COUNTERACTING PHISHING THROUGH HCI: DETECTING ATTACKS AND WARNING USERS



Similar documents
for High Performance Computing

An Enterprise Modeling Framework for Banks using. Algebraic Graph Transformation

Using Data Type Based Security Alert Dialogs to Raise Online Security Awareness

Multi-Channel Distribution Strategies in the Financial Services Industry

Targeted Advertising and Consumer Privacy Concerns Experimental Studies in an Internet Context

Buyout and Distressed Private Equity: Performance and Value Creation

TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES

Customer Intimacy Analytics

The Impact of Extended Validation (EV) Certificates on Customer Confidence

Boom and Bust Cycles in Scientific Literature A Toolbased Big-Data Analysis

Introduction to Geventis. Registration for the MIN Graduate School (MINGS)

Privacy-preserving Infrastructure for. Social Identity Management

Layered security in authentication. An effective defense against Phishing and Pharming

anomaly, thus reported to our central servers.

Engineering Design. Software. Theory and Practice. Carlos E. Otero. CRC Press. Taylor & Francis Croup. Taylor St Francis Croup, an Informa business

E-Commerce Design and Implementation Tutorial

THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY INFRONT WEBWORKS.

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Designing and Coding Secure Systems

Contents. Assessing Social Media Security. Chapter! The Social Media Security Process 3

Comprehensive real-time protection against Advanced Threats and data theft

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

GrinMark Outlook 365 Plugin for SugarCRM Getting Started

Introduction. Chapter 1 Why Understanding Your Web Traffic Is Important to Your Business 3

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

Delivering Business Intelligence With Microsoft SQL Server 2005 or 2008 HDT922 Five Days

REQUEST FOR QUOTATION YOU ARE HEREBY INVITED TO SUBMIT QUOTATIONS TO THE WATER RESEARCH COMMISSION. 60 Days (COMMENCING FROM RFQ CLOSING DATE)

Introduction to Windchill Projectlink 10.2

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

User Guidance in Business Process Modelling

Personal Data & Privacy Policy Statement

ischool 2-Year Course Plan Summer 2015-Summer 2016 College Park Campus = CP; Shady Grove Campus = SG; SGO = Online

Cyber security standard

Masters in Human Computer Interaction

Masters in Advanced Computer Science

Optimized Scheduling in Real-Time Environments with Column Generation

Masters in Artificial Intelligence

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

SSL VPN Service. To get started using the NASA IV&V/WVU SSL VPN service, you must verify that you meet all required criteria specified here:

The Essential Guide to User Interface Design An Introduction to GUI Design Principles and Techniques

tj.jmffliim.upij II, 14 1" H'H'.i.U.' Threat Modeling Designing for Security Adam Shostack WILEY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Usability Evaluation of Modeling Languages

Overview of sharing and collaborating on Excel data

Masters in Information Technology

SSL VPN INSTALLATION, UPGRADE, USAGE INSTRUCTIONS Windows XP

Faking Extended Validation SSL Certificates in Internet Explorer 7

Cybercrime in Canadian Criminal Law

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5

Myths about Criminal Justice 17 Summary 18 Key Terms 19 Review Questions 19 In the Field 20 On the Net 20 Critical Thinking Exercises 20

Rational AppScan & Ounce Products

Tuning Tips & Techniques

Computer Security Literacy

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

ICE Trade Vault. Public User & Technology Guide June 6, 2014

MEng, BSc Applied Computer Science

No. 29 February 12, The President

Satellite-UMTS - Specification of Protocols and Traffic Performance Analysis

Network Security. Chapter 1 Introduction. Network Security IN2101. Georg Carle. Course organization

Keywords Anti-Phishing, Phishing, MapReduce, Hadoop, Machine learning

OCR LEVEL 3 CAMBRIDGE TECHNICAL

System Specification. Author: CMU Team

How To Develop A Business Model For Big Data Driven Innovation

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Masters in Computing and Information Technology

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Contents. BBS Software as a Service (SaaS),7. EH introducing aoudco.pu.ing 1. Distinguishing Cloud Types 4. Exploring

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

Masters in Networks and Distributed Systems

Measuring Data Quality for Ongoing Improvement

MEng, BSc Computer Science with Artificial Intelligence

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

Contents Introduction xxvi Chapter 1: Understanding the Threats: Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

C ONTENTS. Acknowledgments

No. 30 February 16, The President

Learn AX: A Beginner s Guide to Microsoft Dynamics AX. Managing Users and Role Based Security in Microsoft Dynamics AX Dynamics101 ACADEMY

Data Mining: Concepts and Techniques. Jiawei Han. Micheline Kamber. Simon Fräser University К MORGAN KAUFMANN PUBLISHERS. AN IMPRINT OF Elsevier

Biometric Recognition s Role in Identity Management

Cisco ASA 5500 Series Content Security Edition for the Enterprise

Transcription:

COUNTERACTING PHISHING THROUGH HCI: DETECTING ATTACKS AND WARNING USERS DISSERTATION an der Fakultat fur Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universitat Munchen vorgelegt von Diplom-Medieninformatiker MAX-EMANUEL MAURER Munchen, den 15. Dezember 2013 http://d-nb.info/1052433693

TABLE OF CONTENTS List of Figures xvii I INTRODUCTION 1 1 Introduction 3 1.1 Usable Security 4 1.1.1 Usable Warning Design 5 1.2 Problem Statement 5 1.3 Protection: Detection plus Intervention 6 1.4 Technical Terms of Detection 7 1.5 Main Contributions 9 1.6 Structure 9 2 The Act of Phishing 13 2.1 What is a Phishing Attack? 13 2.2 The Need to Counteract 16 2.3 Phishing Attack Overview 18 2.3.1 The Lifecycle of a Phishing Attack 18 2.3.2 Attacks out of Scope 24 2.3.3 Attacks in Scope: Impersonation 25 2.4 A Brief History of Phishing and a Possible Future Outlook 27 2.4.1 The Term "Phishing" 27 2.5 Design Space of Current Phishing Attacks 30 2.5.1 Typical Phishing Examples 31 2.6 Looking at Today's Browsers: Security Indicators in Use 33 3 Related Work 39 3.1 The Phishing Problem 39 3.1.1 Phishing in Numbers 40

xii TABLE OF CONTENTS 3.1.2 Who is Falling for Phishing and Why? 43 3.2 The Current State of Detection Methods 45 3.2.1 Black- and Whitelists 46 3.2.2 Security Toolbars 47 3.2.3 Virus Scanners 47 3.2.4 Typo Checkers 48 3.2.5 Law Enforcement and Website Takedown 48 3.2.6 Changing The Internet Architecture 48 3.3 The Current State of User Intervention 49 3.3.1 Classical Warning Research 49 3.3.2 Computer-Specific Warning Literature 51 3.4 Phishing Education 53 3.5 Research Concepts for Detection 54 3.5.1 General Phishing Defense 55 3.5.2 Detection Attempts for Different Features 56 3.5.3 Making Use of a Community 63 3.6 Research Concepts for User Intervention 64 3.6.1 Adaptive Dialogs 64 3.6.2 Guidelines and Applications Thereof 65 3.7 User Study Methodology 68 II PROTECTION THROUGH HCI 73 4 Overview of Research Covered 75 4.1 Delimitation to Related Work 75 4.2 Main Research Classification 77 4.3 Research Questions 78 4.4 Project Overview 79 5 Nine Research Projects on Phishing and Usability 83 5.1 Phishing Website Test Set 84 5.1.1 What Should a Phishing Test Set Look Like? 84 5.1.2 Collection Phase 85 5.1.3 Postprocessing 88 5.1.4 The Final Test Set 90 5.1.5 Findings from of the Test Set Data 90

TABLE OF CONTENTS xiii 5.1.6 Application of The Test Set 95 5.1.7 Research Results 97 5.2 SecurityGuard Website Status Rollup 98 5.2.1 Yet Another Status Toolbar? 99 5.2.2 Designing the Extension 100 5.2.3 Implementation 105 5.2.4 User Study 106 5.2.5 Discussion and Limitations 108 5.2.6 Research Results 110 5.3 Community-based Rating Intervention 113 5.3.1 The Real World Example: Web Of Trust 113 5.3.2 Community-Based Security Research 114 5.3.3 Building the Prototype 114 5.3.4 User Study Evaluation 117 5.3.5 Discussions and Limitations 120 5.3.6 Research Results 121 5.4 Spell Checking to Detect Fraudulent Websites 122 5.4.1 Detecting Phishing URLs 123 5.4.2 Detector Evaluation 126 5.4.3 Results 128 5.4.4 Discussion and Limitations 131 5.4.5 Research Results 132 5.4.6 Possible User Intervention for the Approach 133 5.5 Data Type Based Security Dialogs 133 5.5.1 User Intervention Concept 135 5.5.2 The First Prototype 137 5.5.3 Detecting the Data Types 137 5.5.4 Lab Evaluation 139 5.5.5 The Second Prototype 141 5.5.6 Field Evaluation 142 5.5.7 Second Lab Evaluation 144 5.5.8 Discussion and Limitations 145 5.5.9 Research Results 146 5.6 Enhancing SSL Awareness in Web Browsers 148 5.6.1 The Concept of SSLPersonas 148 5.6.2 Redesigning SSL Warning Messages 150 5.6.3 Lab Evaluation 151 5.6.4 Field Evaluation 154 5.6.5 Discussion, Limitations and Future Enhancements 155 5.6.6 Research Results 157

xiv TABLE OF CONTENTS 5.7 Diminishing Visual Brand Trust 159 5.7.1 The Concept of Destroying Content Trust 159 5.7.2 Focus Group 161 5.7.3 The Final Plugin 164 5.7.4 User Study Evaluation 165 5.7.5 Discussion and Limitations 170 5.7.6 Research Results 170 5.8 Visual Image Comparison For Phishing Detection and Reporting 172 5.8.1 Concept: Detecting Phishing Through Visual Similarity 172 5.8.2 Detector Architecture 174 5.8.3 Evaluating the Detector 176 5.8.4 User Intervention Design 183 5.8.5 User Intervention Evaluation 184 5.8.6 User. Intervention Discussion 188 5.8.7 Research Results 189 5.9 The User Study Web Browser 192 5.9.1 Web Browsers Usage in Today's Experiments 192 5.9.2 Universal Browser Manipulation 194 5.9.3 Developing the Extension 195 5.9.4 User Study: Validating the Extension 198 5.9.5 Research Results 201 6 Aggregated Results and Derived Recommendations 205 6.1 Answers to the Research Questions 205 6.1.1 Phishing Detection 206 6.1.2 User Intervention 213 6.2 From Phishing To General Security 219 6.3 Detector and User Intervention Model 219 7 Recommendations and Guidelines 223 7.1 A Utopia of Anti-Phishing 223 7.1.1 Achieving the Best Detection 224 7.1.2 Optimal User Intervention 225 7.1.3 Future Proof Methods 226 7.1.4 A Web Without Phishing? 226 7.2 Evaluation Recommendations 227 7.2.1 Preparation 227 7.2.2 Ethics and Privacy 231

TABLE OF CONTENTS xv 7.2.3 Execution 232 7.2.4 Analysis 235 III CONCLUSIONS 239 8 Conclusions and Future Work 241 8.1 Summarizing This Thesis 241 8.2 Open and Future Work 242 8.3 A Final Take Home Message 244 IV BIBLIOGRAPHY 245 Bibliography 247 V APPENDIX 275 Index 281

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information