Awareness model for minimizing the effects of social engineering attacks in web applications

Abstract

Social Engineering (SE) Attacks against information systems continue to pose a potentially devastating impact. Security information systems are becoming increasingly significant as the number of SE incidents rapidly increased and became more aggressive than before. The World Wide Web (WWW) has evolved for information exchange and knowledge-sharing. It enables the sharing of information in a timely, effective, and transparent manner. Identity theft and identity misuse are two sides of cybercrime in which hackers and fraudulent users collect sensitive information from current legal users in order to perform fraud or deceit for financial gain. Malicious links are used as phishing methods, in which malicious links are planted beneath legitimate-looking links. As the number of web pages grows, the number of malicious web pages and the attacks of such become more complex. In this paper, we provide a method for identifying malicious web pages using a crawling and classification approach that helps to support the automatic discovery of the malicious links. The proposed approach can successfully complete the crawling session even if the page requires partial page refreshment and authentication credentials. The evaluation of the proposed approach shows a higher accuracy compared to an existing approach with an overall accuracy of 72% in three custom applications. Moreover, the proposed approach will calculate the significance and the impact severances of each link on the website and it better differentiates malicious web pages and normal links. The results of the proposed approach will also help in providing a set of recommendations which can increase the awareness level of the end-users, website administrators on how to better deal with these types of SE attacks.