Skip to main content
SpringerLink
Log in

Protection Against Semantic Social Engineering Attacks

  • Chapter
  • First Online:
Versatile Cybersecurity

Part of the book series: Advances in Information Security ((ADIS,volume 72))

Abstract

Phishing, drive-by downloads, file and multimedia masquerading, domain typosquatting, malvertising and other semantic social engineering attacks aim to deceive the user rather than exploit a technical flaw to breach a system’s security. We start with a chronological overview to illustrate the growing prevalence of such attacks from their early inception 30 years ago, and identify key milestones and indicative trends which have established them as primary weapons of choice for hackers, cyber-criminals and state actors today. To demonstrate the scale and widespread nature of the threat space, we identify over 35 individually recognised types of semantic attack, existing within and cross-contaminating between a vast range of different computer platforms and user interfaces. Their extreme diversity and the little to no technical traces they leave make them particularly difficult to protect against. Technical protection systems typically focus on a single attack type on a single platform type rather than the wider landscape of deception-based attacks. To address this issue, we discuss three high-level defense approaches for preemptive and proactive protection, including adopting the semantic attack killchain concept which simplifies targeted defense; principles for preemptive and proactive protection for passive threats; and platform based defense-in-depth lifecycle designed to harness technical and non-technical defense capabilities of platform providers and their user base. Here, the human-as-a-security-sensor paradigm can prove particularly useful by leveraging the collective natural ability of users themselves in detecting deception attempts against them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that here we use the term “worm” to refer to a malware with a semantic attack vector that exhibits automated, self-replicating behaviour, as in [8].

References

  1. Schneier, B., 2011. Secrets and lies: digital security in a networked world. John Wiley and Sons.

    Google Scholar 

  2. Loukas, G., 2015. Cyber-physical attacks: A growing invisible threat. Butterworth-Heinemann.

    Google Scholar 

  3. APWG, 2018. APWG Phishing Attack Trends Reports. https://apwg.org/resources/apwg-reports/.

    Google Scholar 

  4. Symantec, 2018. Security Center Archived Publications - Internet Security Threat Reports https://www.symantec.com/security-center/archived-publications.

  5. FirstCyberSecurity, 2009. Protecting your brand online and creating customer confidence. http://www.firstcybersecurity.com/main/IPRiskMReview.pdf.

  6. Webroot, 2013. Webroot real-time anti-phishing service. http://www.webroot.com/shared/pdf/WAP-Anti-Phishing-102013.pdf.

  7. Amiga Fish-Disk Database, 1990. Fish-disk 448 content: Nightmare. http://amiga-fish.erkan.se/amiga-fish-disk-448-contentNightMare/.

  8. Cisco, 2017. Viruses, worms, trojans, and bots. https://www.cisco.com/c/en/us/about/security-center/virus-differences.html.

  9. M. Bishop, 2000. Analysis of the iloveyou worm. Internet:http://nob.cs.ucdavis.edu/classes/ecs155-2005-04/handouts/iloveyou.pdf.

  10. Financial Cryptography, 2005. GP4.3 - growth and fraud - case 3 - phishing, 2005. http://financialcryptography.com/mt/archives/000609.html.

  11. M. Dornseif, 2004. 0wned by an ipod, 2004. Presentation. https://www.slideshare.net/KarlFrank99/owned-by-an-ipod

  12. G. Cluley, 2011. Osama bin laden death video scam spreads virally on facebook. https://nakedsecurity.sophos.com/2011/05/02/osama-binladen-death-video-scam-spreads-virally-on-facebook/.

    Google Scholar 

  13. TrendLabs, 2012. Spear-phishing email: Most favored apt attack bait. Technical report, TrendLabs - APT Research Team. http://www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/white-papers/wp-spear-phishing-email-most-favoredapt-attack-bait.pdf.

  14. Social Engineer (2014). The social engineering infographic. http://www.social-engineer.org/social-engineering/socialengineering-infographic/

  15. Statista, 2015. Types of cyber attacks experienced by companies worldwide as of August 2015. http://www.statista.com/statistics/474937/cyber-crime-attacks-experienced-by-global-companies/.

  16. Statista, 2015. Average number of days to resolve a cyber attack on companies in the united states as of august 2015. http://www.statista.com/statistics/193463/average-days-toresolve-a-cyber-attack-in-us-companies-by-attack/.

  17. Statista, 2015. Share of cyber crime damages caused to u.s. companies through phishing and social engineering in 2015. http://www.statista.com/statistics/193465/financial-damagecaused-by-phishing-for-us-companies/.

  18. Kaspersky, 2017. Kaspersky internet security 2017. https:www.kaspersky.co.uk/internet-security

  19. Avast, 2017. Safezone browser. https://www.avast.com/f-safezone.

  20. Sophos, 2017. Intercept X tech specs. https://www.sophos.com/en-us/products/intercept-x/tech-specs.aspx.

  21. Barracuda, 2017. Evolution of Spear Phishing. https://assets.barracuda.com/assets/docs/dms/Barracuda_Sentinel_WP_Evolution_Spear_Phishing_US.pdf

  22. Yahoo, 2017. Secure your inbox. https://uk.antispam.yahoo.com/.

  23. Engadget, 2017. Google beefs up gmail security to fight phishing attempts. https://www.engadget.com/2017/05/31/google-gmail-security-fight-phishing/.

  24. Microsoft, 2017. Office 365 email anti-spam protection. https://support.office.com/en-us/article/https://support.office.com/en-us/article/Office-365-email-anti-spam-protection-6a601501-a6a8-4559-b2e7-56b59c96a586

  25. Symantec, 2017. Norton security review 2017: Top antivirus provider with fully furnished internet security suites. https://fatsecurity.com/review/norton.

  26. Wombat Security, 2017. PhishGuru Simulated Phishing Attacks. https://www.wombatsecurity.com/security-education/phishguru-simulated-phishing-attacks

    Google Scholar 

  27. Wombat Security, 2017. Security Awareness Training Modules https://www.wombatsecurity.com/security-education/security-awareness-training-modules

    Google Scholar 

  28. PhishMe, 2017. PhishMe Simulator. https://phishme.com/product-services/simulator-2/

  29. FIDO alliance, 2017. How FIDO Works. https://fidoalliance.org/how-fido-works/

  30. University of Oxford, 2016. Information security - report an incident. https://www.infosec.ox.ac.uk/report-incident.

  31. Heartfield, R. and Loukas, G., 2016. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48(3), pp. 37.

    Article  Google Scholar 

  32. Heartfield, R., Loukas, G. and Gan, D., 2016. You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks. IEEE Access, 4, pp. 6910–6928.

    Article  Google Scholar 

  33. Heartfield, R., Loukas, G. and Gan, D., 2017, June. An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In Software Engineering Research, Management and Applications (SERA), 2017 IEEE 15th International Conference on (pp. 371–378). IEEE.

    Google Scholar 

  34. Jordan, M. and Gouday, H., 2005. The signs, and semiotics of the successful semantic attack. In 14th Annual EICAR Conference (pp. 344–364).

    Google Scholar 

  35. Huber, M., Mulazzani, M., Weippl, E., Kitzler, G. and Goluch, S., 2011. Friend-in-the-middle attacks: Exploiting social networking sites for spam. IEEE Internet Computing, 15(3), pp. 28–34.

    Article  Google Scholar 

  36. Heartfield, R. and Loukas, G., 2013. On the feasibility of automated semantic attacks in the cloud. In Computer and Information Sciences III (pp. 343–351). Springer, London.

    Google Scholar 

  37. Madlmayr, G., Langer, J., Kantner, C. and Scharinger, J., 2008, March. NFC devices: Security and privacy. In Availability, Reliability and Security, 2008. ARES 08. Third International Conference on (pp. 642–647). IEEE.

    Google Scholar 

  38. Weber, R.H., 2010. Internet of ThingsNew security and privacy challenges. Computer law and security review, 26(1), pp. 23–30.

    Article  Google Scholar 

  39. Dhamija, R., Tygar, J.D. and Hearst, M., 2006, April. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581–590). ACM.

    Google Scholar 

  40. Drake, C.E., Oliver, J.J. and Koontz, E.J., 2004, August. Anatomy of a Phishing Email. In CEAS.

    Google Scholar 

  41. Huber, M., Mulazzani, M. and Weippl, E., 2010, September. Who on earth is Mr. Cypher: automated friend injection attacks on social networking sites. In IFIP International Information Security Conference (pp. 80–89). Springer, Berlin, Heidelberg.

    Google Scholar 

  42. Aburrous, M., Hossain, M.A., Thabatah, F. and Dahal, K., 2008, April. Intelligent phishing website detection system using fuzzy techniques. In Information and Communication Technologies: From Theory to Applications, 2008. ICTTA 2008. 3rd International Conference on (pp. 1–6). IEEE.

    Google Scholar 

  43. Chou, N., Ledesma, R., Teraguchi, Y. and Mitchell, J.C., 2004, February. Client-Side Defense Against Web-Based Identity Theft. In NDSS.

    Google Scholar 

  44. Huang, H., Zhong, S. and Tan, J., 2009, August. Browser-side countermeasures for deceptive phishing attack. In Information Assurance and Security, 2009. IAS’09. Fifth International Conference on (pp. 352–355). IEEE.

    Google Scholar 

  45. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, April. Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 905–914). ACM.

    Google Scholar 

  46. Giles, J., 2010. Scareware: the inside story. New Scientist, 205(2753), pp. 38–41.

    Article  Google Scholar 

  47. Rekouche, K., 2011. Early phishing. arXiv preprint arXiv:1106.4692.

    Google Scholar 

  48. Kabay, M.E., 2001. Viruses and worms: more than a technical problem. Ubiquity 2001. ACM

    Google Scholar 

  49. Leavitt, N., 2005. Mobile phones: the next frontier for hackers?. Computer, 38(4), pp. 20–23.

    Article  Google Scholar 

  50. Kong, J., Cai, W. and Wang, L., 2010, February. The evaluation of index poisoning in bittorrent. In Communication Software and Networks, 2010. ICCSN’10. Second International Conference on (pp. 382–386). IEEE.

    Google Scholar 

  51. S. Doherty, J. Gegeny, B. Spasojevic, and J. Baltazar, 2013. Hidden lynx - Professional hackers for hire. Symantec Security Response. https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/hidden-lynx-hackers-13-en.pdf

  52. Irani, D., Balduzzi, M., Balzarotti, D., Kirda, E. and Pu, C., 2011, July. Reverse social engineering attacks in online social networks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 55–74). Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  53. Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C. and Vigna, G., 2015, May. What the app is that? deception and countermeasures in the android user interface. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 931–948). IEEE.

    Google Scholar 

  54. Shahzad, R.K. and Lavesson, N., 2011, August. Detecting scareware by mining variable length instruction sequences. In Information Security South Africa (ISSA), 2011 (pp. 1–8). IEEE.

    Google Scholar 

  55. Seifert, C., Stokes, J.W., Colcernian, C., Platt, J.C. and Lu, L., 2013, May. Robust scareware image detection. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on (pp. 2920–2924). IEEE.

    Google Scholar 

  56. Stringhini, G., Kruegel, C. and Vigna, G., 2013, November. Shady paths: Leveraging surfing crowds to detect malicious web pages. In Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security (pp. 133–144). ACM.

    Google Scholar 

  57. Asanka, N., Love, S. and Scott, M., 2012. Designing a mobile game to teach conceptual knowledge of avoiding’phishing attacks’. International Journal for e-Learning Security, 2(1), pp. 127–132.

    Article  Google Scholar 

  58. Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, July. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security (pp. 88–99). ACM.

    Google Scholar 

  59. Aulov, O. and Halem, M., 2012. Human sensor networks for improved modeling of natural disasters. Proceedings of the IEEE, 100(10), pp. 2812–2823.

    Article  Google Scholar 

  60. Marforio, C., Francillon, A. and Capkun, S., 2011. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Technical Report. ETH Zurich.

    Google Scholar 

  61. Selvaraj, K. and Gutierrez, N.F., 2010. The rise of PDF malware. Symantec Security Response. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_rise_of_pdf_malware.pdf.

  62. Kumaraguru, P., 2009. Phishguru: a system for educating users about semantic attacks. Carnegie Mellon University.

    Google Scholar 

  63. Bates, J., 1990. Trojan horse: AIDS information introductory diskette version 2.0. Virus Bulletin, pp. 3–6.

    Google Scholar 

  64. Young, A. and Yung, M., 1996, May. Cryptovirology: Extortion-based security threats and countermeasures. In Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on (pp. 129–140). IEEE.

    Google Scholar 

  65. Howard, F. and Komili, O., 2010. Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware. Sophos Technical Papers, pp. 1–15.

    Google Scholar 

  66. Jensen, M.L., Dinger, M., Wright, R.T. and Thatcher, J.B., 2017. Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), pp. 597–626.

    Article  Google Scholar 

  67. Neupane, A., Saxena, N., Maximo, J.O. and Kana, R., 2016. Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings. IEEE Transactions on Information Forensics and Security, 11(9), pp. 1970–1983.

    Article  Google Scholar 

  68. Ishtiaq Roufa, R.M., Mustafaa, H., Travis Taylora, S.O., Xua, W., Gruteserb, M., Trappeb, W. and Seskarb, I., 2010, February. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In 19th USENIX Security Symposium, Washington DC (pp. 11–13).

    Google Scholar 

  69. Koppel, T., 2015. Lights out: a cyberattack, a nation unprepared, surviving the aftermath. Broadway Books.

    Google Scholar 

  70. Hutchins, E.M., Cloppert, M.J. and Amin, R.M., 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare and Security Research, 1(1), pp. 80.

    Google Scholar 

  71. Joo, J.W., Moon, S.Y., Singh, S. and Park, J.H., 2017. S-Detector: an enhanced security model for detecting Smishing attack for mobile computing. Telecommunication Systems, 66(1), pp. 29–38.

    Article  Google Scholar 

  72. Cova, M., Kruegel, C. and Vigna, G., 2010, April. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th international conference on World wide web (pp. 281–290). ACM.

    Google Scholar 

  73. Jayasinghe, G.K., Culpepper, J.S. and Bertok, P., 2014. Efficient and effective realtime prediction of drive-by download attacks. Journal of Network and Computer Applications, 38, pp. 135–149.

    Article  Google Scholar 

  74. Lu, L., Yegneswaran, V., Porras, P. and Lee, W., 2010, October. Blade: an attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 440–450). ACM.

    Google Scholar 

  75. Blsing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A. and Albayrak, S., 2010, October. An android application sandbox system for suspicious software detection. In Malicious and unwanted software (MALWARE), 2010 5th international conference on (pp. 55–62). IEEE.

    Google Scholar 

  76. Brickell, E.F., Hall, C.D., Cihula, J.F. and Uhlig, R., Intel Corp, 2011. Method of improving computer security through sandboxing. U.S. Patent 7,908,653.

    Google Scholar 

  77. Cone, B.D., Irvine, C.E., Thompson, M.F. and Nguyen, T.D., 2007. A video game for cyber security training and awareness. Computers and Security, 26(1), pp. 63–72.

    Article  Google Scholar 

  78. Heartfield, R. and Loukas, G., 2018. Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Computers and Security, 76, pp. 101–127.

    Article  Google Scholar 

  79. Heartfield, R., Loukas, G. and Gan, D., 2016. You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks. IEEE Access, 4, pp. 6910–6928.

    Article  Google Scholar 

  80. Darknet, 2015. EvilAP Defender Detect Evil Twin Attacks. (2015). http://www.darknet.org.uk/2015/04/evilap-defender-detect-evil-twin-attacks/.

  81. Heartfield, R. and Loukas, G., 2016, June. Evaluating the reliability of users as human sensors of social media security threats. In Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), 2016 International Conference On (pp. 1–7). IEEE.

    Google Scholar 

  82. Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C. and Vigna, G., 2015, May. What the app is that? deception and countermeasures in the android user interface. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 931–948). IEEE.

    Google Scholar 

  83. Dhanalakshmi, R. and Chellappan, C., 2010, July. Detection and recognition of file masquerading for e-mail and data security. In International Conference on Network Security and Applications (pp. 253–262). Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  84. Stringhini, G. and Thonnard, O., 2015, July. That ain’t you: Blocking spearphishing through behavioral modelling. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 78–97). Springer, Cham.

    Chapter  Google Scholar 

  85. Aggarwal, A., Rajadesingan, A. and Kumaraguru, P., 2012, October. PhishAri: Automatic realtime phishing detection on twitter. In eCrime Researchers Summit (eCrime), 2012 (pp. 1–12). IEEE.

    Google Scholar 

  86. Basnet, R., Mukkamala, S. and Sung, A.H., 2008. Detection of phishing attacks: A machine learning approach. In Soft Computing Applications in Industry (pp. 373–383). Springer, Berlin, Heidelberg.

    Google Scholar 

  87. Bhardwaj, T., Sharma, T.K. and Pandit, M.R., 2014. Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In Proceedings of the Third International Conference on Soft Computing for Problem Solving (pp. 355–363). Springer, New Delhi.

    Google Scholar 

  88. Asanka, N., Love, S. and Scott, M., 2012. Designing a mobile game to teach conceptual knowledge of avoiding’phishing attacks’. International Journal for e-Learning Security, 2(1), pp. 127–132.

    Article  Google Scholar 

  89. Bergholz, A., Chang, J.H., Paass, G., Reichartz, F. and Strobel, S., 2008, August. Improved Phishing Detection using Model-Based Features. In CEAS.

    Google Scholar 

  90. Dong-Her, S., Hsiu-Sen, C., Chun-Yuan, C. and Lin, B., 2004. Internet security: malicious e-mails detection and protection. Industrial Management and Data Systems, 104(7), pp. 613–623.

    Article  Google Scholar 

  91. Drucker, H., Wu, D. and Vapnik, V.N., 1999. Support vector machines for spam categorization. IEEE Transactions on Neural networks, 10(5), pp. 1048–1054.

    Article  Google Scholar 

  92. Stembert, N., Padmos, A., Bargh, M.S., Choenni, S. and Jansen, F., 2015, September. A study of preventing email (spear) phishing by enabling human intelligence. In Intelligence and Security Informatics Conference (EISIC), 2015 European (pp. 113–120). IEEE.

    Google Scholar 

  93. Malisa, L., Kostiainen, K. and Capkun, S., 2017, March. Detecting mobile application spoofing attacks by leveraging user visual similarity perception. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 289–300). ACM.

    Google Scholar 

  94. Corbetta, J., Invernizzi, L., Kruegel, C. and Vigna, G., 2014, September. Eyes of a human, eyes of a program: Leveraging different views of the web for analysis and detection. In International Workshop on Recent Advances in Intrusion Detection (pp. 130–149). Springer, Cham.

    Google Scholar 

  95. Kumaraguru, P., 2009. Phishguru: a system for educating users about semantic attacks. Carnegie Mellon University.

    Google Scholar 

  96. Lee, K., Caverlee, J. and Webb, S., 2010, April. The social honeypot project: protecting online communities from spammers. In Proceedings of the 19th international conference on World wide web (pp. 1139–1140). ACM.

    Google Scholar 

  97. Lee, S. and Kim, J., 2012, February. WarningBird: Detecting Suspicious URLs in Twitter Stream. In NDSS (Vol. 12, pp. 1–13).

    Google Scholar 

  98. Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, July. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security (pp. 88–99). ACM.

    Google Scholar 

  99. Xiang, G., Hong, J., Rose, C.P. and Cranor, L., 2011. Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC), 14(2), p.21.

    Article  Google Scholar 

  100. Pandeym T. and Khare, P, 2017. Bluetooth Hacking and its Prevention. http://www.lnttechservices.com/sites/default/files/resources/pdf/whitepapers/2017-12/Bluetooth-Hacking-and-its-Prevention.pdf

    Google Scholar 

  101. Shamsi, J.A., Hameed, S., Rahman, W., Zuberi, F., Altaf, K. and Amjad, A., 2014, January. Clicksafe: Providing security against clickjacking attacks. In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International Symposium on (pp. 206–210). IEEE.

    Google Scholar 

  102. Larson, M., Massey, D., Rose, S., Arends, R. and Austein, R., 2005. DNS security introduction and requirements. IETF. https://tools.ietf.org/html/rfc4033

  103. Shahzad, R.K. and Lavesson, N., 2011, August. Detecting scareware by mining variable length instruction sequences. In Information Security South Africa (ISSA), 2011 (pp. 1–8). IEEE.

    Google Scholar 

  104. Seifert, C., Stokes, J.W., Colcernian, C., Platt, J.C. and Lu, L., 2013, May. Robust scareware image detection. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on (pp. 2920–2924). IEEE.

    Google Scholar 

  105. BufferZone Pro, 2014. BufferZone-Pro sandbox. http://www.trustware.com/BufferZone-Pro/

    Google Scholar 

  106. Alnajjar, A.Y., Manickam, S., Anbar, M., Al-saleem, S. and Elejla, O., 2016. TrustQR: A New Technique for the Detection of Phishing Attacks on QR Code. Advanced Science Letters, 22(10), pp.2905–2909.

    Article  Google Scholar 

  107. Beyah, R., Kangude, S., Yu, G., Strickland, B. and Copeland, J., 2004, December. Rogue access point detection using temporal traffic characteristics. In Global Telecommunications Conference, 2004. GLOBECOM’04. IEEE (Vol. 4, pp. 2271–2275). IEEE.

    Google Scholar 

  108. Al-Khamis, A.K. and Khalafallah, A.A., 2015, November. Secure Internet on Google Chrome: Client side anti-tabnabbing extension. In Anti-Cybercrime (ICACC), 2015 First International Conference on (pp. 1–4). IEEE.

    Google Scholar 

  109. Kharraz, A., Arshad, S., Mulliner, C., Robertson, W.K. and Kirda, E., 2016, August. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757–772).

    Google Scholar 

  110. Vinayakumar, R., Soman, K.P., Velan, K.S. and Ganorkar, S., 2017, September. Evaluating shallow and deep networks for ransomware detection and classification. In Advances in Computing, Communications and Informatics (ICACCI), 2017 International Conference on (pp. 259–265). IEEE.

    Google Scholar 

  111. Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212–221). Springer, Cham.

    Chapter  Google Scholar 

  112. Bandhakavi, S., King, S.T., Madhusudan, P. and Winslett, M., 2010, August. VEX: Vetting Browser Extensions for Security Vulnerabilities. In USENIX Security Symposium (Vol. 10, pp. 339–354).

    Google Scholar 

  113. Ter Louw, M., Lim, J.S. and Venkatakrishnan, V.N., 2008. Enhancing web browser security against malware extensions. Journal in Computer Virology, 4(3), pp. 179–195.

    Article  Google Scholar 

  114. Ford, S., Cova, M., Kruegel, C. and Vigna, G., 2009, December. Analyzing and detecting malicious flash advertisements. In Computer Security Applications Conference, 2009. ACSAC’09. Annual (pp. 363–372). IEEE.

    Google Scholar 

  115. Li, Z., Zhang, K., Xie, Y., Yu, F. and Wang, X., 2012, October. Knowing your enemy: understanding and detecting malicious web advertising. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 674–686). ACM.

    Google Scholar 

  116. Poornachandran, P., Balagopal, N., Pal, S., Ashok, A., Sankar, P. and Krishnan, M.R., 2017. Demalvertising: A Kernel Approach for Detecting Malwares in Advertising Networks. In Proceedings of the First International Conference on Intelligent Computing and Communication (pp. 215–224). Springer, Singapore.

    Google Scholar 

  117. Patil, K., 2016. Request dependency integrity: validating web requests using dependencies in the browser environment. International Journal of Information Privacy, Security and Integrity, 2(4), pp. 281–306.

    Article  MathSciNet  Google Scholar 

  118. Banerjee, A., Rahman, M.S. and Faloutsos, M., 2011. SUT: Quantifying and mitigating url typosquatting. Computer Networks, 55(13), pp. 3001–3014.

    Article  Google Scholar 

  119. Szurdi, J., Kocso, B., Cseh, G., Spring, J., Felegyhazi, M. and Kanich, C., 2014, August. The Long “Taile” of Typosquatting Domain Names. In USENIX Security Symposium (pp. 191–206).

    Google Scholar 

  120. Almeida, Tiago, Renato Moraes Silva, and Akebo Yamakami. “Machine learning methods for spamdexing detection.” International Journal of Information Security Science 2, no. 3 (2013): 86–107.

    Google Scholar 

  121. Geng, G.G., Wang, C.H. and Li, Q.D., 2008, January. Improving Spamdexing Detection Via a Two-Stage Classification Strategy. In Asia Information Retrieval Symposium (pp. 356–364). Springer, Berlin, Heidelberg.

    Google Scholar 

  122. Abou-Assaleh, T. and Das, T., 2006, November. Combating spamdexing: Incorporating heuristics in link-based ranking. In International Workshop on Algorithms and Models for the Web-Graph (pp. 97–106). Springer, Berlin, Heidelberg.

    Google Scholar 

  123. Shahriar, H., Haddad, H. and Devendran, V.K., 2015. Request and Response Analysis Framework for Mitigating Clickjacking Attacks. International Journal of Secure Software Engineering (IJSSE), 6(3), pp. 1–25.

    Article  Google Scholar 

  124. Johns, M. and Lekies, S., 2013, October. Tamper-resistant likejacking protection. In International Workshop on Recent Advances in Intrusion Detection (pp. 265–285). Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  125. Sarjaz, B.S. and Abbaspour, M., 2013. Securing BitTorrent using a new reputation-based trust management system. Peer-to-Peer Networking and Applications, 6(1), pp. 86–100.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Greenwich, London, UK

    Ryan Heartfield & George Loukas

Authors
  1. Ryan Heartfield
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Loukas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ryan Heartfield .

Editor information

Editors and Affiliations

  1. Department of Mathematics, University of Padua, Padua, Italy

    Mauro Conti

  2. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, India

    Gaurav Somani

  3. Department of Electrical Engineering, University of Washington, Seattle, WA, USA

    Radha Poovendran

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Heartfield, R., Loukas, G. (2018). Protection Against Semantic Social Engineering Attacks. In: Conti, M., Somani, G., Poovendran, R. (eds) Versatile Cybersecurity. Advances in Information Security, vol 72. Springer, Cham. https://doi.org/10.1007/978-3-319-97643-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97643-3_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97642-6

  • Online ISBN: 978-3-319-97643-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation