• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.213-218
• /
• 2021

This paper proposes a technique for detecting a significant threat that attempts to get sensitive and confidential information such as usernames, passwords, credit card information, and more to target an individual or organization. By definition, a phishing attack happens when malicious people pose as trusted entities to fraudulently obtain user data. Phishing is classified as a type of social engineering attack. For a phishing attack to happen, a victim must be convinced to open an email or a direct message [1]. The email or direct message will contain a link that the victim will be required to click on. The aim of the attack is usually to install malicious software or to freeze a system. In other instances, the attackers will threaten to reveal sensitive information obtained from the victim. Phishing attacks can have devastating effects on the victim. Sensitive and confidential information can find its way into the hands of malicious people. Another devastating effect of phishing attacks is identity theft [1]. Attackers may impersonate the victim to make unauthorized purchases. Victims also complain of loss of funds when attackers access their credit card information. The proposed method has two major subsystems: (1) Data collection: different websites have been collected as a big data corresponding to normal and phishing dataset, and (2) distributed detection system: different artificial algorithms are used: a neural network algorithm and machine learning. The Amazon cloud was used for running the cluster with different cores of machines. The experiment results of the proposed system achieved very good accuracy and detection rate as well.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.157-163
• /
• 2023

The attack technique targeting end-users through phishing URLs is very dangerous nowadays. With this technique, attackers could steal user data or take control of the system, etc. Therefore, early detecting phishing URLs is essential. In this paper, we propose a method to detect phishing URLs based on supervised learning algorithms and abnormal behaviors from URLs. Finally, based on the research results, we build a framework for detecting phishing URLs through end-users. The novelty and advantage of our proposed method are that abnormal behaviors are extracted based on URLs which are monitored and collected directly from attack campaigns instead of using inefficient old datasets.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.91-97
• /
• 2020

Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.9-19
• /
• 2015

The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.10
• /
• pp.349-360
• /
• 2015

In recent year, phishing attacks are flooding with services based on the web technology. Phishing is affecting online security significantly day by day with the vulnerability of web pages. To prevent phishing attacks, a lot of anti-phishing techniques has been made with their own advantages and dis-advantages respectively, but the phishing attack has not been eradicated completely yet. In this paper, we have studied phishing in detail and categorize a process of phishing attack in two parts - Landing-phase, Attack-phase. In addition, we propose an phishing detection methodology based on web sites heuristic. To extract web sites features, we focus on URL and source codes of web sites. To evaluate performance of the suggested method, set up an experiment and analyze its results. Our methodology indicates the detection accuracy of 98.9% with random forest algorithm. The evaluation of proof-of-concept reveals that web site features can be used for phishing detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.7
• /
• pp.1916-1934
• /
• 2023

The phishing attack is a malicious emerging threat on the internet where the hackers try to access the user credentials such as login information or Internet banking details through pirated websites. Using that information, they get into the original website and try to modify or steal the information. The problem with traditional defense systems like firewalls is that they can only stop certain types of attacks because they rely on a fixed set of principles to do so. As a result, the model needs a client-side defense mechanism that can learn potential attack vectors to detect and prevent not only the known but also unknown types of assault. Feature selection plays a key role in machine learning by selecting only the required features by eliminating the irrelevant ones from the real-time dataset. The proposed model uses Hyperparameter Optimized Artificial Neural Networks (H-ANN) combined with a Hybrid Firefly and Grey Wolf Optimization algorithm (H-FFGWO) to detect and block phishing websites in Internet of Things(IoT) Applications. In this paper, the H-FFGWO is used for the feature selection from phishing datasets ISCX-URL, Open Phish, UCI machine-learning repository, Mendeley website dataset and Phish tank. The results showed that the proposed model had an accuracy of 98.07%, a recall of 98.04%, a precision of 98.43%, and an F1-Score of 98.24%.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.12
• /
• pp.2753-2762
• /
• 2013

Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.313-320
• /
• 2015

While various phishing attacks are getting to be increased in constant, their response methods still stay on the stage of responding after identifying an attack. To detect a phishing site ahead of an attack, a method has been suggested with utilizing the Referer header field of HTTP. However, it has a limitation to implement a traffic gathering system for each of prospective target hosts. This paper presents a unknown phishing site detection method in the Interior network environment. Whenever a user try to connect a phishing site, its traffic is pre-processed with considering of the characteristics of HTTP protocol and phishing site. The phishing site detection phase detects a suspicious site under phishing with analysing HTTP content. To validate the proposed method, some evaluations were conducted with 100 phishing URLs along with 100 normal URLs. The experimental results show that our method achieves higher phishing site detection rate than that of existing detection methods, as 66% detection rate for the phishing URLs, and 0% false negative rate for the normal URLs.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.273-277
• /
• 2013

Phishing attacks have been implemented in smarter, more advanced ways with the passage of time. Hackers use intelligent phishing attacks to take over computers and to penetrate internal networks in major organizations. So, in this paper, a model for a prevention of phishing attack spread is conceptual designed in order to protect internal users and sensitive or important information from sophisticated phishing attacks. Internal users simultaneously utilize both external web and organizational mail services. And hackers can take the both side equally as a vector. Thus, packets in each service must be monitored and stored to recognize threatening elements from both sides. The model designed in this paper extends the mail server based security structure used in conventional studies for the protection of Internet mail services accessed by intranet users. This model can build a list of phishing sites as the system checks e-mails compared to that of the method that directly intercepts accesses to phishing sites using a proxy server, so it represents no standby time for request and response processes.