Towards a contingency approach with whitelist- and blacklist-based anti-phishing applications: what do usability tests indicate?

In web browsers, a variety of anti-phishing tools and technologies are available to assist users to identify phishing attempts and potentially harmful pages. Such anti-phishing tools and technologies provide Internet users with essential information, such as warnings of spoofed pages. To determine how well users are able to recognise and identify phishing web pages with anti-phishing tools, we designed and conducted usability tests for two types of phishing-detection applications: blacklist-based and whitelist-based anti-phishing toolbars. The research results mainly indicate no significant performance differences between the application types. We also observed that, in many web browsing cases, a significant amount of useful and practical information for users is absent, such as information explaining professional web page security certificates. Such certificates are crucial in ensuring user privacy and protection. We also found other deficiencies in web identities in web pages and web browsers that present challenges to the design of anti-phishing toolbars. These challenges will require more professional, illustrative, instructional, and reliable information for users to facilitate user verification of the authenticity of web pages and their content.     

Usability evaluation of anti-phishing toolbars

Phishing is considered as one of the most serious threats for the Internet and e-commerce. Phishing attacks abuse trust with the help of deceptive e-mails, fraudulent web sites and malware. In order to prevent phishing attacks some organizations have implemented Internet browser toolbars for identifying deceptive activities. However, the levels of usability and user interfaces are varying. Some of the toolbars have obvious usability problems, which can affect the performance of these toolbars ultimately. For the sake of future improvement, usability evaluation is indispensable. We will discuss usability of five typical anti-phishing toolbars: built-in phishing prevention in the Internet Explorer 7.0, Google toolbar, Netcraft Anti-phishing toolbar and SpoofGuard. In addition, we included Internet Explorer plug-in we have developed, Anti-phishing IEPlug. Our hypothesis was that usability of anti-phishing toolbars, and as a consequence also security of the toolbars, could be improved. Indeed, according to the heuristic usability evaluation, a number of usability issues were found. In this article, we will describe the anti-phishing toolbars, we will discuss anti-phishing toolbar usability evaluation approach and we will present our findings. Finally, we will propose advices for improving usability of anti-phishing toolbars, including three key components of anti-phishing client side applications (main user interface, critical warnings and the help system). For example, we found that in the main user interface it is important to keep the user informed and organize settings accordingly to a proper usability design. In addition, all the critical warnings an anti-phishing toolbar shows should be well designed. Furthermore, we found that the help system should be built to assist users to learn about phishing prevention as well as how to identify fraud attempts by themselves. One result of our research is also a classification of anti-phishing toolbar applications. Linfeng Li is a student at the University of Tampere, Finland. Marko Helenius is Assistant Professor at the Department of Computer Sciences, University of Tampere, Finland.     

Security awareness of computer users: A phishing threat avoidance perspective

Phishing is an online identity theft, which aims to steal confidential information such as username, password and online banking details from its victims. To prevent this, anti-phishing education needs to be considered. Therefore, the research reported in this paper examines whether conceptual knowledge or procedural knowledge has a positive effect on computer users’ self-efficacy to thwart phishing threats. In order to accomplish this, a theoretical model based on Liang and Xue’s (2010) Technology Threat Avoidance Theory (TTAT) has been proposed and evaluated. Data was collected from 161 regular computer users to elicit their feedback through an online questionnaire. The study findings revealed that the interaction effect of conceptual and procedural knowledge positively impacts on computer users’ self-efficacy, which enhances their phishing threat avoidance behaviour. It can therefore be argued that well-designed end-user security education contributes to thwart phishing threats.     

A recent review of conventional vs. automated cybersecurity anti-phishing techniques

In the era of electronic and mobile commerce, massive numbers of financial transactions are conducted online on daily basis, which created potential fraudulent opportunities. A common fraudulent activity that involves creating a replica of a trustful website to deceive users and illegally obtain their credentials is website phishing. Website phishing is a serious online fraud, costing banks, online users, governments, and other organisations severe financial damages. One conventional approach to combat phishing is to raise awareness and educate novice users on the different tactics utilised by phishers by conducting periodic training or workshops. However, this approach has been criticised of being not cost effective as phishing tactics are constantly changing besides it may require high operational cost. Another anti-phishing approach is to legislate or amend existing cyber security laws that persecute online fraudsters without minimising its severity. A more promising anti-phishing approach is to prevent phishing attacks using intelligent machine learning (ML) technology. Using this technology, a classification system is integrated in the browser in which it will detect phishing activities and communicate these with the end user. This paper reviews and critically analyses legal, training, educational and intelligent anti-phishing approaches. More importantly, ways to combat phishing by intelligent and conventional are highlighted, besides revealing these approaches differences, similarities and positive and negative aspects from the user and performance prospective. Different stakeholders such as computer security experts, researchers in web security as well as business owners may likely benefit from this review on website phishing.     

基于图像相似性的Android钓鱼恶意应用检测方法

在移动互联网日益兴盛的今天,攻击者已开始通过移动应用的形式来实施网络钓鱼,而现有的网络钓鱼检测方法主要针对网页钓鱼,无法应对这一新的安全威胁。钓鱼恶意应用的一个显著特点是通过构造与目标应用相似的界面来诱骗用户输入敏感信息。基于这种视觉相似性,提出了一种面向Android平台的钓鱼恶意应用检测方法。该方法通过动态技术截取被检测应用的人机交互界面,利用图像哈希感知算法计算其与目标应用界面的图像相似度。如果相似度超过阈值,则识别被检测应用程序为钓鱼恶意应用。实验表明,该方法可以有效检测Android平台上的恶意钓鱼应用程序。     

Providing awareness,explanation and control of personalized filtering in a social networking site

Social networking sites (SNSs) have applied personalized filtering to deal with overwhelmingly irrelevant social data. However, due to the focus of accuracy, the personalized filtering often leads to “the filter bubble” problem where the users can only receive information that matches their pre-stated preferences but fail to be exposed to new topics. Moreover, these SNSs are black boxes, providing no transparency for the user about how the filtering mechanism decides what is to be shown in the activity stream. As a result, the user’s usage experience and trust in the system can decline. This paper presents an interactive method to visualize the personalized filtering in SNSs. The proposed visualization helps to create awareness, explanation, and control of personalized filtering to alleviate the “filter bubble” problem and increase the users’ trust in the system. Three user evaluations are presented. The results show that users have a good understanding about the filter bubble visualization, and the visualization can increase users’ awareness of the filter bubble, understandability of the filtering mechanism and to a feeling of control over the data stream they are seeing. The intuitiveness of the design is overall good, but a context sensitive help is also preferred. Moreover, the visualization can provide users with better usage experience and increase users’ trust in the system.     

网络钓鱼防御方法研究

网络钓鱼主要是指利用互联网进行的一种欺诈行为。随着互联网的广泛普及,针对在线身份窃取的网络钓鱼活动日益加剧。阐述了网络钓鱼的基本概念;对现有的网络钓鱼的攻击方式进行了较为全面的分类总结,在此基础上对目前主要的反钓鱼方法进行了分类研究,并对各种方法的优缺点进行了相应的分析;提出网络钓鱼在三个方面的发展趋势,并得出结论：只有将各种防御方法很好地结合起来才能更好地应对手段不断翻新的网络钓鱼攻击。     

Trust calibration of automated security IT artifacts: A multi-domain study of phishing-website detection tools

Phishing websites become a critical cybersecurity threat affecting individuals and organizations. Phishing-website detection tools are designed to protect users against such sites. Nevertheless, detection tools face serious user trust and suboptimal performance issues which require trust calibration to align trust with the tool’s capabilities. We employ the theoretical framework of automation trust and reliance as a kernel theory to develop the trust calibration model for phishing-website detection tools. We test the model using a controlled lab experiment. The results of our analysis show that users’ trust in detection tools can be calibrated by trust calibrators. Moreover, users’ calibrated trust has significant consequences, including users’ tool reliance, use, and performance against phishing websites.     

基于用户信任和兴趣的概率矩阵分解推荐方法

传统协同过滤推荐算法存在数据稀疏性、冷启动、新用户等问题.随着社交网络和电子商务的迅猛发展,利用用户间的信任关系和用户兴趣提供个性化推荐成为研究的热点.本文提出一种结合用户信任和兴趣的概率矩阵分解（STUIPMF）推荐方法.该方法首先从用户评分角度挖掘用户间的隐性信任关系和潜在兴趣标签,然后利用概率矩阵分解模型对用户评分信息、用户信任关系、用户兴趣标签信息进行矩阵分解,进一步挖掘用户潜在特征,缓解数据稀疏性.在Epinions数据集上进行实验验证,结果表明,该方法能够在一定程度上提高推荐精度,缓解冷启动和新用户问题,同时具有较好的可扩展性.     

一种基于DNS主动检测钓鱼攻击的系统

针对中国反钓鱼网站联盟（APAC）的钓鱼举报数据进行分析后, 提出了一种利用DNS日志和钓鱼历史数据主动发现钓鱼网页的方法, 并开发部署了相关的检测系统每日自动检测和举报活跃的钓鱼网页, 其采用的主动发现钓鱼攻击的机制对传统的被动防御的反钓鱼技术是一种良好的提升和补充。该系统目前已经成为中国反钓鱼联盟最主要的钓鱼举报来源之一。     

基于强化学习DQN的智能体信任增强

信任推荐系统是以社交网络为基础的一种重要推荐系统应用,其结合用户之间的信任关系对用户进行项目推荐.但之前的研究一般假定用户之间的信任值固定,无法对用户信任及偏好的动态变化做出及时响应,进而影响推荐效果.实际上,用户接受推荐后,当实际评价高于心理预期时,体验用户对推荐者的信任将增加,反之则下降.针对此问题,并且重点考虑用户间信任变化过程及信任的动态性,提出了一种结合强化学习的用户信任增强方法.因此,使用最小均方误差算法研究评价差值对用户信任的动态影响,利用强化学习方法deep q-learning(DQN)模拟推荐者在推荐过程中学习用户偏好进而提升信任值的过程,并且提出了一个多项式级别的算法来计算信任值和推荐,可激励推荐者学习用户的偏好,并使用户对推荐者的信任始终保持在较高程度.实验表明,方法可快速响应用户偏好的动态变化,当其应用于推荐系统时,相较于其他方法,可为用户提供更及时、更准确的推荐结果.     

Five-tier barrier anti-phishing scheme using hybrid approach

ABSTRACT

Though hoaxing people to make financial benefits is an old idea, phishers have realized that social engineering tools for web attacks are relatively easy to execute and are highly profitable over the Internet. One of the threatening criminal activities is phishing, in which the phishers trap users into revealing their identities and financial information to a fraudulent website. Researchers have proposed a number of anti-phishing techniques based on blacklist, whitelist, and visual similarity, but the major disadvantage with such approaches is that they are slow techniques with high false positive rates. For robust detection of phishing attacks, this article uses fundamentals of heuristic factors and a whitelist. The article proposes a safeguard scheme referred as the five-tier barrier hybrid approach. Input to the five-tier barrier is a uniform resource locator (URL), and output of the application is a status of the page (“Secure Connection” representing a legitimate URL, “Phishing Alert” representing phishing URL, and “Query Page” representing that the webpage needs to be processed further/failure of JSoup connection). In comparison to a blacklist, the five-tier barrier is competent in detecting zero-hour phishing attacks, and it is much faster than visual similarity–based anti-phishing techniques.     

基于用户行为的加权信任计算方法

在信任计算中,推荐信任具有极强的主观性,存在欺骗、诋毁等攻击行为,这些将掩盖被推荐用户行为的真实性,威胁系统安全。针对该问题,提出一种基于用户行为的加权信任计算方法,使用时间衰减标识反馈信息的时间属性,通过直接信任和推荐信任加权计算用户信任度;同时采用反馈可信度评估第三方推荐信任的真实性。仿真实验表明该方法具有较好的动态适应性,能够有效平衡恶意推荐,准确反映用户的行为变化,并计算用户行为的可信性,为系统安全决策提供可靠支持。     

融合社会标签与信任关系的社会网络推荐方法

针对推荐系统中普遍存在的数据稀疏和冷启动等问题,本文将标签与基于信任的社交推荐方法相结合,提出了一种融合社会标签和信任关系的社会网络推荐方法。该方法利用概率因式分解技术实现了社会信任关系、项目标记信息和用户项目评分矩阵的集成。从不同维度出发,实现了用户和项目潜在特性空间的互连。在此基础上,通过概率矩阵因式分解技术实现降维,从而实现了有效的社会化推荐。在Epinions和Movielens数据集上的实验结果表明本文所提出的方法优于传统的社会化推荐和社会标签推荐算法,特别是当用户评分数据较少时该算法的优越性体现得更好。     

融合用户社会地位和矩阵分解的推荐算法

随着社交网络服务的日益流行,社交网络平台为推荐算法提供了丰富的额外信息.假设朋友之间共享更多的共同偏好并且用户往往易于接受来自朋友的推荐,越来越多的推荐系统利用社交网络中用户之间的信任关系来改进传统推荐算法的性能.然而,现有基于社交网络推荐算法忽略了2个问题：1)在不同的领域中,用户信任不同的朋友;2)由于用户在不同的领域内具有不同的社会地位,因此,用户在不同的领域内受朋友的影响程度是不同的.首先利用整体的社交网络结构信息和用户的评分信息推导特定领域社交网络结构,然后利用PageRank算法计算用户在特定领域的社会地位,最后提出了一种融合用户社会地位信息的矩阵分解推荐算法.在真实数据集上的实验结果表明：融合用户地位信息的矩阵分解推荐算法的性能优于传统的基于社交网络推荐算法.     

A trust-based service suggestion system using human plausible reasoning

Nowadays, there is a growing need to manage trust in open systems as they may contain untrustworthy service providers. Agent Trust Management (ATM) tries to address the problem of finding a set of the most trusted agents in multi agent systems. This paper presents ScubAA, a novel generic ATM framework based on the theory of Human Plausible Reasoning (HPR). For each user’s request, ScubAA determines a ranked list of the most trusted service agents, within the context of the request, and forwards the request to those trusted services only. ScubAA determines an agent’s degree of trust in terms of a single personalized value derived from several types of evidences such as user’s feedback, history of user’s interactions, context of the submitted request, references from third party users as well as from third party service agents, and structure of the society of agents. ScubAA is able to utilize more trust evidences towards a more accurate value of trust. We also propose a function to figure out how similar two users are in a given context. We apply the proposed HPR-based ATM framework to the domain of Web search. The resulting ATM system recommends to the user a list of the most trusted search engines ranked according to the retrieval precision of documents returned in response to the user’s query as well as the degree of trust of the search engines have gained by interacting with other related users within the context of the query. In addition, we conduct a statistical analysis of ScubAA based on ANOVA and by using a data set of forty queries in different domains. This analysis clearly reveals that ScubAA is able to successfully assess the trustworthiness of service agents.     

Using Hierarchical Graph Maps to Explain Collaborative Filtering Recommendations

The explanation of and justification for recommendation results are important objectives in recommender systems because such explanations and justifications strongly influence the user's trust in the system. Traditional justification methods are based on textual explanations, which can be inadequate for analysis, comprehension, and decision making on the part of the user. In this paper, we present a method that generates tree graphs that contain the following information: the recommended items, the items that have appeared most often in the recommendation process, the relative importance of the items, and the relationships that exist among the items. The trees obtained in the experiments show (1) the greater novelty of user‐to‐user results, (2) the overspecialization inherent in the item‐to‐item approach, and (3) the equilibrium obtained by employing hybrid user‐to‐user/item‐to‐item collaborative filtering. The proposed method presents the possibility of extending recommendation result justifications to groups of users and facilitates the explanation of large numbers of recommended items.     

Joint user knowledge and matrix factorization for recommender systems

Currently, most of the existing recommendation methods treat social network users equally, which assume that the effect of recommendation on a user is decided by the user’s own preferences and social influence. However, a user’s own knowledge in a field has not been considered. In other words, to what extent does a user accept recommendations in social networks need to consider the user’s own knowledge or expertise in the field. In this paper, we propose a novel matrix factorization recommendation algorithm based on integrating social network information such as trust relationships, rating information of users and users’ own knowledge. Specifically, since we cannot directly measure a user’s knowledge in the field, we first use a user’s status in a social network to indicate a user’s knowledge in a field, and users’ status is inferred from the distributions of users’ ratings and followers across fields or the structure of domain-specific social network. Then, we model the final rating of decision-making as a linear combination of the user’s own preferences, social influence and user’s own knowledge. Experimental results on real world data sets show that our proposed approach generally outperforms the state-of-the-art recommendation algorithms that do not consider the knowledge level difference between the users.     

基于可信域名的网络钓鱼治理机制研究

反钓鱼技术是近年的研究热点。讨论了域名、域名系统与网络钓鱼攻击的联系,提出了一个基于可信域名的网络钓鱼治理框架。从三个不同区域采取措施保证域名及其应用的可信要素。介绍了框架内的关键技术、核心子系统,并与基于邮件的反钓鱼框架进行了比较。分析表明从基础资源着手解决网络钓鱼问题有着检测信息来源广泛、响应速度快、管理审计便捷的优势,对当前的互联网不良应用治理有着启发和借鉴意义。     

Detection of phishing attacks in Iranian e-banking using a fuzzy–rough hybrid system

Phishing is a method of stealing electronic identity in which social engineering and website forging methods are used in order to mislead users and reveal confidential information having economic value. Destroying the trust between users in business network, phishing has a negative effect on the budding area of e-commerce. Developing countries such as Iran have been recently facing Internet threats like phishing, whose methods, regarding the social differences, may be different from other experiences. Thus, it is necessary to design a suitable detection method for these deceits. The aim of current paper is to provide a phishing detection system to be used in e-banking system in Iran. Identifying the outstanding features of phishing is one of the important prerequisites in design of an accurate system; therefore, in first step, to identify the influential features of phishing that best fit the Iranian bank sites, a list of 28 phishing indicators was prepared. Using feature selection algorithm based on rough sets theory, six main indicators were identified as the most effective factors. The fuzzy expert system was designed using these indicators, afterwards. The results show that the proposed system is able to determine the Iranian phishing sites with a reasonable speed and precision, having an accuracy of 88%.