkert sätt att motstå Social Manipulering attacker och skydda personliga uppgifter och privat data. Syftet med denna rapport är att visa olika aspekterna hur datoranvändares data är sårbarhet för dessa typer av attacker, och med dessa utforma ett system som med viss mån av precision kan mäta resiliens mot Social Manipulering. Rapporten är ett resultat av studier av litteratur inom ämnet Social Manipulering och hur den relaterar sig till datorns data, konfiguration och personuppgifter. De olika delarna av utredningen leder var och en till ett mer omfattande sätt att koppla samman de olika uppgifterna och utforma ett rudimentärt sätt att uppskatta en persons resiliens mot Social Manipulering, detta genom att observera olika aspekter av datorns konfiguration. För syftet av rapporten så har uppgifterna varit rimligt tillgängliga, har respekterat integriteten och varit något som lätt kan anpassas från en användare till en annan. Baserat på observationerna av psykologiska data, beteendemönster och nätverkskonfigurationer, så kan vi dra slutsatsen att även om det finns data som stöder möjligheten att uppskatta resiliens, finns det idag inget empiriskt bevisat sätt att göra det på ett exakt sätt. En exempel av modell för att uppskatta resiliens finns i slutet av rapporten. Ramen för detta projekt gjorde det inte möjligt att göra ett praktiskt experiment för att validera teorierna. Internet security Social engineering Phishing Privacy Computer configuration Psychology. Internet säkerhet Social manipulering Phishing Integritet Datorkonfiguration Psykologi. Other Computer and Information Science Annan data- och informationsvetenskap
64	Phishing Susceptibility and Mitigation in the 2FA Context : An Investigation of How the Interplay of Psychological and Individual Factors and UX Design Can Influence Users’ Decisions to Login to a Suspicious Website Gerken, Jorina Freya, Wang, Zhaoying January 2024 (has links) Phishing is a form of social engineering, in which attackers attempt to trick victims with e-mails designed to look like legitimate requests (Vishwanath et al., 2011), aiming “to exploit human error or human behaviour with the objective of gaining access to information or services” (European Union Agency for Cybersecurity [ENISA], 2023, p. 7). According to the ENISA Threat Landscape 2023 report, phishing is the most prevalent form of social engineering and predicted to continue posing a significant threat to users (ENISA, 2023). In this, attackers have also already succeeded in circumventing second-factor authentication (2FA) (ENISA, 2023). This thesis aimed to contribute to the ongoing research concerning the mitigation of social engineering attacks by investigating phishing susceptibility and a UX-based mitigation approach in the context of 2FA, which to the best of our knowledge had not been previously researched. Based on prior research in other contexts, stress, attention, elaboration, involvement and 2FA frequency were identified as potentially relevant factors. Under consideration of these factors, a 2FA implementation was designed, combining automated URL verification with verification-basedwarnings. An online study (N = 94) was conducted to investigate how the posited susceptibility factors as well as the UX design can influence users’ decisions to abort or proceed with logging in to a suspicious website. In this, a between-subject study design was used to investigate howmuch of an impact specifically the “opinionatedness” of a warning design, i.e. its “use of visual design cues to promote a recommended course of action” (Felt et al., 2015, p. 2893), can have in the 2FA context compared to an otherwise identical design offering a neutral choice. In the collected sample, involvement had a significant negative effect on the likelihood to proceed with the login, in accordance with its posited influence. In addition, confidence in the decision made was discovered as another potential predictor, also showing a significant negativeeffect on the likelihood to proceed in the collected sample. The observed effect of the opinionated design can be seen to contradict the posited assumption that users would be more likely to go with the promoted action. However, overall, the results can be seen to suggest thattaking susceptibility factors into consideration when designing 2FA implementations might be a promising approach towards phishing mitigation. Further research is needed to validate these indications, due to the insufficient sample size and use of convenience sampling in this thesis. phishing susceptibility phishing mitigation 2FA second-factor authentication psychological factors involvement confidence in the decision made warning design opinionated design Elektroteknik och elektronik
65	Deriving classifiers with single and multi-label rules using new Associative Classification methods Abdelhamid, Neda January 2013 (has links) Associative Classification (AC) in data mining is a rule based approach that uses association rule techniques to construct accurate classification systems (classifiers). The majority of existing AC algorithms extract one class per rule and ignore other class labels even when they have large data representation. Thus, extending current AC algorithms to find and extract multi-label rules is promising research direction since new hidden knowledge is revealed for decision makers. Furthermore, the exponential growth of rules in AC has been investigated in this thesis aiming to minimise the number of candidate rules, and therefore reducing the classifier size so end-user can easily exploit and maintain it. Moreover, an investigation to both rule ranking and test data classification steps have been conducted in order to improve the performance of AC algorithms in regards to predictive accuracy. Overall, this thesis investigates different problems related to AC not limited to the ones listed above, and the results are new AC algorithms that devise single and multi-label rules from different applications data sets, together with comprehensive experimental results. To be exact, the first algorithm proposed named Multi-class Associative Classifier (MAC): This algorithm derives classifiers where each rule is connected with a single class from a training data set. MAC enhanced the rule discovery, rule ranking, rule filtering and classification of test data in AC. The second algorithm proposed is called Multi-label Classifier based Associative Classification (MCAC) that adds on MAC a novel rule discovery method which discovers multi-label rules from single label data without learning from parts of the training data set. These rules denote vital information ignored by most current AC algorithms which benefit both the end-user and the classifier's predictive accuracy. Lastly, the vital problem related to web threats called 'website phishing detection' was deeply investigated where a technical solution based on AC has been introduced in Chapter 6. Particularly, we were able to detect new type of knowledge and enhance the detection rate with respect to error rate using our proposed algorithms and against a large collected phishing data set. Thorough experimental tests utilising large numbers of University of California Irvine (UCI) data sets and a variety of real application data collections related to website classification and trainer timetabling problems reveal that MAC and MCAC generates better quality classifiers if compared with other AC and rule based algorithms with respect to various evaluation measures, i.e. error rate, Label-Weight, Any-Label, number of rules, etc. This is mainly due to the different improvements related to rule discovery, rule filtering, rule sorting, classification step, and more importantly the new type of knowledge associated with the proposed algorithms. Most chapters in this thesis have been disseminated or under review in journals and refereed conference proceedings. 600
66	Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework Al-Hamar, Mariam Khalid January 2010 (has links) In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government. 364.16
67	Phishing website detection using intelligent data mining techniques : design and development of an intelligent association classification mining fuzzy based scheme for phishing website detection with an emphasis on e-banking Abur-rous, Maher Ragheb Mohammed January 2010 (has links) Phishing techniques have not only grown in number, but also in sophistication. Phishers might have a lot of approaches and tactics to conduct a well-designed phishing attack. The targets of the phishing attacks, which are mainly on-line banking consumers and payment service providers, are facing substantial financial loss and lack of trust in Internet-based services. In order to overcome these, there is an urgent need to find solutions to combat phishing attacks. Detecting phishing website is a complex task which requires significant expert knowledge and experience. So far, various solutions have been proposed and developed to address these problems. Most of these approaches are not able to make a decision dynamically on whether the site is in fact phished, giving rise to a large number of false positives. This is mainly due to limitation of the previously proposed approaches, for example depending only on fixed black and white listing database, missing of human intelligence and experts, poor scalability and their timeliness. In this research we investigated and developed the application of an intelligent fuzzy-based classification system for e-banking phishing website detection. The main aim of the proposed system is to provide protection to users from phishers deception tricks, giving them the ability to detect the legitimacy of the websites. The proposed intelligent phishing detection system employed Fuzzy Logic (FL) model with association classification mining algorithms. The approach combined the capabilities of fuzzy reasoning in measuring imprecise and dynamic phishing features, with the capability to classify the phishing fuzzy rules. Different phishing experiments which cover all phishing attacks, motivations and deception behaviour techniques have been conducted to cover all phishing concerns. A layered fuzzy structure has been constructed for all gathered and extracted phishing website features and patterns. These have been divided into 6 criteria and distributed to 3 layers, based on their attack type. To reduce human knowledge intervention, Different classification and association algorithms have been implemented to generate fuzzy phishing rules automatically, to be integrated inside the fuzzy inference engine for the final phishing detection. Experimental results demonstrated that the ability of the learning approach to identify all relevant fuzzy rules from the training data set. A comparative study and analysis showed that the proposed learning approach has a higher degree of predictive and detective capability than existing models. Experiments also showed significance of some important phishing criteria like URL & Domain Identity, Security & Encryption to the final phishing detection rate. Finally, our proposed intelligent phishing website detection system was developed, tested and validated by incorporating the scheme as a web based plug-ins phishing toolbar. The results obtained are promising and showed that our intelligent fuzzy based classification detection system can provide an effective help for real-time phishing website detection. The toolbar successfully recognized and detected approximately 92% of the phishing websites selected from our test data set, avoiding many miss-classified websites and false phishing alarms. 006.3
68	Examining Multiple Stages of Protective Behavior of Information System End-Users Burns, Mary B. January 2012 (has links) The adage, "old habits die hard", is especially relevant when humans learn new protective behaviors (i.e., dental flossing, IS security behaviors). The foundation that underlies many social-cognitive theories used in IS research is that intention to change predicts actual behavior change. Despite intentions to change, humans do not always change their habits due to actual or perceived obstacles, for example. In this study, user behavior, particularly with respect to vigilance over phishing attempts, was investigated via the theoretical lens of a hybrid continuum-stage behavior change model adapted from health-related fields. This type of model helps us to understand whether there are qualitatively different stages for adopting a more vigilant action plan toward phishing attempts, the number and ordering of distinct stages that a user must move through between forming an intention and subsequent behavior, what characterizes those stages, and how appropriate interventions at these stages can move a user to a higher stage of vigilant behavior. The goal of this research was to gain a better understanding of: a) whether there are distinct stages that distinguish end-users' vigilance toward phishing attempts; b) how many qualitatively different stages there are; and, c) what characterizes these stages. This study profiled IS end-users based on the model's constructs (e.g., coping self-efficacy, intention, action/coping planning, and risk perception) that examined end-users' protective behavior toward phishing attempts. In an exploratory analysis of survey data, stages of IS end-users were determined via cluster analysis techniques (hierarchical followed by K-means). A survey was administered to respondents (n= 394). Next, an agglomerative hierarchical cluster analysis using within-groups method of average linkage and Euclidean distance measures was performed on the model's constructs. Three clusters emerged as the optimal number to be used in the subsequent K-means cluster analysis. After conducting analyses for stability and validity for the 3-cluster solution, I compared the means of the model's constructs to develop profiles for the distinct three stages. I conclude that exploratory cluster analysis is an effective technique to discover natural groupings for protective behavior of IS end-users and propose future research to investigate stage-appropriate interventions to move users to higher stages. Phishing Stage models Management Information Systems IS end-users IS Security
69	Projeto de um dispositivo de autenticação e assinatura. / Design and implementation of an authentication device. Vieira, Gustavo Yamasaki Martins 15 October 2007 (has links) Atualmente o uso de senhas, método comum para efetuar autenticação em páginas da internet, mostra-se uma alternativa com problemas de segurança devido ao aumento de ataques baseados em spyware e phishing. O objetivo desses ataques é obter a senha do usuário, isto é, sua identidade digital sem que o usuário perceba o ocorrido. Para conter esse tipo de ataque, instituições financeiras começaram a adotar a autenticação forte, técnica que emprega o uso simultâneo de múltiplos autenticadores. A combinação das vantagens dos diferentes autenticadores resulta em uma atenuação mútua de suas vulnerabilidades e, em conseqüência, um método mais seguro de verificação de identidade. Esse trabalho apresenta o projeto e a implementação de um dispositivo de autenticação, permitindo combinar o uso de senhas e autenticadores baseados em objeto. As principais características do dispositivo são o seu custo reduzido e o uso de algoritmos criptográficos com código aberto. Algoritmos de código aberto possuem a sua segurança averiguada de forma ampla e independente, característica que dá maior confiabilidade ao sistema, permitindo a qualquer pessoa avaliar o código executado pelo dispositivo. / Currently, password-based authentication is the most widespread identity verification method for web pages access. However it presents security issues due to the growth of attacks based on spywares and phishing. The main purpose of both techniques is the digital identity theft, that is, stealing users\' passwords in an unnoticed way. In order to counter this type of attack, many financial institutions have adopted strong authentication, a technique that employs a simultaneous use of different authentication factors. By synergistically combining the advantages of distinct factors, such arrangement results in the mutual mitigation of the vulnerabilities of each one, yielding an architecturally safer identity verification method. This work presents the design and implementation of an authentication device, which combines passwordbased and object-based authenticators. Its main distinguishing features are the reduced cost and the use of open sourced cryptographic algorithms. Open source algorithms have their security widely and independently verified, a characteristic that helps increase the system\'s reliability, since third parties may check the source code running on the device. Authentication Phishing Scam Security Segurança na internet Token
70	Projeto de um dispositivo de autenticação e assinatura. / Design and implementation of an authentication device. Gustavo Yamasaki Martins Vieira 15 October 2007 (has links) Atualmente o uso de senhas, método comum para efetuar autenticação em páginas da internet, mostra-se uma alternativa com problemas de segurança devido ao aumento de ataques baseados em spyware e phishing. O objetivo desses ataques é obter a senha do usuário, isto é, sua identidade digital sem que o usuário perceba o ocorrido. Para conter esse tipo de ataque, instituições financeiras começaram a adotar a autenticação forte, técnica que emprega o uso simultâneo de múltiplos autenticadores. A combinação das vantagens dos diferentes autenticadores resulta em uma atenuação mútua de suas vulnerabilidades e, em conseqüência, um método mais seguro de verificação de identidade. Esse trabalho apresenta o projeto e a implementação de um dispositivo de autenticação, permitindo combinar o uso de senhas e autenticadores baseados em objeto. As principais características do dispositivo são o seu custo reduzido e o uso de algoritmos criptográficos com código aberto. Algoritmos de código aberto possuem a sua segurança averiguada de forma ampla e independente, característica que dá maior confiabilidade ao sistema, permitindo a qualquer pessoa avaliar o código executado pelo dispositivo. / Currently, password-based authentication is the most widespread identity verification method for web pages access. However it presents security issues due to the growth of attacks based on spywares and phishing. The main purpose of both techniques is the digital identity theft, that is, stealing users\' passwords in an unnoticed way. In order to counter this type of attack, many financial institutions have adopted strong authentication, a technique that employs a simultaneous use of different authentication factors. By synergistically combining the advantages of distinct factors, such arrangement results in the mutual mitigation of the vulnerabilities of each one, yielding an architecturally safer identity verification method. This work presents the design and implementation of an authentication device, which combines passwordbased and object-based authenticators. Its main distinguishing features are the reduced cost and the use of open sourced cryptographic algorithms. Open source algorithms have their security widely and independently verified, a characteristic that helps increase the system\'s reliability, since third parties may check the source code running on the device. Segurança na internet Authentication Phishing Scam Security Token

Search results