Abstract
Phishing, drive-by downloads, file and multimedia masquerading, domain typosquatting, malvertising and other semantic social engineering attacks aim to deceive the user rather than exploit a technical flaw to breach a system’s security. We start with a chronological overview to illustrate the growing prevalence of such attacks from their early inception 30 years ago, and identify key milestones and indicative trends which have established them as primary weapons of choice for hackers, cyber-criminals and state actors today. To demonstrate the scale and widespread nature of the threat space, we identify over 35 individually recognised types of semantic attack, existing within and cross-contaminating between a vast range of different computer platforms and user interfaces. Their extreme diversity and the little to no technical traces they leave make them particularly difficult to protect against. Technical protection systems typically focus on a single attack type on a single platform type rather than the wider landscape of deception-based attacks. To address this issue, we discuss three high-level defense approaches for preemptive and proactive protection, including adopting the semantic attack killchain concept which simplifies targeted defense; principles for preemptive and proactive protection for passive threats; and platform based defense-in-depth lifecycle designed to harness technical and non-technical defense capabilities of platform providers and their user base. Here, the human-as-a-security-sensor paradigm can prove particularly useful by leveraging the collective natural ability of users themselves in detecting deception attempts against them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that here we use the term “worm” to refer to a malware with a semantic attack vector that exhibits automated, self-replicating behaviour, as in [8].
References
Schneier, B., 2011. Secrets and lies: digital security in a networked world. John Wiley and Sons.
Loukas, G., 2015. Cyber-physical attacks: A growing invisible threat. Butterworth-Heinemann.
APWG, 2018. APWG Phishing Attack Trends Reports. https://apwg.org/resources/apwg-reports/.
Symantec, 2018. Security Center Archived Publications - Internet Security Threat Reports https://www.symantec.com/security-center/archived-publications.
FirstCyberSecurity, 2009. Protecting your brand online and creating customer confidence. http://www.firstcybersecurity.com/main/IPRiskMReview.pdf.
Webroot, 2013. Webroot real-time anti-phishing service. http://www.webroot.com/shared/pdf/WAP-Anti-Phishing-102013.pdf.
Amiga Fish-Disk Database, 1990. Fish-disk 448 content: Nightmare. http://amiga-fish.erkan.se/amiga-fish-disk-448-contentNightMare/.
Cisco, 2017. Viruses, worms, trojans, and bots. https://www.cisco.com/c/en/us/about/security-center/virus-differences.html.
M. Bishop, 2000. Analysis of the iloveyou worm. Internet:http://nob.cs.ucdavis.edu/classes/ecs155-2005-04/handouts/iloveyou.pdf.
Financial Cryptography, 2005. GP4.3 - growth and fraud - case 3 - phishing, 2005. http://financialcryptography.com/mt/archives/000609.html.
M. Dornseif, 2004. 0wned by an ipod, 2004. Presentation. https://www.slideshare.net/KarlFrank99/owned-by-an-ipod
G. Cluley, 2011. Osama bin laden death video scam spreads virally on facebook. https://nakedsecurity.sophos.com/2011/05/02/osama-binladen-death-video-scam-spreads-virally-on-facebook/.
TrendLabs, 2012. Spear-phishing email: Most favored apt attack bait. Technical report, TrendLabs - APT Research Team. http://www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/white-papers/wp-spear-phishing-email-most-favoredapt-attack-bait.pdf.
Social Engineer (2014). The social engineering infographic. http://www.social-engineer.org/social-engineering/socialengineering-infographic/
Statista, 2015. Types of cyber attacks experienced by companies worldwide as of August 2015. http://www.statista.com/statistics/474937/cyber-crime-attacks-experienced-by-global-companies/.
Statista, 2015. Average number of days to resolve a cyber attack on companies in the united states as of august 2015. http://www.statista.com/statistics/193463/average-days-toresolve-a-cyber-attack-in-us-companies-by-attack/.
Statista, 2015. Share of cyber crime damages caused to u.s. companies through phishing and social engineering in 2015. http://www.statista.com/statistics/193465/financial-damagecaused-by-phishing-for-us-companies/.
Kaspersky, 2017. Kaspersky internet security 2017. https:www.kaspersky.co.uk/internet-security
Avast, 2017. Safezone browser. https://www.avast.com/f-safezone.
Sophos, 2017. Intercept X tech specs. https://www.sophos.com/en-us/products/intercept-x/tech-specs.aspx.
Barracuda, 2017. Evolution of Spear Phishing. https://assets.barracuda.com/assets/docs/dms/Barracuda_Sentinel_WP_Evolution_Spear_Phishing_US.pdf
Yahoo, 2017. Secure your inbox. https://uk.antispam.yahoo.com/.
Engadget, 2017. Google beefs up gmail security to fight phishing attempts. https://www.engadget.com/2017/05/31/google-gmail-security-fight-phishing/.
Microsoft, 2017. Office 365 email anti-spam protection. https://support.office.com/en-us/article/https://support.office.com/en-us/article/Office-365-email-anti-spam-protection-6a601501-a6a8-4559-b2e7-56b59c96a586
Symantec, 2017. Norton security review 2017: Top antivirus provider with fully furnished internet security suites. https://fatsecurity.com/review/norton.
Wombat Security, 2017. PhishGuru Simulated Phishing Attacks. https://www.wombatsecurity.com/security-education/phishguru-simulated-phishing-attacks
Wombat Security, 2017. Security Awareness Training Modules https://www.wombatsecurity.com/security-education/security-awareness-training-modules
PhishMe, 2017. PhishMe Simulator. https://phishme.com/product-services/simulator-2/
FIDO alliance, 2017. How FIDO Works. https://fidoalliance.org/how-fido-works/
University of Oxford, 2016. Information security - report an incident. https://www.infosec.ox.ac.uk/report-incident.
Heartfield, R. and Loukas, G., 2016. A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48(3), pp. 37.
Heartfield, R., Loukas, G. and Gan, D., 2016. You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks. IEEE Access, 4, pp. 6910–6928.
Heartfield, R., Loukas, G. and Gan, D., 2017, June. An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks. In Software Engineering Research, Management and Applications (SERA), 2017 IEEE 15th International Conference on (pp. 371–378). IEEE.
Jordan, M. and Gouday, H., 2005. The signs, and semiotics of the successful semantic attack. In 14th Annual EICAR Conference (pp. 344–364).
Huber, M., Mulazzani, M., Weippl, E., Kitzler, G. and Goluch, S., 2011. Friend-in-the-middle attacks: Exploiting social networking sites for spam. IEEE Internet Computing, 15(3), pp. 28–34.
Heartfield, R. and Loukas, G., 2013. On the feasibility of automated semantic attacks in the cloud. In Computer and Information Sciences III (pp. 343–351). Springer, London.
Madlmayr, G., Langer, J., Kantner, C. and Scharinger, J., 2008, March. NFC devices: Security and privacy. In Availability, Reliability and Security, 2008. ARES 08. Third International Conference on (pp. 642–647). IEEE.
Weber, R.H., 2010. Internet of ThingsNew security and privacy challenges. Computer law and security review, 26(1), pp. 23–30.
Dhamija, R., Tygar, J.D. and Hearst, M., 2006, April. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581–590). ACM.
Drake, C.E., Oliver, J.J. and Koontz, E.J., 2004, August. Anatomy of a Phishing Email. In CEAS.
Huber, M., Mulazzani, M. and Weippl, E., 2010, September. Who on earth is Mr. Cypher: automated friend injection attacks on social networking sites. In IFIP International Information Security Conference (pp. 80–89). Springer, Berlin, Heidelberg.
Aburrous, M., Hossain, M.A., Thabatah, F. and Dahal, K., 2008, April. Intelligent phishing website detection system using fuzzy techniques. In Information and Communication Technologies: From Theory to Applications, 2008. ICTTA 2008. 3rd International Conference on (pp. 1–6). IEEE.
Chou, N., Ledesma, R., Teraguchi, Y. and Mitchell, J.C., 2004, February. Client-Side Defense Against Web-Based Identity Theft. In NDSS.
Huang, H., Zhong, S. and Tan, J., 2009, August. Browser-side countermeasures for deceptive phishing attack. In Information Assurance and Security, 2009. IAS’09. Fifth International Conference on (pp. 352–355). IEEE.
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, April. Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 905–914). ACM.
Giles, J., 2010. Scareware: the inside story. New Scientist, 205(2753), pp. 38–41.
Rekouche, K., 2011. Early phishing. arXiv preprint arXiv:1106.4692.
Kabay, M.E., 2001. Viruses and worms: more than a technical problem. Ubiquity 2001. ACM
Leavitt, N., 2005. Mobile phones: the next frontier for hackers?. Computer, 38(4), pp. 20–23.
Kong, J., Cai, W. and Wang, L., 2010, February. The evaluation of index poisoning in bittorrent. In Communication Software and Networks, 2010. ICCSN’10. Second International Conference on (pp. 382–386). IEEE.
S. Doherty, J. Gegeny, B. Spasojevic, and J. Baltazar, 2013. Hidden lynx - Professional hackers for hire. Symantec Security Response. https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/hidden-lynx-hackers-13-en.pdf
Irani, D., Balduzzi, M., Balzarotti, D., Kirda, E. and Pu, C., 2011, July. Reverse social engineering attacks in online social networks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 55–74). Springer, Berlin, Heidelberg.
Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C. and Vigna, G., 2015, May. What the app is that? deception and countermeasures in the android user interface. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 931–948). IEEE.
Shahzad, R.K. and Lavesson, N., 2011, August. Detecting scareware by mining variable length instruction sequences. In Information Security South Africa (ISSA), 2011 (pp. 1–8). IEEE.
Seifert, C., Stokes, J.W., Colcernian, C., Platt, J.C. and Lu, L., 2013, May. Robust scareware image detection. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on (pp. 2920–2924). IEEE.
Stringhini, G., Kruegel, C. and Vigna, G., 2013, November. Shady paths: Leveraging surfing crowds to detect malicious web pages. In Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security (pp. 133–144). ACM.
Asanka, N., Love, S. and Scott, M., 2012. Designing a mobile game to teach conceptual knowledge of avoiding’phishing attacks’. International Journal for e-Learning Security, 2(1), pp. 127–132.
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, July. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security (pp. 88–99). ACM.
Aulov, O. and Halem, M., 2012. Human sensor networks for improved modeling of natural disasters. Proceedings of the IEEE, 100(10), pp. 2812–2823.
Marforio, C., Francillon, A. and Capkun, S., 2011. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Technical Report. ETH Zurich.
Selvaraj, K. and Gutierrez, N.F., 2010. The rise of PDF malware. Symantec Security Response. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_rise_of_pdf_malware.pdf.
Kumaraguru, P., 2009. Phishguru: a system for educating users about semantic attacks. Carnegie Mellon University.
Bates, J., 1990. Trojan horse: AIDS information introductory diskette version 2.0. Virus Bulletin, pp. 3–6.
Young, A. and Yung, M., 1996, May. Cryptovirology: Extortion-based security threats and countermeasures. In Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on (pp. 129–140). IEEE.
Howard, F. and Komili, O., 2010. Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware. Sophos Technical Papers, pp. 1–15.
Jensen, M.L., Dinger, M., Wright, R.T. and Thatcher, J.B., 2017. Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), pp. 597–626.
Neupane, A., Saxena, N., Maximo, J.O. and Kana, R., 2016. Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings. IEEE Transactions on Information Forensics and Security, 11(9), pp. 1970–1983.
Ishtiaq Roufa, R.M., Mustafaa, H., Travis Taylora, S.O., Xua, W., Gruteserb, M., Trappeb, W. and Seskarb, I., 2010, February. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In 19th USENIX Security Symposium, Washington DC (pp. 11–13).
Koppel, T., 2015. Lights out: a cyberattack, a nation unprepared, surviving the aftermath. Broadway Books.
Hutchins, E.M., Cloppert, M.J. and Amin, R.M., 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare and Security Research, 1(1), pp. 80.
Joo, J.W., Moon, S.Y., Singh, S. and Park, J.H., 2017. S-Detector: an enhanced security model for detecting Smishing attack for mobile computing. Telecommunication Systems, 66(1), pp. 29–38.
Cova, M., Kruegel, C. and Vigna, G., 2010, April. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th international conference on World wide web (pp. 281–290). ACM.
Jayasinghe, G.K., Culpepper, J.S. and Bertok, P., 2014. Efficient and effective realtime prediction of drive-by download attacks. Journal of Network and Computer Applications, 38, pp. 135–149.
Lu, L., Yegneswaran, V., Porras, P. and Lee, W., 2010, October. Blade: an attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 440–450). ACM.
Blsing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A. and Albayrak, S., 2010, October. An android application sandbox system for suspicious software detection. In Malicious and unwanted software (MALWARE), 2010 5th international conference on (pp. 55–62). IEEE.
Brickell, E.F., Hall, C.D., Cihula, J.F. and Uhlig, R., Intel Corp, 2011. Method of improving computer security through sandboxing. U.S. Patent 7,908,653.
Cone, B.D., Irvine, C.E., Thompson, M.F. and Nguyen, T.D., 2007. A video game for cyber security training and awareness. Computers and Security, 26(1), pp. 63–72.
Heartfield, R. and Loukas, G., 2018. Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Computers and Security, 76, pp. 101–127.
Heartfield, R., Loukas, G. and Gan, D., 2016. You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks. IEEE Access, 4, pp. 6910–6928.
Darknet, 2015. EvilAP Defender Detect Evil Twin Attacks. (2015). http://www.darknet.org.uk/2015/04/evilap-defender-detect-evil-twin-attacks/.
Heartfield, R. and Loukas, G., 2016, June. Evaluating the reliability of users as human sensors of social media security threats. In Cyber Situational Awareness, Data Analytics And Assessment (CyberSA), 2016 International Conference On (pp. 1–7). IEEE.
Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C. and Vigna, G., 2015, May. What the app is that? deception and countermeasures in the android user interface. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 931–948). IEEE.
Dhanalakshmi, R. and Chellappan, C., 2010, July. Detection and recognition of file masquerading for e-mail and data security. In International Conference on Network Security and Applications (pp. 253–262). Springer, Berlin, Heidelberg.
Stringhini, G. and Thonnard, O., 2015, July. That ain’t you: Blocking spearphishing through behavioral modelling. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 78–97). Springer, Cham.
Aggarwal, A., Rajadesingan, A. and Kumaraguru, P., 2012, October. PhishAri: Automatic realtime phishing detection on twitter. In eCrime Researchers Summit (eCrime), 2012 (pp. 1–12). IEEE.
Basnet, R., Mukkamala, S. and Sung, A.H., 2008. Detection of phishing attacks: A machine learning approach. In Soft Computing Applications in Industry (pp. 373–383). Springer, Berlin, Heidelberg.
Bhardwaj, T., Sharma, T.K. and Pandit, M.R., 2014. Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In Proceedings of the Third International Conference on Soft Computing for Problem Solving (pp. 355–363). Springer, New Delhi.
Asanka, N., Love, S. and Scott, M., 2012. Designing a mobile game to teach conceptual knowledge of avoiding’phishing attacks’. International Journal for e-Learning Security, 2(1), pp. 127–132.
Bergholz, A., Chang, J.H., Paass, G., Reichartz, F. and Strobel, S., 2008, August. Improved Phishing Detection using Model-Based Features. In CEAS.
Dong-Her, S., Hsiu-Sen, C., Chun-Yuan, C. and Lin, B., 2004. Internet security: malicious e-mails detection and protection. Industrial Management and Data Systems, 104(7), pp. 613–623.
Drucker, H., Wu, D. and Vapnik, V.N., 1999. Support vector machines for spam categorization. IEEE Transactions on Neural networks, 10(5), pp. 1048–1054.
Stembert, N., Padmos, A., Bargh, M.S., Choenni, S. and Jansen, F., 2015, September. A study of preventing email (spear) phishing by enabling human intelligence. In Intelligence and Security Informatics Conference (EISIC), 2015 European (pp. 113–120). IEEE.
Malisa, L., Kostiainen, K. and Capkun, S., 2017, March. Detecting mobile application spoofing attacks by leveraging user visual similarity perception. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy (pp. 289–300). ACM.
Corbetta, J., Invernizzi, L., Kruegel, C. and Vigna, G., 2014, September. Eyes of a human, eyes of a program: Leveraging different views of the web for analysis and detection. In International Workshop on Recent Advances in Intrusion Detection (pp. 130–149). Springer, Cham.
Kumaraguru, P., 2009. Phishguru: a system for educating users about semantic attacks. Carnegie Mellon University.
Lee, K., Caverlee, J. and Webb, S., 2010, April. The social honeypot project: protecting online communities from spammers. In Proceedings of the 19th international conference on World wide web (pp. 1139–1140). ACM.
Lee, S. and Kim, J., 2012, February. WarningBird: Detecting Suspicious URLs in Twitter Stream. In NDSS (Vol. 12, pp. 1–13).
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J. and Nunge, E., 2007, July. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security (pp. 88–99). ACM.
Xiang, G., Hong, J., Rose, C.P. and Cranor, L., 2011. Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC), 14(2), p.21.
Pandeym T. and Khare, P, 2017. Bluetooth Hacking and its Prevention. http://www.lnttechservices.com/sites/default/files/resources/pdf/whitepapers/2017-12/Bluetooth-Hacking-and-its-Prevention.pdf
Shamsi, J.A., Hameed, S., Rahman, W., Zuberi, F., Altaf, K. and Amjad, A., 2014, January. Clicksafe: Providing security against clickjacking attacks. In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International Symposium on (pp. 206–210). IEEE.
Larson, M., Massey, D., Rose, S., Arends, R. and Austein, R., 2005. DNS security introduction and requirements. IETF. https://tools.ietf.org/html/rfc4033
Shahzad, R.K. and Lavesson, N., 2011, August. Detecting scareware by mining variable length instruction sequences. In Information Security South Africa (ISSA), 2011 (pp. 1–8). IEEE.
Seifert, C., Stokes, J.W., Colcernian, C., Platt, J.C. and Lu, L., 2013, May. Robust scareware image detection. In Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on (pp. 2920–2924). IEEE.
BufferZone Pro, 2014. BufferZone-Pro sandbox. http://www.trustware.com/BufferZone-Pro/
Alnajjar, A.Y., Manickam, S., Anbar, M., Al-saleem, S. and Elejla, O., 2016. TrustQR: A New Technique for the Detection of Phishing Attacks on QR Code. Advanced Science Letters, 22(10), pp.2905–2909.
Beyah, R., Kangude, S., Yu, G., Strickland, B. and Copeland, J., 2004, December. Rogue access point detection using temporal traffic characteristics. In Global Telecommunications Conference, 2004. GLOBECOM’04. IEEE (Vol. 4, pp. 2271–2275). IEEE.
Al-Khamis, A.K. and Khalafallah, A.A., 2015, November. Secure Internet on Google Chrome: Client side anti-tabnabbing extension. In Anti-Cybercrime (ICACC), 2015 First International Conference on (pp. 1–4). IEEE.
Kharraz, A., Arshad, S., Mulliner, C., Robertson, W.K. and Kirda, E., 2016, August. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757–772).
Vinayakumar, R., Soman, K.P., Velan, K.S. and Ganorkar, S., 2017, September. Evaluating shallow and deep networks for ransomware detection and classification. In Advances in Computing, Communications and Informatics (ICACCI), 2017 International Conference on (pp. 259–265). IEEE.
Mercaldo, F., Nardone, V., Santone, A. and Visaggio, C.A., 2016, June. Ransomware steals your phone. formal methods rescue it. In International Conference on Formal Techniques for Distributed Objects, Components, and Systems (pp. 212–221). Springer, Cham.
Bandhakavi, S., King, S.T., Madhusudan, P. and Winslett, M., 2010, August. VEX: Vetting Browser Extensions for Security Vulnerabilities. In USENIX Security Symposium (Vol. 10, pp. 339–354).
Ter Louw, M., Lim, J.S. and Venkatakrishnan, V.N., 2008. Enhancing web browser security against malware extensions. Journal in Computer Virology, 4(3), pp. 179–195.
Ford, S., Cova, M., Kruegel, C. and Vigna, G., 2009, December. Analyzing and detecting malicious flash advertisements. In Computer Security Applications Conference, 2009. ACSAC’09. Annual (pp. 363–372). IEEE.
Li, Z., Zhang, K., Xie, Y., Yu, F. and Wang, X., 2012, October. Knowing your enemy: understanding and detecting malicious web advertising. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 674–686). ACM.
Poornachandran, P., Balagopal, N., Pal, S., Ashok, A., Sankar, P. and Krishnan, M.R., 2017. Demalvertising: A Kernel Approach for Detecting Malwares in Advertising Networks. In Proceedings of the First International Conference on Intelligent Computing and Communication (pp. 215–224). Springer, Singapore.
Patil, K., 2016. Request dependency integrity: validating web requests using dependencies in the browser environment. International Journal of Information Privacy, Security and Integrity, 2(4), pp. 281–306.
Banerjee, A., Rahman, M.S. and Faloutsos, M., 2011. SUT: Quantifying and mitigating url typosquatting. Computer Networks, 55(13), pp. 3001–3014.
Szurdi, J., Kocso, B., Cseh, G., Spring, J., Felegyhazi, M. and Kanich, C., 2014, August. The Long “Taile” of Typosquatting Domain Names. In USENIX Security Symposium (pp. 191–206).
Almeida, Tiago, Renato Moraes Silva, and Akebo Yamakami. “Machine learning methods for spamdexing detection.” International Journal of Information Security Science 2, no. 3 (2013): 86–107.
Geng, G.G., Wang, C.H. and Li, Q.D., 2008, January. Improving Spamdexing Detection Via a Two-Stage Classification Strategy. In Asia Information Retrieval Symposium (pp. 356–364). Springer, Berlin, Heidelberg.
Abou-Assaleh, T. and Das, T., 2006, November. Combating spamdexing: Incorporating heuristics in link-based ranking. In International Workshop on Algorithms and Models for the Web-Graph (pp. 97–106). Springer, Berlin, Heidelberg.
Shahriar, H., Haddad, H. and Devendran, V.K., 2015. Request and Response Analysis Framework for Mitigating Clickjacking Attacks. International Journal of Secure Software Engineering (IJSSE), 6(3), pp. 1–25.
Johns, M. and Lekies, S., 2013, October. Tamper-resistant likejacking protection. In International Workshop on Recent Advances in Intrusion Detection (pp. 265–285). Springer, Berlin, Heidelberg.
Sarjaz, B.S. and Abbaspour, M., 2013. Securing BitTorrent using a new reputation-based trust management system. Peer-to-Peer Networking and Applications, 6(1), pp. 86–100.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Heartfield, R., Loukas, G. (2018). Protection Against Semantic Social Engineering Attacks. In: Conti, M., Somani, G., Poovendran, R. (eds) Versatile Cybersecurity. Advances in Information Security, vol 72. Springer, Cham. https://doi.org/10.1007/978-3-319-97643-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-97643-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-97642-6
Online ISBN: 978-3-319-97643-3
eBook Packages: Computer ScienceComputer Science (R0)