Awareness model for minimizing the effects of social engineering attacks in web applications

Maher Al-khateeb, M. Al-Mousa, Ala’a Saeb Al-Sherideh, D. Almajali, Mahmoud Asassfeha, Hayel Khafajeh
{"title":"Awareness model for minimizing the effects of social engineering attacks in web applications","authors":"Maher Al-khateeb, M. Al-Mousa, Ala’a Saeb Al-Sherideh, D. Almajali, Mahmoud Asassfeha, Hayel Khafajeh","doi":"10.5267/j.ijdns.2023.1.010","DOIUrl":null,"url":null,"abstract":"Social Engineering (SE) Attacks against information systems continue to pose a potentially devastating impact. Security information systems are becoming increasingly significant as the number of SE incidents rapidly increased and became more aggressive than before. The World Wide Web (WWW) has evolved for information exchange and knowledge-sharing. It enables the sharing of information in a timely, effective, and transparent manner. Identity theft and identity misuse are two sides of cybercrime in which hackers and fraudulent users collect sensitive information from current legal users in order to perform fraud or deceit for financial gain. Malicious links are used as phishing methods, in which malicious links are planted beneath legitimate-looking links. As the number of web pages grows, the number of malicious web pages and the attacks of such become more complex. In this paper, we provide a method for identifying malicious web pages using a crawling and classification approach that helps to support the automatic discovery of the malicious links. The proposed approach can successfully complete the crawling session even if the page requires partial page refreshment and authentication credentials. The evaluation of the proposed approach shows a higher accuracy compared to an existing approach with an overall accuracy of 72% in three custom applications. Moreover, the proposed approach will calculate the significance and the impact severances of each link on the website and it better differentiates malicious web pages and normal links. The results of the proposed approach will also help in providing a set of recommendations which can increase the awareness level of the end-users, website administrators on how to better deal with these types of SE attacks.","PeriodicalId":36543,"journal":{"name":"International Journal of Data and Network Science","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Data and Network Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5267/j.ijdns.2023.1.010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 5

Abstract

Social Engineering (SE) Attacks against information systems continue to pose a potentially devastating impact. Security information systems are becoming increasingly significant as the number of SE incidents rapidly increased and became more aggressive than before. The World Wide Web (WWW) has evolved for information exchange and knowledge-sharing. It enables the sharing of information in a timely, effective, and transparent manner. Identity theft and identity misuse are two sides of cybercrime in which hackers and fraudulent users collect sensitive information from current legal users in order to perform fraud or deceit for financial gain. Malicious links are used as phishing methods, in which malicious links are planted beneath legitimate-looking links. As the number of web pages grows, the number of malicious web pages and the attacks of such become more complex. In this paper, we provide a method for identifying malicious web pages using a crawling and classification approach that helps to support the automatic discovery of the malicious links. The proposed approach can successfully complete the crawling session even if the page requires partial page refreshment and authentication credentials. The evaluation of the proposed approach shows a higher accuracy compared to an existing approach with an overall accuracy of 72% in three custom applications. Moreover, the proposed approach will calculate the significance and the impact severances of each link on the website and it better differentiates malicious web pages and normal links. The results of the proposed approach will also help in providing a set of recommendations which can increase the awareness level of the end-users, website administrators on how to better deal with these types of SE attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
用于最小化web应用程序中社会工程攻击影响的感知模型
社会工程(SE)针对信息系统的攻击继续造成潜在的破坏性影响。随着网络安全事件的数量迅速增加,并且变得比以前更具攻击性,安全信息系统变得越来越重要。万维网(WWW)是为信息交换和知识共享而发展起来的。它能够以及时、有效和透明的方式共享信息。身份盗窃和身份滥用是网络犯罪的两个方面,黑客和欺诈用户从现有合法用户那里收集敏感信息,以进行欺诈或欺骗以获取经济利益。恶意链接被用作网络钓鱼方法,其中恶意链接被植入看起来合法的链接之下。随着网页数量的增长,恶意网页的数量和攻击方式也变得越来越复杂。在本文中,我们提供了一种使用爬行和分类方法来识别恶意网页的方法,该方法有助于支持恶意链接的自动发现。即使页面需要部分页面刷新和身份验证凭证,所建议的方法也可以成功完成爬行会话。在三个自定义应用程序中,与现有方法相比,所提出方法的评估显示出更高的精度,总体精度为72%。此外,该方法将计算网站上每个链接的重要性和影响程度,更好地区分恶意网页和正常链接。建议方法的结果也将有助于提供一套建议,以提高最终用户和网站管理员对如何更好地处理这些类型的SE攻击的认识水平。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.80
自引率
0.00%
发文量
163
审稿时长
8 weeks
期刊最新文献
Assessing cognitive flexibility: Quantitative insights into the impact of adaptive learning technologies in special education Evaluation of factors affecting university students' satisfaction with e-learning systems used dur-ing Covid-19 crisis: A field study in Jordanian higher education institutions The effect of quality, security and privacy factors on trust and intention to use e-government services The influence of social media marketing activities on customer loyalty: A study of e-commerce industry Exploring the critical success factors of s-commerce in social media platforms: The case of Jordan
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1