Design of Security Training System for Individual Users

Design of Security Training System for Individual Users

A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Wireless personal communications 2016-10, Vol.90 (3), p.1105-1120
Hauptverfasser: Lim, Il-kwon, Park, Young-Gil, Lee, Jae-Kwang
Format: Artikel
Sprache:eng
Schlagworte:
Anti-virus software
Communications Engineering
Computer Communication Networks
Electronic mail
Email
Engineering
Filtration
Messages
Networks
Phishing
Psychology
Security
Security management
Short message service
Signal,Image and Speech Processing
Smartphones
Training
Trustworthiness
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1120
container_issue 3
container_start_page 1105
container_title Wireless personal communications
container_volume 90
creator Lim, Il-kwon
Park, Young-Gil
Lee, Jae-Kwang
description A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.
doi_str_mv 10.1007/s11277-016-3380-z
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1864554276</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1864554276</sourcerecordid><originalsourceid>FETCH-LOGICAL-c392t-e3806a0fc524642ac91e518b79de801a396c4f055f65072903214a94c1cdfbe63</originalsourceid><addsrcrecordid>eNp1kEtLAzEURoMoWKs_wN2AGzfRm0wek6XUV0Fw0RbchTSTlJTpTE1mhPbXm1IXIri6m3M-LgehawJ3BEDeJ0KolBiIwGVZAd6foBHhkuKqZB-naASKKiwooefoIqU1QLYUHSH56FJYtUXni5mzQwz9rphHE9rQrorZLvVuU_guFtO2Dl-hHkxTLJKL6RKdedMkd_Vzx2jx_DSfvOK395fp5OEN21LRHrv8izDgLadMMGqsIo6TailV7SogplTCMg-ce8FBUgUlJcwoZomt_dKJcoxuj7vb2H0OLvV6E5J1TWNa1w1Jk0owzhmVB_TmD7ruhtjm7zJVQSVAyipT5EjZ2KUUndfbGDYm7jQBfUipjyl1TqkPKfU-O_TopMy2Kxd_Lf8rfQMarHTw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1880860778</pqid></control><display><type>article</type><title>Design of Security Training System for Individual Users</title><source>SpringerLink Journals</source><creator>Lim, Il-kwon ; Park, Young-Gil ; Lee, Jae-Kwang</creator><creatorcontrib>Lim, Il-kwon ; Park, Young-Gil ; Lee, Jae-Kwang</creatorcontrib><description>A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.</description><identifier>ISSN: 0929-6212</identifier><identifier>EISSN: 1572-834X</identifier><identifier>DOI: 10.1007/s11277-016-3380-z</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Anti-virus software ; Communications Engineering ; Computer Communication Networks ; Electronic mail ; Email ; Engineering ; Filtration ; Messages ; Networks ; Phishing ; Psychology ; Security ; Security management ; Short message service ; Signal,Image and Speech Processing ; Smartphones ; Training ; Trustworthiness</subject><ispartof>Wireless personal communications, 2016-10, Vol.90 (3), p.1105-1120</ispartof><rights>Springer Science+Business Media New York 2016</rights><rights>Copyright Springer Science &amp; Business Media 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c392t-e3806a0fc524642ac91e518b79de801a396c4f055f65072903214a94c1cdfbe63</citedby><cites>FETCH-LOGICAL-c392t-e3806a0fc524642ac91e518b79de801a396c4f055f65072903214a94c1cdfbe63</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11277-016-3380-z$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11277-016-3380-z$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Lim, Il-kwon</creatorcontrib><creatorcontrib>Park, Young-Gil</creatorcontrib><creatorcontrib>Lee, Jae-Kwang</creatorcontrib><title>Design of Security Training System for Individual Users</title><title>Wireless personal communications</title><addtitle>Wireless Pers Commun</addtitle><description>A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.</description><subject>Anti-virus software</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Electronic mail</subject><subject>Email</subject><subject>Engineering</subject><subject>Filtration</subject><subject>Messages</subject><subject>Networks</subject><subject>Phishing</subject><subject>Psychology</subject><subject>Security</subject><subject>Security management</subject><subject>Short message service</subject><subject>Signal,Image and Speech Processing</subject><subject>Smartphones</subject><subject>Training</subject><subject>Trustworthiness</subject><issn>0929-6212</issn><issn>1572-834X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNp1kEtLAzEURoMoWKs_wN2AGzfRm0wek6XUV0Fw0RbchTSTlJTpTE1mhPbXm1IXIri6m3M-LgehawJ3BEDeJ0KolBiIwGVZAd6foBHhkuKqZB-naASKKiwooefoIqU1QLYUHSH56FJYtUXni5mzQwz9rphHE9rQrorZLvVuU_guFtO2Dl-hHkxTLJKL6RKdedMkd_Vzx2jx_DSfvOK395fp5OEN21LRHrv8izDgLadMMGqsIo6TailV7SogplTCMg-ce8FBUgUlJcwoZomt_dKJcoxuj7vb2H0OLvV6E5J1TWNa1w1Jk0owzhmVB_TmD7ruhtjm7zJVQSVAyipT5EjZ2KUUndfbGDYm7jQBfUipjyl1TqkPKfU-O_TopMy2Kxd_Lf8rfQMarHTw</recordid><startdate>20161001</startdate><enddate>20161001</enddate><creator>Lim, Il-kwon</creator><creator>Park, Young-Gil</creator><creator>Lee, Jae-Kwang</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20161001</creationdate><title>Design of Security Training System for Individual Users</title><author>Lim, Il-kwon ; Park, Young-Gil ; Lee, Jae-Kwang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c392t-e3806a0fc524642ac91e518b79de801a396c4f055f65072903214a94c1cdfbe63</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Anti-virus software</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Electronic mail</topic><topic>Email</topic><topic>Engineering</topic><topic>Filtration</topic><topic>Messages</topic><topic>Networks</topic><topic>Phishing</topic><topic>Psychology</topic><topic>Security</topic><topic>Security management</topic><topic>Short message service</topic><topic>Signal,Image and Speech Processing</topic><topic>Smartphones</topic><topic>Training</topic><topic>Trustworthiness</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lim, Il-kwon</creatorcontrib><creatorcontrib>Park, Young-Gil</creatorcontrib><creatorcontrib>Lee, Jae-Kwang</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Wireless personal communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lim, Il-kwon</au><au>Park, Young-Gil</au><au>Lee, Jae-Kwang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Design of Security Training System for Individual Users</atitle><jtitle>Wireless personal communications</jtitle><stitle>Wireless Pers Commun</stitle><date>2016-10-01</date><risdate>2016</risdate><volume>90</volume><issue>3</issue><spage>1105</spage><epage>1120</epage><pages>1105-1120</pages><issn>0929-6212</issn><eissn>1572-834X</eissn><abstract>A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11277-016-3380-z</doi><tpages>16</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0929-6212
ispartof Wireless personal communications, 2016-10, Vol.90 (3), p.1105-1120
issn 0929-6212
1572-834X
language eng
recordid cdi_proquest_miscellaneous_1864554276
source SpringerLink Journals
subjects Anti-virus software
Communications Engineering
Computer Communication Networks
Electronic mail
Email
Engineering
Filtration
Messages
Networks
Phishing
Psychology
Security
Security management
Short message service
Signal,Image and Speech Processing
Smartphones
Training
Trustworthiness
title Design of Security Training System for Individual Users
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T07%3A37%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Design%20of%20Security%20Training%20System%20for%20Individual%20Users&rft.jtitle=Wireless%20personal%20communications&rft.au=Lim,%20Il-kwon&rft.date=2016-10-01&rft.volume=90&rft.issue=3&rft.spage=1105&rft.epage=1120&rft.pages=1105-1120&rft.issn=0929-6212&rft.eissn=1572-834X&rft_id=info:doi/10.1007/s11277-016-3380-z&rft_dat=%3Cproquest_cross%3E1864554276%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1880860778&rft_id=info:pmid/&rfr_iscdi=true