Accounting Information To Users Research Articles

A Novel Model Based on Ensemble Learning for Phishing Attack

With the increase in the speed of the internet environment and the development of the infrastructures used, people have started to perform most of their work online. As much as this makes life easier, it also increases the possibility of being attacked by malicious people. Attackers can activate a phishing attack that aims to steal information from victims by creating copied, fake websites. While this attack is very old and somewhat simple, it can still be effective due to low IT literacy. People can enter their information on these fake websites out of spontaneity or ignorance or good intentions and be exposed to Phishing attacks. The compromise of a user's account information also puts at risk the security of the organization or institution to which it is connected. In this study, we propose a new machine learning-based ensemble model with feature selection methods to detect phishing attacks. Also, an ablation study is presented to measure the effect of different feature selection methods. The proposed model which we named as NaiveStackingSymmetric (NSS) is analyzed using the widely used accuracy (ACC), the area under curve (AUC), and F-score metrics as well as the polygon area metric (PAM), and it is shown that it outperforms other studies in the literature using the same dataset.

Fraud Detection System Using Facial Recognition Based On Google Teachable Machine for Banking Applications

Security is major concern for any system. The scammer continually tries to obtain the user's account information by applying different tricks to perform fraud that cost the banking system and user huge loss. Machine learning based techniques are most extensively being used to avoid this risk. Face recognition based systems are not sufficient especially in banking sectors. Teachable Machine is a webbased tool that makes building machine learning models fast, easy, and accessible to everyone. So in order to stop those fraudulent we should need powerful fraud detection method or system by which detect fraud .We have proposed a only method by using face recognition features along with face recognition systems to boot the security level of the society against the fraudsters. It is using the features of face recognition and face recognition authentication which makes the transaction more secure as compared to the traditional payment.

QR 코드를 이용한 모바일 이중 전송 OTP 시스템

비밀번호 기반의 사용자 인증은 동일한 비밀번호를 반복 사용하므로 보안이 취약하여 OTP(One-Time Password)가 도입되었다. 하지만 보안이 강화된 OTP를 서버와 동기된 모바일 기기에서 생성하여 PC에 입력하는 경우 PC가 악성코드에 감염되어 있으면 해커가 사용자 계정과 비밀번호 그리고 OTP값을 해킹할 수 있다. 본 논문에서는 OTP값 유출에 따른 보안 취약성을 해소하기 위해 사용자는 계정과 비밀번호를 PC에 입력하여 서버인증을 수행하고, PC 화면에 출력된 QR코드를 모바일 기기에서 스캔하여 OTP값을 직접 서버로 전송함으로써 정보 유출에 따른 해킹을 방지하고 PC에 OTP값을 입력하는 불편함을 줄이는 새로운 이중 인증 방식인 DTOTP를 제안한다. 시스템은 이중 전송을 통해 PC인증 방식의 OTP 보다 향상된 보안성을 제공하면서 기존 OTP 알고리즘을 그대로 사용할 수 있어 구현이 용이하며 은행, 포털 및 게임 서비스 등에 안전하게 활용할 수 있다. In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.