Técnica de protección para credenciales de autenticación en redes sociales y correo electrónico ante ataques phishing

Thumbnail
QRCode
Share
Author
Noreña Cardona, Paola Andrea
Calderón Restrepo, Sergio
Publisher
Universidad Nacional Abierta y a Distancia, UNAD
Bibliographic managers
Metadata
Show full item record
Abstract
Una credencial de autenticación es una orden que autoriza el acceso a una red social, correo electrónico u otros sitios web que requieren información personal de un usuario registrado. El phishing (suplantación de identidad) es un ataque fraudulento desde sitios web engañosos a credenciales de autenticación. Algunos autores plantean enfoques basados en la detección y prevención de estos ataques phishing en redes sociales y correos electrónicos. Sin embargo, las cifras de estos ataques continúan incrementando, debido a que los usuarios siguen incurriendo en errores como la falta de conocimiento, el descuido visual y la falta de atención, que facilitan estos ataques. En este artículo se realiza un análisis de los riesgos y causas de ataques phishing a credenciales de autenticación en redes sociales y correos electrónicos. Además, se propone una técnica de protección para estas credenciales, mediante procedimientos de fácil recordación. Los procedimientos de la técnica se realizan para prevenir los riesgos a partir del conocimiento, atención y cuidado visual del usuario. Así también, se aplica la técnica a algunos usuarios.
College
http://hemeroteca.unad.edu.co/index.php/publicaciones-e-investigacion/article/view/2960/3074
http://hemeroteca.unad.edu.co/index.php/publicaciones-e-investigacion/article/view/2960/3014
/*ref*/M. Khonji, Y. Iraqi and A. Jones, "Phishing Detection: A Literature Survey," in IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2091-2121, Fourth Quarter 2013.
/*ref*/J. Hong, "The State of Phishing Attacks", Communications of the ACM”, 8, 74-81, 2012.
/*ref*/E. Nikulchev, and E. Pluzhnik, “Study of Chaos in the Traffic of Computer Networks”, International Journal of Advanced Computer Science and Applications, vol. 5 no. 9, pp. 60-62, 2014.
/*ref*/M. Dadkhah, V. Lyashenko, and M. Jazi, “Methodology of the Chaos Theory in research of phishing attacks” International Journal of Academic Research, vol. 7, no. 1, 2015.
/*ref*/M. Mishra, and J. Gaurav, “A Preventive Anti-Phishing Technique using Code word” International Journal of Computer Science and Information Technologies, vol. 3, no. 3, pp. 4248-4250, 2012.
/*ref*/V. Reddy, V. Radha, and M. Jindal, “Client Side protection from Phishing attack”, International Journal of Advanced Engineering Sciences and Technologies, vol. 3 no. 1, pp. 39-45, 2011.
/*ref*/D. Sastoque, and R. Botero. "Técnicas de detección y control de phishing", Cuaderno Activa, vol. 7, pp. 75-81, 2015.
/*ref*/J. Samper, and Bolaño, M. R. “Seguridad informática en el siglo xx: una perspectiva jurídica tecnológica enfocada hacia las organizaciones nacionales y mundiales”, Publicaciones e Investigación, vol. 9, pp. 153-162, 2015.
/*ref*/N. Asanka, G. Arachchilage, S. Love, and M. Scott, “Designing a Mobile Game to Teach Conceptual Knowledge of Avoiding Phishing Attacks” International Journal for e-Learning Security (IJeLS) vol. 2, no. 1, pp. 127-132, 2012.
/*ref*/S. Purkait, “Factors that influence internet Phishing website”, The IUP Journal of Information Technology, vol. 7, no. 3, pp. 7-38, 2012.
/*ref*/J. Hong, “The State of Phishing Attacks”, Communications of the ACM, vol. 55, no. 1, pp. 75-81, 2012.
/*ref*/C. Marforio, R. Jayaram Masti, C. Soriente, Kari Kostiainen, and Srdjan Capkun, “Personalized Security Indicators to Detect Application Phishing Attacks in Mobile Platforms”, Cryptography and Security, pp. 1-15, 2015.
/*ref*/Informes técnicos
/*ref*/Microsoft, “Introducción técnica a las credenciales almacenadas y almacenadas en caché”, Disponible en: https://technet.microsoft.com/es-es/library/hh994565(v=ws.11).aspx
/*ref*/P. Prandini and M. L. Maggiore, “Ciberdelito En América Latina y El Caribe, Una Visión Desde La Sociedad Civil”, proyecto amparo, 2013.
/*ref*/Antiphishing Working Group (APWG), “Global Phishing Survey: Trends and Domain Name Use in 1H2012”, Tecnhical report, An APWG industry advisory, 2012.
/*ref*/P. Jungles, M. Simos, A. Margosis, R. Grimes and L. Robinson, "Techniques, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft," Technical Document, vol. 82, 2012.
/*ref*/Phishing.org, "Phishing techniques", Report document, 2011, Available: http://www.phishing.org/phishing-techniques/.
/*ref*/Enough-is-Enough, "Social Media Statistics". Report document, Available: http://www.internetsafety101.org/Socialmediastats.htm. 2013.
/*ref*/APWG, Anti-phishing Working Group. "Phishing Activity Trends Reports" 2013, Available: http://docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf
/*ref*/NCSA, Norton and Zogby International, “2010 NCSA / Norton by Symantec Online Safety Study”, Technical Document, vol.12, 2010.
/*ref*/National Cyber Security Alliance and McAfee, "2012 NCSA / McAfee Online Safety Survey," Technical Document, vol. 11, 2012.
/*ref*/National Cyber Security Alliance and McAfee and PayPal, "2013 National Online Safety Study," Technical Document, vol. 7, 2013.
/*ref*/Artículos presentados en conferencias publicados
/*ref*/O. Salem, A. Hossain and M. Kamala, "Awareness Program and AI based Tool to Reduce Risk of Phishing Attacks," 2010 10th IEEE International Conference on Computer and Information Technology, Bradford, 2010, pp. 1418-1423.
/*ref*/Y. Zhang, J. I. Hong, and L. F. Cranor, “Cantina: a content-based approach to detecting phishing web sites”, WWW '07 Proceedings of the 16th international conference on World Wide Web, 2007, Hanoi, pp. 639-648.
/*ref*/V. Shreeram, M. Suban, P. Shanthi, and K. Manjula, "Anti-phishing detection of phishing attacks using genetic algorithm," 2010 International Conference on Communication Control and Computing Technologies, Ramanathapuram, 2010, pp. 447-450.
/*ref*/G. Kontaxis, I. Polakis, S. Ioannidis and E. P. Markatos, "Detecting social network profile cloning," 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), Seattle, WA, 2011, pp. 295-300.
/*ref*/M. Atighetchi and P. Pal, "Attribute-Based Prevention of Phishing Attacks," 2009 Eighth IEEE International Symposium on Network Computing and Applications, Cambridge, MA, 2009, pp. 266-269.
/*ref*/M. J. Scott, G. Ghinea and N. A. G. Arachchilage, "Assessing the Role of Conceptual Knowledge in an Anti-Phishing Educational Game," 2014 IEEE 14th International Conference on Advanced Learning Technologies, Athens, 2014, pp. 218-218.
/*ref*/S. Garera, N. Provos, M. Chew and A. D. Rubin, A framework for detection and measurement of phishing attacks, WORM '07 Proceedings of the 2007 ACM workshop on Recurring malcode, Alexandria, VA, 2007, pp. 1-8.
/*ref*/R. Dhamija, J. D. Tygar and M. Hearst, "Why Phishing Works" Proceeding, CHI '06 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Boston, MA, 2006, pp. 581-590.
/*ref*/M. Jakobsson, “The human factor in phishing” 3rd TIPPI Workshop, Trustworthy Interfaces for Passwords and Personal Information, Standford, 2007, pp. 1-19.
/*ref*/Tesis
/*ref*/D. d. Joode, "Does password fatigue increase the risk on a phishing attack?" Master Thesis, directed by M.V. Zaanen and J.J. Paijmans, Tilburg University, The Netherlands, 2012.
/*ref*/Libro
/*ref*/C.Wohlin, P. Runeson, M. Höst, M. C. Ohlsson, B.Regnell, and A. Wesslén, “Experimentation in software engineering” New York: Springer Science & Business Media, 2012.
Format
application/pdf
text/html
Type of digital resource
info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
URI
https://repository.unad.edu.co/handle/10596/29675
URL source
http://hemeroteca.unad.edu.co/index.php/publicaciones-e-investigacion/article/view/2960
http://dx.doi.org/10.22490/25394088.2960
Collections