Ir al contenido

Documat

Caracterización de los ataques de phishing y técnicas para mitigarlos. Ataques: una revisión sistemática de la literatura

  • Benavides , Eduardo [1] ; Fuertes, Walter [1] ; Sanchez , Sandra [1]
    1. [1] Escuela Politécnica Nacional

      Escuela Politécnica Nacional

      Quito, Ecuador

  • Localización: Revista Ciencia y Tecnología, ISSN-e 1390-4043, ISSN 1390-4051, Vol. 13, Nº. 1 (January - June 2020), 2020, págs. 97-104
  • Idioma: español
  • DOI: 10.18779/cyt.v13i1.357
  • Títulos paralelos:
    • Characterization of Phishing Attacks and Techniques to Mitigate These Attacks: A Systematic Review of The Literature
  • Enlaces
  • Resumen
    • español

      En la Seguridad Informática, no importa queequipamiento de Software o Hardware se tengainstalado, porque siempre el eslabón más débil en estacadena de seguridad es el usuario final. De esta premisase valen los diferentes tipos de ataque de IngenieríaSocial, cuyo objetivo principal es obtener informacióncasi directamente de los usuarios, con la finalidad deusar esta información en contra de ellos mismos.Existen varios vectores de ataque de Ingeniería Social,entre los que sobresalen: páginas web falsificadas,mensajes malignos en redes sociales, y correos malignosque piden información confidencial de los usuarios oincluso pueden redireccionar a los usuarios a una páginaweb falsificada (Phishing). El objetivo de este trabajo esproveer a los usuarios finales y a otros investigadores,una visión de los tipos de ataques de Phishing existentesy de cómo estos pueden ser mitigados. Para esto,primeramente, se realiza una revisión sistemática dela literatura en las principales fuentes científicas, paracaracterizar y clasificar los diferentes tipos de ataquede ingeniería social, y posteriormente, se exponen yclasifican los medios por los que estos ataques puedenser mitigados, que van desde la concientización alusuario, hasta la utilización de técnicas de MachineLearning y Deep Learning

    • English

      In Computer Security, it does not matter whichSoftware or Hardware equipment is installed, becausealways the weakest link in this security chain, is the enduser. From this premise are used the different types ofSocial Engineering attacks, whose main objective isto obtain information almost directly from the users,with the purpose of using this information againstthemselves. There are several attack vectors of SocialEngineering, among which stand out: fake web pages,malign messages on social networks, and maliciousemails that ask for confidential information from usersor even redirect users to a fake web page (Phishing).The objective of this paper is to provide end users andother researchers with a look at the types of Phishingattacks that exist, and how they can be mitigated. Forthis, first, a systematic review of the literature in themain scientific sources is carried out, to characterizeand classify the different types of Phishing attacks, andsubsequently, the means by which these attacks can bemitigated are exposed and classified, ranging from auser awareness to the use of Machine Learning (ML)and Deep Learning (DL) techniques.

  • Referencias bibliográficas
    • [1] J. Hajgude and L. Ragha, “Phish mail guard: Phishing mail detection technique by using textual and URL analysis,” in 2012 World Congress...
    • [2] S. Marchal, G. Armano, T. Grondahl, K. Saari, N. Singh, and N. Asokan, “Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention...
    • [3] C. Whittaker, B. Ryner, and M. Nazif, “Large-Scale Automatic Classification of Phishing Pages.”
    • [4] E. Á. Herrera Calderón and E. Ángel, “El Phishing como Delito Informático y su Falta de Tipificación en el Código Orgánico Integral Penal.,”...
    • [5] W. D. Yu, S. Nargundkar, and N. Tiruthani, “A phishing vulnerability analysis of web based systems,” in 2008 IEEE Symposium on Computers...
    • [6] “Details of the RSA Hack - Schneier on Security,” Schneier on Security, 2011. [Online]. Available: https://www.schneier.com/ blog/archives/2011/08/details_of_the.html....
    • [7] “Lockheed Martin Hack Linked to RSA’s SecurID Breach - Schneier on Security,” Scheneier, 2011. [Online]. Available: https://www.schneier.com/blog/archives/2011/05/lockheed_ martin.html....
    • [8] B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, “Fighting against phishing attacks: state of the art and future challenges,” Neural...
    • [9] B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey, and S. Linkman, “Systematic literature reviews in software engineering...
    • [10] F. Toolan and J. Carthy, “Phishing detection using classifier ensembles,” in 2009 eCrime Researchers Summit, 2009, pp. 1–9.
    • [11] S. Gupta, A. Singhal, and A. Kapoor, “A literature survey on social engineering attacks: Phishing attack,” in 2016 International Conference...
    • [12] A. N. Shaikh, A. M. Shabut, and M. A. Hossain, “A literature review on phishing crime, prevention review and investigation of gaps,”...
    • [13] S. Marchal, K. Saari, N. Singh, and N. Asokan, “Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets,” in...
    • [14] H. Aldawood and G. Skinner, “Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review,” in 2018 IEEE...
    • [15] F. Mouton, M. M. Malan, L. Leenen, and H. S. Venter, “Social engineering attack framework,” in 2014 Information Security for South Africa,...
    • [16] J. Long and K. D. (Kevin D. Mitnick, No tech hacking : a guide to social engineering, dumpster diving, and shoulder surfing. Syngress,...
    • [17] E. U. Osuagwu, G. A. Chukwudebe, T. Salihu, and V. N. Chukwudebe, “Mitigating social engineering for improved cybersecurity,” in 2015...
    • [18] S. Uebelacker and S. Quiel, “The Social Engineering Personality Framework,” in 2014 Workshop on Socio-Technical Aspects in Security and...
    • [19] M. Bezuidenhout, F. Mouton, and H. S. Venter, “Social engineering attack detection model: SEADM,” in 2010 Information Security for South...
    • [20] F. Mouton, L. Leenen, and H. S. Venter, “Social Engineering Attack Detection Model: SEADMv2,” in 2015 International Conference on Cyberworlds...
    • [21] F. Mouton, A. Nottingham, L. Leenen, and H. . Venter, “Finite State Machine for the Social Engineering Attack Detection Model: SEADM,”...
    • [22] F. L. Greitzer, J. R. Strozer, S. Cohen, A. P. Moore, D. Mundie, and J. Cowley, “Analysis of Unintentional Insider Threats Deriving from...
    • [23] A. Vazhayil, R. Vinayakumar, and K. Soman, “Comparative Study of the Detection of Malicious URLs Using Shallow and Deep Networks,” in...
    • [24] W. Chen, W. Zhang, and Y. Su, “Phishing Detection Research Based on LSTM Recurrent Neural Network,” Springer, Singapore, 2018, pp. 638–645.
    • [25] J. Zhao, N. Wang, Q. Ma, and Z. Cheng, “Classifying Malicious URLs Using Gated Recurrent Neural Networks,” Springer, Cham, 2019, pp....
    • [26] S. Selvaganapathy, M. Nivaashini, and H. Natarajan, “Deep belief network based detection and categorization of malicious URLs,” Inf....
    • [27] J. Zhang and X. Li, “Phishing Detection Method Based on Borderline-Smote Deep Belief Network,” Springer, Cham, 2017, pp. 45–53.
    • [28] P. Yi, Y. Guan, F. Zou, Y. Yao, W. Wang, and T. Zhu, “Web Phishing Detection Using a Deep Learning Framework,” Wirel. Commun. Mob. Comput.,...
    • [29] D. Aksu, Z. Turgut, S. Üstebay, and M. A. Aydin, “Phishing Analysis of Websites Using Classification Techniques,” Springer, Singapore,...
    • [30] M. Pereira, S. Coleman, B. Yu, M. DeCock, and A. Nascimento, “Dictionary Extraction and Detection of Algorithmically Generated Domain...
    • [31] C. Sur, “DeepSeq: learning browsing log data based personalized security vulnerabilities and counter intelligent measures,” J. Ambient...
    • [32] G. Vrbančič, I. Fister, and V. Podgorelec, “Swarm Intelligence Approaches for Parameter Setting of Deep Learning Neural Network,” in...
    • [33] J. Woodbridge, H. S. Anderson, A. Ahuja, and D. G. Endgame, “Detecting Homoglyph Attacks with a Siamese Neural Network.”
    • [34] J. Saxe and K. Berlin, “eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths...
    • [35] K. Shima et al., “Classification of URL bitstreams using Bag of Bytes,” 2018.
    • [36] J. Jiang et al., “A Deep Learning Based Online Malicious URL and DNS Detection Scheme,” Springer, Cham, 2018, pp. 438– 448.
Fundación Dialnet

Mi Documat

Opciones de artículo

Opciones de compartir

Opciones de entorno