Abstract
In today’s cyber era, Internet of Things (IoT) based products are increasingly adopted by users for various purposes. Accesses to these systems are facilitated via a web application to the end user. Traditionally, Phishing attacks were targeted toward banking and financial systems. With the rise in usage of IoT, the attack surface increases. Along with IoT specific attacks, attackers are targeting users with Phishing to steal passwords in order to gain access to IoT devices like security cameras. Phishing is an online attack that has been around for more than two decades. Though there are advanced prevention and detection mechanisms designed and developed by researchers and organizations, statistics show that Phishing has been on the rise. Often, there is a monetary incentive for the bad actor that carries out a phishing attack. This motivates attackers to advance their evasion mechanisms and maintain the status quo as a race between detection and evasion. A methodology Phish-Sec was introduced which paves a way to counter Phishing attacks in a pro-active manner by aggregating signatures of legitimate websites at the source. Phish-Sec involves determining uniqueness across ‘n’ websites. This manuscript provides the mathematical solution using intersection to determine the uniqueness of a visited web page. Iterative intersection is incorporated with Phish-sec to facilitate poison avoidance in its back-end system. By this, Phish-Sec can be expanded to a variety of applications, including non-financial based systems like IoT. It is proved that the overall efficiency of Phish-Sec increases along with its expansion capabilities. The true positive achieved by phish-sec is 99.15% which is 0.15% higher.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.