Defending the Weakest Link: Intrusion via Social Engineering
Lead Research Organisation:
University of York
Department Name: Computer Science
Abstract
Fraud has been with us since time immemorial. With the rise of cyberspace opportunities for fraud abound. Recent years has seen a dramatic increase in what have become known as 'phishing' attacks. The most obvious means is via email. You might receive an email purporting to be from a familiar organisation, e.g. your bank, indicating that some information they maintain on you is inaccurate. You are requested to click on a link that takes you to a web page where you are requested to enter confidential information, such as your account number and on-line banking password details (and other confidential information). The message might also threaten to suspend you account if you do not do so.On the face of it this is a plausible scenario. The messages and web site look authentic, but they are not. If you have responded as requested then your confidential details are now in the hands of a frauster. What you expected to be the result of your actions is not the actual result - though it may be a while (too late) before you realise this. Your model of the world is at odds with reality. But by scrutinising the email carefully can we deduce that it is likely to be a phishing attack?This project will investigate phishing attacks, attempting to extract features of attempted cons. We shall do this using our security expertise and experience informed by methodical empirical surveys carried out by an experienced psychology researcher.If we can formalise these features then we can attempt to automatically detect phishing attacks. The benefits of doing so are obvious. Phishing attacks may be short lived; they need only to persuade a few unfortunate naive people to fall for the con to have succeeded. We need to identify phishing attacks at the earliest opportunity. We aim to develop prototype tool support to determine the degree to which we can actually detect phishing attacks automatically and test it out initially in a campus environment (where user sophistication varies hugely).
Organisations
Publications
Blythe M
(2011)
F for fake
Dong X
(2010)
Defending the weakest link: phishing websites detection by analysing user behaviours
in Telecommunication Systems
John Andrew Clark (Author)
(2008)
Modelling User-Phishing Interaction
John Andrew Clark (Author)
(2011)
F for fake
Tapiador J
(2013)
The placement-configuration problem for intrusion detection nodes in wireless sensor networks
in Computers & Electrical Engineering
X Dong
(2008)
Detection of Phishing Websites by User Behaviours
| Description | The project demonstrated: a) a decision making model for the target of a phishing attack. This model is generic and asbtracts from specific phishing implementation details. b) a threat modeling technique to allow the threats arising from a user's engagement with a system. This is a useful addition to extant threat modelling approaches. c) the production of a protoype system that monitors the actions of a user and advises when they are about to release confidential information inappropriately. d) blind people exhibit robust strategies for identifying phish based on careful reading of emails. e) an analysis of phish as a literary form. This identifies the main literary device employed as pastiche and draws on critical theory to consider why security based pastiche may be currently very persuasive. |
| URL | http://www.cs.york.ac.uk/security/projDWL.html |