Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
Invasive browser sniffing and countermeasures
Proceedings of the 15th international conference on World Wide Web
PHONEY: Mimicking User Response to Detect Phishing Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Don't be a phish: steps in user education
Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education
The methodology and an application to fight against Unicode attacks
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Communications of the ACM
Fighting unicode-obfuscated spam
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
iPhish: phishing vulnerabilities on consumer electronics
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Phishing IQ tests measure fear, not ability
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Empirical analysis of internet identity misuse: case study of south Korean real name system
Proceedings of the 6th ACM workshop on Digital identity management
Effective protection against phishing and web spoofing
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
SPS: a simple filtering algorithm to thwart phishing attacks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Lightweight email signatures (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
| Hi-index | 0.02 |
A first contribution of this paper is a theoretical yet practically applicable model covering a large set of phishing attacks, aimed towards developing an understanding of threats relating to phishing. We model an attack by a phishing graph in which nodes correspond to knowledge or access rights, and (directed) edges correspond to means of obtaining information or access rights from already possessed information or access rights – whether this involves interaction with the victim or not. Edges may also be associated with probabilities, costs, or other measures of the hardness of traversing the graph. This allows us to quantify the effort of traversing a graph from some starting node (corresponding to publicly available information) to a target node that corresponds to access to a resource of the attacker’s choice. We discuss how to perform economic analysis on the viability of attacks. A quantification of the economical viability of various attacks allows a pinpointing of weak links for which improved security mechanisms would improve overall system security.