Research Article
Year 2021,
Volume: 9 Issue: 3 - Additional Issue, 348 - 358, 29.05.2021
Abstract
Users are seen as the weakest link in the information security chain. While many systems are installed to provide information security in institutions, they cannotprovide full security and cannot prevent some attacks from reaching users. For this reason, enterprise information security can not be mentioned without going down to the end-user level. The most common attack type against end-users is phishing attacks. The purpose of this study is to develop an phishing experiment to determine the users’ awareness level of information security and to determine the points that should be considered in case of phishing experiments to obtain accurate results.
References
- [1] J. Mao, J. Bian, W. Tian, S. Zhu, T. Wei, A. Live ve Z. Liang, “Detecting phishing web sites via aggregation analysis of pagelayouts,” ProcediaComputerScience, c. 129, ss. 224–230, 2018.
- [2] L. De Kimpe, M. Walrave, W. Hardyns, L. Pauwels ve K. Ponnet, “You’vegot mail! Explaining individual differences in becoming a phishing target,”Telematicsand Informatics, c. 35, s. 5, ss. 1277–1287, 2018.
- [3] A. A. Orunsolu, A. S. Sodiya ve A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University – Computer and Information Sciences, Basımda.
- [4] K. A. Molinaro ve M. L. Bolton, “Evaluating the applicability of the double system lens model to the analysis of phishing email judgments,” Computers and Security, c. 77, ss. 128–137, 2018.
- [5] M. Silic ve A. Back, “The dark side of social networking sites: Understanding phishing risks,” Computers in Human Behavior, c. 60, ss. 35-43, 2016.
- [6] O. Koray, E. Buber, O. Demir ve B. Diri, “Machine learning based phishing detection from URLs, ”Expert Systems With Applications, c. 117, ss. 345–357, 2019.
- [7] A. Ferreira ve S. Teles, “Persuasion: How phishingemails can influence users and bypass security measures,” Int. J. Hum. Comput. Stud., c. 125, ss. 19–31, 2019.
- [8] A. Aleroud ve L. Zhou, “Phishing environments, techniques, and countermeasures: A survey,” Comput. Secur., c. 68, ss. 160–196, 2017.
- [9] W. Wei, Q. Ke, J. Nowak, M. Korytkowski, R. Scherer ve M. Woźniak, “Accurate and fast URL phishing detector: A convolutional neural network approach,” Comput. Networks, c. 178, 2020.
- [10] R. C. Dodge ve A. J. Ferguson, “Using phishing foruser email security awareness,” IFIP Int. Fed. Inf. Process., c. 201, ss. 454–459, 2006.
- [11] K. Parsons, M. Butavicius, P. Delfabbro ve M. Lillie, “Predicting susceptibility to social influence in phishing emails,” International Journal of Human Computer Studies, c. 128, ss. 17–26, 2019.
- [12] J. G. Mohebzada, A. E. Zarka, A. H. Bhojani ve A. Darwish, “Phishing in a University Community Two large scale phishing experiments,” 2012 International Conference on Innovations in Information Technology, 2012, ss. 249-254.
- [13] Ö. H. Durmuş, Kernel Blog. (2019, 1 Temmuz), Post exploitation: empire kullanımı. [Online]. Erişim: https://kernelblog.org/2019/07/post-exploitationempire-kullanimi/
- [14] A. Oransulu, A. Sodiya, A. Akinwale ve B. Olajuwon, “An anti-phishing kit scheme for secure web transactions,” In the Proceedings of 3rd ICISSP Conference, Porto Potrugal, Scıtepress, 2017, ss.15-24.
- [15] W. RochaFlores, H. Holm, G. Svensson ve G. Ericsson, “Using phishing experiments and scenario-based surveys to understand security behaviours in practice,” Inf. Manag. Comput. Secur., c. 22, s. 4, ss. 393–406, 2014.
Year 2021,
Volume: 9 Issue: 3 - Additional Issue, 348 - 358, 29.05.2021
Abstract
Kullanıcılar bilgi güvenliği zincirinde en zayıf halka olarak görülmektedir. Kurumlarda bilgi güvenliğini sağlamaya yönelik pek çok sistem kurulsa da bunlar tam bir güvenlik sağlayamamakta, bazı saldırıların kullanıcılara ulaşmasını engelleyememektedir. Bu nedenle son kullanıcı seviyesine inmeden kurumsal bir bilgi güvenliğinden bahsedilemez. Kullanıcılara yönelik saldırıların başındaoltalama saldırıları gelmektedir. Bu çalışmanın amacı, kullanıcıların bilgi güvenliği farkındalık düzeylerini tespit etmeye yönelik bir oltalama tatbikatının geliştirilmesi ve doğru sonuçlar elde etmek için oltalama tatbikatlarında dikkat edilmesi gereken hususların belirlenmesidir.
References
- [1] J. Mao, J. Bian, W. Tian, S. Zhu, T. Wei, A. Live ve Z. Liang, “Detecting phishing web sites via aggregation analysis of pagelayouts,” ProcediaComputerScience, c. 129, ss. 224–230, 2018.
- [2] L. De Kimpe, M. Walrave, W. Hardyns, L. Pauwels ve K. Ponnet, “You’vegot mail! Explaining individual differences in becoming a phishing target,”Telematicsand Informatics, c. 35, s. 5, ss. 1277–1287, 2018.
- [3] A. A. Orunsolu, A. S. Sodiya ve A. T. Akinwale, “A predictive model for phishing detection,” Journal of King Saud University – Computer and Information Sciences, Basımda.
- [4] K. A. Molinaro ve M. L. Bolton, “Evaluating the applicability of the double system lens model to the analysis of phishing email judgments,” Computers and Security, c. 77, ss. 128–137, 2018.
- [5] M. Silic ve A. Back, “The dark side of social networking sites: Understanding phishing risks,” Computers in Human Behavior, c. 60, ss. 35-43, 2016.
- [6] O. Koray, E. Buber, O. Demir ve B. Diri, “Machine learning based phishing detection from URLs, ”Expert Systems With Applications, c. 117, ss. 345–357, 2019.
- [7] A. Ferreira ve S. Teles, “Persuasion: How phishingemails can influence users and bypass security measures,” Int. J. Hum. Comput. Stud., c. 125, ss. 19–31, 2019.
- [8] A. Aleroud ve L. Zhou, “Phishing environments, techniques, and countermeasures: A survey,” Comput. Secur., c. 68, ss. 160–196, 2017.
- [9] W. Wei, Q. Ke, J. Nowak, M. Korytkowski, R. Scherer ve M. Woźniak, “Accurate and fast URL phishing detector: A convolutional neural network approach,” Comput. Networks, c. 178, 2020.
- [10] R. C. Dodge ve A. J. Ferguson, “Using phishing foruser email security awareness,” IFIP Int. Fed. Inf. Process., c. 201, ss. 454–459, 2006.
- [11] K. Parsons, M. Butavicius, P. Delfabbro ve M. Lillie, “Predicting susceptibility to social influence in phishing emails,” International Journal of Human Computer Studies, c. 128, ss. 17–26, 2019.
- [12] J. G. Mohebzada, A. E. Zarka, A. H. Bhojani ve A. Darwish, “Phishing in a University Community Two large scale phishing experiments,” 2012 International Conference on Innovations in Information Technology, 2012, ss. 249-254.
- [13] Ö. H. Durmuş, Kernel Blog. (2019, 1 Temmuz), Post exploitation: empire kullanımı. [Online]. Erişim: https://kernelblog.org/2019/07/post-exploitationempire-kullanimi/
- [14] A. Oransulu, A. Sodiya, A. Akinwale ve B. Olajuwon, “An anti-phishing kit scheme for secure web transactions,” In the Proceedings of 3rd ICISSP Conference, Porto Potrugal, Scıtepress, 2017, ss.15-24.
- [15] W. RochaFlores, H. Holm, G. Svensson ve G. Ericsson, “Using phishing experiments and scenario-based surveys to understand security behaviours in practice,” Inf. Manag. Comput. Secur., c. 22, s. 4, ss. 393–406, 2014.
There are 15 citations in total.
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Engineering |
| Journal Section | Articles |
| Authors | |
| Publication Date | May 29, 2021 |
| Published in Issue | Year 2021 Volume: 9 Issue: 3 - Additional Issue |
