论文信息 - Laboratory Design For Demonstrating Phishing

Laboratory Design For Demonstrating Phishing

Hands-on laboratory exercises are a very important component of computer security and information assurance education. This paper reports the laboratory exercises we designed to demonstrate two ways of conducting phishing attack: 1) Embedding a hyperlink in a fake email which redirects the victim to a fake website; 2) Using ARP cache poisoning to redirect web access to a fake website. The two ways of carrying out phishing are compared and the defense techniques against phishing attacks are discussed. The laboratory exercises are designed to be used in an undergraduate-level introductory computer security course. The laboratory exercises have been used in a Computer System Security course with very positive results.

Xiaohong Yuan | Huiming Yu | David Matthews | Edmundson Effort

[1] Mike O'Leary. A laboratory based capstone course in computer security for undergraduates , 2006, SIGCSE '06.

[2] Andrew T. Phillips,et al. A portable computer security workshop , 2006, JERC.

[3] Xiaohong Yuan,et al. Laboratory design for wireless network attacks , 2008, InfoSecCD2008 2008.

[4] Udo W. Pooch,et al. Using an isolated network laboratory to teach advanced networks and security , 2001, SIGCSE '01.

[5] Paul J. Wagner,et al. Designing and implementing a cyberwar laboratory exercise for a computer security course , 2004, SIGCSE '04.

[6] José Carlos Brustoloni. Laboratory experiments for network security instruction , 2006, JERC.