A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks
暂无分享,去创建一个
[1] Marie-Francine Moens,et al. New filtering approaches for phishing email , 2010, J. Comput. Secur..
[2] Norman M. Sadeh,et al. Learning to detect phishing emails , 2007, WWW '07.
[3] Brian Anderson,et al. CHAPTER 1 – USB Hacksaw , 2010 .
[4] Lorrie Faith Cranor,et al. Phishguru: a system for educating users about semantic attacks , 2009 .
[5] Barack Obama,et al. Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .
[6] George Loukas,et al. Physical-Cyber Attacks , 2015 .
[7] Akira Yamada,et al. Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.
[8] Yada Zhu,et al. Social Phishing , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..
[9] Jens Grossklags,et al. Third-party apps on Facebook: privacy and the illusion of control , 2011, CHIMIT '11.
[10] Wilson Huang,et al. A Study of Social Engineering in Online Frauds , 2013 .
[11] M. Eric Johnson,et al. The Evolution of the Peer-to-Peer File Sharing Industry and the Security Risks for Users , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).
[12] Nataasha Raul,et al. Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks , 2012, ArXiv.
[13] M. Angela Sasse,et al. Security Education against Phishing: A Modest Proposal for a Major Rethink , 2012, IEEE Security & Privacy.
[14] Hong-yun Xiao,et al. Analysis on Sandbox Technology of Adobe Reader X , 2013, 2013 International Conference on Computational and Information Sciences.
[15] Somesh Jha,et al. Testing malware detectors , 2004, ISSTA '04.
[16] Romain Martin,et al. An application to estimate the cyber-risk detection skill of mobile device users (IDEA) , 2013 .
[17] Fang Yu,et al. Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.
[18] Marianne Junger,et al. RISK-DET: ICT Security Awareness Aspect Combining Education and Cognitive Sciences , 2014 .
[19] Huajun Huang,et al. Browser-Side Countermeasures for Deceptive Phishing Attack , 2009, 2009 Fifth International Conference on Information Assurance and Security.
[20] Iwan Gulenko. Social against social engineering: Concept and development of a Facebook application to raise security and risk awareness , 2013, Inf. Manag. Comput. Secur..
[21] Marti A. Hearst,et al. Why phishing works , 2006, CHI.
[22] Lorrie Faith Cranor,et al. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.
[23] Sahin Albayrak,et al. An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.
[24] Andrea J. Cullen,et al. Social Engineering Detection Using Neural Networks , 2009, 2009 International Conference on CyberWorlds.
[25] Maria Papadaki,et al. Social engineering: assessing vulnerabilities in practice , 2009, Inf. Manag. Comput. Secur..
[26] Gundeep Singh Bindra. Masquerading as a Trustworthy Entity through Portable Document File (PDF) Format , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.
[27] Elmarie Kritzinger,et al. Cyber security for home users: A new way of protection through awareness enforcement , 2010, Comput. Secur..
[28] G.W. Romney,et al. IT security education is enhanced by analyzing Honeynet data , 2005, 2005 6th International Conference on Information Technology Based Higher Education and Training.
[29] Aubrey Labuschagne,et al. Design of cyber security awareness game utilizing a social media framework , 2011, 2011 Information Security for South Africa.
[30] John C. Mitchell,et al. Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.
[31] Lujo Bauer,et al. The Effectiveness of Security Images in Internet Banking , 2015, IEEE Internet Computing.
[32] Paul Jones,et al. Secrets and Lies: Digital Security in a Networked World , 2002 .
[33] Adam Barth,et al. The Security Architecture of the Chromium Browser , 2009 .
[34] Christopher Krügel,et al. Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks , 2009, DIMVA.
[35] Wenke Lee,et al. SURF: detecting and measuring search poisoning , 2011, CCS '11.
[36] Josef Langer,et al. NFC Devices: Security and Privacy , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[37] Yue Xu,et al. Social engineering in social networking sites: Affect-based model , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).
[38] Minaxi Gupta,et al. A study of malware in peer-to-peer networks , 2006, IMC '06.
[39] Jason Hong,et al. The state of phishing attacks , 2012, Commun. ACM.
[40] Gerhard Paass,et al. Improved Phishing Detection using Model-Based Features , 2008, CEAS.
[41] Gary Hinson,et al. Social Engineering Techniques, Risks, and Controls , 2008 .
[42] Jeffrey Robert Jacobs,et al. Measuring the Effectiveness of the USB Flash Drive as a Vector for Social Engineering Attacks on Commercial and Residential Computer Systems , 2011 .
[43] Harris Drucker,et al. Support vector machines for spam categorization , 1999, IEEE Trans. Neural Networks.
[44] Leyla Bilge,et al. Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.
[45] Carolyn Penstein Rosé,et al. CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.
[46] William L. Simon,et al. The Art of Deception: Controlling the Human Element of Security , 2001 .
[47] Luis Corrons. The Business of Rogueware , 2010 .
[48] Hyunuk Hwang,et al. A Study on MITM (Man in the Middle) Vulnerability in Wireless Network Using 802.1X and EAP , 2008, 2008 International Conference on Information Science and Security (ICISS 2008).
[49] Edgar R. Weippl,et al. Who on Earth Is "Mr. Cypher": Automated Friend Injection Attacks on Social Networking Sites , 2010, SEC.
[50] Steve Gold. The changing face of malware , 2009 .
[51] Nur Izura Udzir,et al. Towards a dynamic file integrity monitor through a security classification , 2011 .
[52] Alexandre Gazet,et al. Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.
[53] Jim Giles. Scareware: the inside story , 2010 .
[54] Dragos Gavrilut,et al. Malware detection using machine learning , 2009, 2009 International Multiconference on Computer Science and Information Technology.
[55] Chao Yang,et al. Who is peeping at your passwords at Starbucks? — To catch an evil twin access point , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).
[56] Paul C. van Oorschot,et al. On instant messaging worms, analysis and countermeasures , 2005, WORM '05.
[57] Nitesh Saxena,et al. Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings , 2014, NDSS.
[58] Mohd Faizal Abdollah,et al. Generic Taxonomy of Social Engineering Attack , 2011 .
[59] Chenniappan Chellappan,et al. Detection and Recognition of File Masquerading for E-mail and Data Security , 2010, CNSA.
[60] Christopher Krügel,et al. What the App is That? Deception and Countermeasures in the Android User Interface , 2015, 2015 IEEE Symposium on Security and Privacy.
[61] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.
[62] Scott P. Robertson,et al. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 1991 .
[63] Jong Kim,et al. WarningBird: Detecting Suspicious URLs in Twitter Stream , 2012, NDSS.
[64] Thomas Peltier. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management , 2001 .
[65] Hennie A. Kruger,et al. A prototype for assessing information security awareness , 2006, Comput. Secur..
[66] Thomas M. Chen. Trends in Viruses and Worms , 1904 .
[67] A. Konak. Broadening E-Commerce Information Security Education Using Virtual Computing Technologies , 2012 .
[68] K. Dahal,et al. Intelligent Phishing Website Detection System using Fuzzy Techniques , 2008, 2008 3rd International Conference on Information and Communication Technologies: From Theory to Applications.
[69] Nilesh B. Prajapati,et al. An Attack Vector for Deception Through Persuasion Used by Hackers and Crakers , 2009, 2009 First International Conference on Networks & Communications.
[70] Ka-Ping Yee,et al. Guidelines and Strategies for Secure Interaction Design , 2005 .
[71] M. Angela Sasse,et al. Towards a Simulation of Information Security Behaviour in Organisations , 2014, Cyberpatterns.
[72] Vinod Yegneswaran,et al. BLADE: an attack-agnostic approach for preventing drive-by malware infections , 2010, CCS '10.
[73] Neal Leavitt. Instant messaging: a new target for hackers , 2005, Computer.
[74] 共立出版株式会社. コンピュータ・サイエンス : ACM computing surveys , 1978 .
[75] Bruce Schneier,et al. Inside risks: semantic network attacks , 2000, CACM.
[76] Common Cyber Attacks : Reducing The Impact , .
[77] Bonnie Brinton Anderson,et al. How Polymorphic Warnings Reduce Habituation in the Brain: Insights from an fMRI Study , 2015, CHI.
[78] Ali A. Ghorbani,et al. IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS 1 Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods , 2022 .
[79] Lech J. Janczewski,et al. A Taxonomy for Social Engineering attacks , 2011 .
[80] Srdjan Capkun,et al. Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems , 2010 .
[81] John C. Platt,et al. Robust scareware image detection , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.
[82] Wouter Joosen,et al. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse , 2015, NDSS.
[83] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.
[84] George Loukas,et al. Cyber-Physical Attacks: A Growing Invisible Threat , 2015 .
[85] Niels Provos,et al. A framework for detection and measurement of phishing attacks , 2007, WORM '07.
[86] Sanjay Ranka,et al. Detecting Internet worms at early stage , 2005, IEEE Journal on Selected Areas in Communications.
[87] Jae-Kwang Lee,et al. "Reminder: please update your details": Phishing Trends , 2009, 2009 First International Conference on Networks & Communications.
[88] Franco Callegati,et al. Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.
[89] Matt Bishop,et al. A Flexible Containment Mechanism for Executing Untrusted Code , 2002, USENIX Security Symposium.
[90] Stuart E. Schechter,et al. The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).
[91] Konstantin Beznosov,et al. Key Challenges in Defending Against Malicious Socialbots , 2012, LEET.
[92] Adam Sedgewick,et al. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 , 2014 .
[93] Ron Lepofsky,et al. COBIT® 5 for Information Security , 2014 .
[94] Kevin F. McCrohan,et al. Influence of Awareness and Training on Cyber Security , 2010 .
[95] Wenyuan Xu,et al. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.
[96] Tarun Kumar Sharma,et al. Social Engineering Prevention by Detecting Malicious URLs Using Artificial Bee Colony Algorithm , 2013, SocProS.
[97] Todd R. Andel,et al. Developing a virtualization platform for courses in networking, systems administration and cyber security education , 2009, SpringSim '09.
[98] Timothy Grance,et al. Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .
[99] Vishrut Sharma. An Analytical Survey of Recent Worm Attacks , 2011 .
[100] Erdem Uçar,et al. The positive outcomes of information security awareness training in companies - A case study , 2009, Inf. Secur. Tech. Rep..
[101] Tobias Lauinger,et al. Honeybot, Your Man in the Middle for Automated Social Engineering , 2010, LEET.
[102] Lloyd Bridges. Malware: The changing face of malware , 2008 .
[103] Niels Provos,et al. Cybercrime 2.0: when the cloud turns dark , 2009, CACM.
[104] George Loukas,et al. On the Feasibility of Automated Semantic Attacks in the Cloud , 2012, ISCIS.
[105] Chris Kanich,et al. The Long "Taile" of Typosquatting Domain Names , 2014, USENIX Security Symposium.
[106] Paul Thompson. Deception as a Semantic Attack , 2006 .
[107] LoukasGeorge,et al. A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks , 2015 .
[108] Edwin Donald Frauenstein,et al. An Enterprise Anti-phishing Framework , 2009, World Conference on Information Security Education.
[109] Hari Balakrishnan,et al. Malware prevalence in the KaZaA file-sharing network , 2006, IMC '06.
[110] M. Tariq Banday,et al. Study of Botnets and Their Threats to Internet Security , 2009 .
[111] Gianluca Stringhini,et al. That Ain't You: Blocking Spearphishing Through Behavioral Modelling , 2015, DIMVA.
[112] Jonathan J. Oliver,et al. Anatomy of a Phishing Email , 2004, CEAS.
[113] Anup Ghosh,et al. Sandboxing and Virtualization: Modern Tools for Combating Malware , 2011, IEEE Security & Privacy.
[114] Min Wu,et al. Do security toolbars actually prevent phishing attacks? , 2006, CHI.
[115] Konstantin Beznosov,et al. The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.
[116] Hsiu-Sen Chiang,et al. Internet security: malicious e-mails detection and protection , 2004, Ind. Manag. Data Syst..
[117] Christian Dietrich. Identification and recognition of remote-controlled malware , 2012 .
[118] Steve Love,et al. Designing a Mobile Game to Teach Conceptual Knowledge of Avoiding 'Phishing Attacks' , 2012 .
[119] Dawn Xiaodong Song,et al. Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.
[120] Kyumin Lee,et al. The social honeypot project: protecting online communities from spammers , 2010, WWW '10.
[121] David Brumley,et al. An empirical study of cryptographic misuse in android applications , 2013, CCS.
[122] Brian Anderson,et al. Seven Deadliest USB Attacks , 2010 .
[123] David Ma,et al. Does domain highlighting help people identify phishing sites? , 2011, CHI.
[124] Ashley L. Podhradsky,et al. Xbox 360 Hoaxes, Social Engineering, and Gamertag Exploits , 2013, 2013 46th Hawaii International Conference on System Sciences.
[125] Ponnurangam Kumaraguru,et al. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.
[126] Suku Nair,et al. Phishing Attacks in a Mobile Environment , 2006 .
[127] InduShobha N. Chengalur-Smith,et al. An overview of social engineering malware: Trends, tactics, and implications , 2010 .
[128] Jörg Schwenk,et al. Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures , 2005, ISPEC.
[129] Lorrie Faith Cranor,et al. Protecting people from phishing: the design and evaluation of an embedded training email system , 2007, CHI.
[130] Silvio Lattanzi,et al. SoK: The Evolution of Sybil Defense via Social Networks , 2013, 2013 IEEE Symposium on Security and Privacy.
[131] Christian Hempelmann,et al. Ontological semantic technology for detecting insider threat and social engineering , 2010, NSPW '10.
[132] Benjamin Morin,et al. What If You Can't Trust Your Network Card? , 2011, RAID.
[133] Christopher Krügel,et al. Analyzing and Detecting Malicious Flash Advertisements , 2009, 2009 Annual Computer Security Applications Conference.
[134] Kirstie Hawkey,et al. Do windows users follow the principle of least privilege?: investigating user account control practices , 2010, SOUPS.
[135] Fang Yu,et al. Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures , 2013, 2013 IEEE Symposium on Security and Privacy.
[136] Patricia Chavez-Burbano,et al. Case of study: Identity theft in a university WLAN Evil twin and cloned authentication web interface , 2013, 2013 World Congress on Computer and Information Technology (WCCIT).
[137] A. Porter. Phishing on Mobile Devices , 2011 .
[138] Ponnurangam Kumaraguru,et al. PhishAri : Automatic Realtime Phishing Detection on Twitter Anupama Aggarwal , 2012 .
[139] Gianluca Stringhini,et al. Hit 'em where it hurts: a live security exercise on cyber situational awareness , 2011, ACSAC '11.
[140] Jukka Vuorinen,et al. Dissecting social engineering , 2013, Behav. Inf. Technol..
[141] A. Calder,et al. IT Governance: An International Guide to Data Security and ISO27001/ISO27002 , 2003 .
[142] Hilarie Orman,et al. The Compleat Story of Phish , 2013, IEEE Internet Computing.
[143] Xavier Leroy. Java Bytecode Verification: An Overview , 2001, CAV.
[144] Andrew H. Sung,et al. Detection of Phishing Attacks: A Machine Learning Approach , 2008, Soft Computing Applications in Industry.
[145] Carl Colwill,et al. Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..
[146] Christopher Krügel,et al. Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.
[147] Robbie Allen,et al. Active Directory: Designing, Deploying, and Running Active Directory , 2008 .
[148] Malek Ben Salem,et al. Modeling User Search Behavior for Masquerade Detection , 2011, RAID.
[149] Oded Nov,et al. Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks , 2015 .
[150] Gianluca Stringhini,et al. Shady paths: leveraging surfing crowds to detect malicious web pages , 2013, CCS.
[151] Christopher Krügel,et al. Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection , 2014, RAID.
[152] Cynthia E. Irvine,et al. A video game for cyber security training and awareness , 2007, Comput. Secur..