Design of Security Training System for Individual Users

Design of Security Training System for Individual Users

A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Wireless personal communications 2016-10, Vol.90 (3), p.1105-1120
Hauptverfasser: Lim, Il-kwon, Park, Young-Gil, Lee, Jae-Kwang
Format: Artikel
Sprache:eng
Schlagworte:
Anti-virus software
Communications Engineering
Computer Communication Networks
Electronic mail
Email
Engineering
Filtration
Messages
Networks
Phishing
Psychology
Security
Security management
Short message service
Signal,Image and Speech Processing
Smartphones
Training
Trustworthiness
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.
ISSN:0929-6212
1572-834X
DOI:10.1007/s11277-016-3380-z