Research Article
BibTex RIS Cite

Phishing Attacks Awareness Exercise Example

Year 2021, , 348 - 358, 29.05.2021
https://doi.org/10.29130/dubited.832862

Abstract

Users are seen as the weakest link in the information security chain. While many systems are installed to provide information security in institutions, they cannotprovide full security and cannot prevent some attacks from reaching users. For this reason, enterprise information security can not be mentioned without going down to the end-user level. The most common attack type against end-users is phishing attacks. The purpose of this study is to develop an phishing experiment to determine the users’ awareness level of information security and to determine the points that should be considered in case of phishing experiments to obtain accurate results.

References

  • [1] J. Mao, J. Bian, W. Tian, S. Zhu, T. Wei, A. Live ve Z. Liang, “Detecting phishing web sites via aggregation analysis of pagelayouts,” ProcediaComputerScience, c. 129, ss. 224–230, 2018.
  • [2] L. De Kimpe, M. Walrave, W. Hardyns, L. Pauwels ve K. Ponnet, “You’vegot mail! Explaining individual differences in becoming a phishing target,”Telematicsand Informatics, c. 35, s. 5, ss. 1277–1287, 2018.
  • [3] A. A. Orunsolu, A. S. Sodiya ve A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University – Computer and Information Sciences, Basımda.
  • [4] K. A. Molinaro ve M. L. Bolton, “Evaluating the applicability of the double system lens model to the analysis of phishing email judgments,” Computers and Security, c. 77, ss. 128–137, 2018.
  • [5] M. Silic ve A. Back, “The dark side of social networking sites: Understanding phishing risks,” Computers in Human Behavior, c. 60, ss. 35-43, 2016.
  • [6] O. Koray, E. Buber, O. Demir ve B. Diri, “Machine learning based phishing detection from URLs, ”Expert Systems With Applications, c. 117, ss. 345–357, 2019.
  • [7] A. Ferreira ve S. Teles, “Persuasion: How phishingemails can influence users and bypass security measures,” Int. J. Hum. Comput. Stud., c. 125, ss. 19–31, 2019.
  • [8] A. Aleroud ve L. Zhou, “Phishing environments, techniques, and countermeasures: A survey,” Comput. Secur., c. 68, ss. 160–196, 2017.
  • [9] W. Wei, Q. Ke, J. Nowak, M. Korytkowski, R. Scherer ve M. Woźniak, “Accurate and fast URL phishing detector: A convolutional neural network approach,” Comput. Networks, c. 178, 2020.
  • [10] R. C. Dodge ve A. J. Ferguson, “Using phishing foruser email security awareness,” IFIP Int. Fed. Inf. Process., c. 201, ss. 454–459, 2006.
  • [11] K. Parsons, M. Butavicius, P. Delfabbro ve M. Lillie, “Predicting susceptibility to social influence in phishing emails,” International Journal of Human Computer Studies, c. 128, ss. 17–26, 2019.
  • [12] J. G. Mohebzada, A. E. Zarka, A. H. Bhojani ve A. Darwish, “Phishing in a University Community Two large scale phishing experiments,” 2012 International Conference on Innovations in Information Technology, 2012, ss. 249-254.
  • [13] Ö. H. Durmuş, Kernel Blog. (2019, 1 Temmuz), Post exploitation: empire kullanımı. [Online]. Erişim: https://kernelblog.org/2019/07/post-exploitationempire-kullanimi/
  • [14] A. Oransulu, A. Sodiya, A. Akinwale ve B. Olajuwon, “An anti-phishing kit scheme for secure web transactions,” In the Proceedings of 3rd ICISSP Conference, Porto Potrugal, Scıtepress, 2017, ss.15-24.
  • [15] W. RochaFlores, H. Holm, G. Svensson ve G. Ericsson, “Using phishing experiments and scenario-based surveys to understand security behaviours in practice,” Inf. Manag. Comput. Secur., c. 22, s. 4, ss. 393–406, 2014.

Oltalama Saldırıları Farkındalık Tatbikatı Örneği

Year 2021, , 348 - 358, 29.05.2021
https://doi.org/10.29130/dubited.832862

Abstract

Kullanıcılar bilgi güvenliği zincirinde en zayıf halka olarak görülmektedir. Kurumlarda bilgi güvenliğini sağlamaya yönelik pek çok sistem kurulsa da bunlar tam bir güvenlik sağlayamamakta, bazı saldırıların kullanıcılara ulaşmasını engelleyememektedir. Bu nedenle son kullanıcı seviyesine inmeden kurumsal bir bilgi güvenliğinden bahsedilemez. Kullanıcılara yönelik saldırıların başındaoltalama saldırıları gelmektedir. Bu çalışmanın amacı, kullanıcıların bilgi güvenliği farkındalık düzeylerini tespit etmeye yönelik bir oltalama tatbikatının geliştirilmesi ve doğru sonuçlar elde etmek için oltalama tatbikatlarında dikkat edilmesi gereken hususların belirlenmesidir.

References

  • [1] J. Mao, J. Bian, W. Tian, S. Zhu, T. Wei, A. Live ve Z. Liang, “Detecting phishing web sites via aggregation analysis of pagelayouts,” ProcediaComputerScience, c. 129, ss. 224–230, 2018.
  • [2] L. De Kimpe, M. Walrave, W. Hardyns, L. Pauwels ve K. Ponnet, “You’vegot mail! Explaining individual differences in becoming a phishing target,”Telematicsand Informatics, c. 35, s. 5, ss. 1277–1287, 2018.
  • [3] A. A. Orunsolu, A. S. Sodiya ve A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University – Computer and Information Sciences, Basımda.
  • [4] K. A. Molinaro ve M. L. Bolton, “Evaluating the applicability of the double system lens model to the analysis of phishing email judgments,” Computers and Security, c. 77, ss. 128–137, 2018.
  • [5] M. Silic ve A. Back, “The dark side of social networking sites: Understanding phishing risks,” Computers in Human Behavior, c. 60, ss. 35-43, 2016.
  • [6] O. Koray, E. Buber, O. Demir ve B. Diri, “Machine learning based phishing detection from URLs, ”Expert Systems With Applications, c. 117, ss. 345–357, 2019.
  • [7] A. Ferreira ve S. Teles, “Persuasion: How phishingemails can influence users and bypass security measures,” Int. J. Hum. Comput. Stud., c. 125, ss. 19–31, 2019.
  • [8] A. Aleroud ve L. Zhou, “Phishing environments, techniques, and countermeasures: A survey,” Comput. Secur., c. 68, ss. 160–196, 2017.
  • [9] W. Wei, Q. Ke, J. Nowak, M. Korytkowski, R. Scherer ve M. Woźniak, “Accurate and fast URL phishing detector: A convolutional neural network approach,” Comput. Networks, c. 178, 2020.
  • [10] R. C. Dodge ve A. J. Ferguson, “Using phishing foruser email security awareness,” IFIP Int. Fed. Inf. Process., c. 201, ss. 454–459, 2006.
  • [11] K. Parsons, M. Butavicius, P. Delfabbro ve M. Lillie, “Predicting susceptibility to social influence in phishing emails,” International Journal of Human Computer Studies, c. 128, ss. 17–26, 2019.
  • [12] J. G. Mohebzada, A. E. Zarka, A. H. Bhojani ve A. Darwish, “Phishing in a University Community Two large scale phishing experiments,” 2012 International Conference on Innovations in Information Technology, 2012, ss. 249-254.
  • [13] Ö. H. Durmuş, Kernel Blog. (2019, 1 Temmuz), Post exploitation: empire kullanımı. [Online]. Erişim: https://kernelblog.org/2019/07/post-exploitationempire-kullanimi/
  • [14] A. Oransulu, A. Sodiya, A. Akinwale ve B. Olajuwon, “An anti-phishing kit scheme for secure web transactions,” In the Proceedings of 3rd ICISSP Conference, Porto Potrugal, Scıtepress, 2017, ss.15-24.
  • [15] W. RochaFlores, H. Holm, G. Svensson ve G. Ericsson, “Using phishing experiments and scenario-based surveys to understand security behaviours in practice,” Inf. Manag. Comput. Secur., c. 22, s. 4, ss. 393–406, 2014.
There are 15 citations in total.

Details

Primary Language Turkish
Subjects Engineering
Journal Section Articles
Authors

Yenal Arslan 0000-0002-1776-6091

Publication Date May 29, 2021
Published in Issue Year 2021

Cite

APA Arslan, Y. (2021). Oltalama Saldırıları Farkındalık Tatbikatı Örneği. Duzce University Journal of Science and Technology, 9(3), 348-358. https://doi.org/10.29130/dubited.832862
AMA Arslan Y. Oltalama Saldırıları Farkındalık Tatbikatı Örneği. DÜBİTED. May 2021;9(3):348-358. doi:10.29130/dubited.832862
Chicago Arslan, Yenal. “Oltalama Saldırıları Farkındalık Tatbikatı Örneği”. Duzce University Journal of Science and Technology 9, no. 3 (May 2021): 348-58. https://doi.org/10.29130/dubited.832862.
EndNote Arslan Y (May 1, 2021) Oltalama Saldırıları Farkındalık Tatbikatı Örneği. Duzce University Journal of Science and Technology 9 3 348–358.
IEEE Y. Arslan, “Oltalama Saldırıları Farkındalık Tatbikatı Örneği”, DÜBİTED, vol. 9, no. 3, pp. 348–358, 2021, doi: 10.29130/dubited.832862.
ISNAD Arslan, Yenal. “Oltalama Saldırıları Farkındalık Tatbikatı Örneği”. Duzce University Journal of Science and Technology 9/3 (May 2021), 348-358. https://doi.org/10.29130/dubited.832862.
JAMA Arslan Y. Oltalama Saldırıları Farkındalık Tatbikatı Örneği. DÜBİTED. 2021;9:348–358.
MLA Arslan, Yenal. “Oltalama Saldırıları Farkındalık Tatbikatı Örneği”. Duzce University Journal of Science and Technology, vol. 9, no. 3, 2021, pp. 348-5, doi:10.29130/dubited.832862.
Vancouver Arslan Y. Oltalama Saldırıları Farkındalık Tatbikatı Örneği. DÜBİTED. 2021;9(3):348-5.