Abstract
Phishing attacks are very damaging, costing even moderately sized companies an average of over $1 million per year. It is also a fast growing and quickly evolving threat with nearly 1.5 million phishing websites created each month while each phishing site having an average duration of 54 h. The combination of the potential damage done by phishing attacks and the complex task of “staying ahead of the phishers” requires a layered approach composed of multiple complimentary components. In this paper, we investigate phishing prevention from three different perspectives including web security gateway, email security gateway, and in-depth security awareness training.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
D.J. Brown, B. Suckow, T. Wang, A survey of intrusion detection systems. Department of Computer Science, University of California, San Diego (2002)
J. Chang, K.K. Venkatasubramanian, A.G. West, I. Lee, Analyzing and defending against web-based malware. ACM Comput. Surv. 45(4), 1–35 (2013)
M.E. Cueva Hurtado, G. Gutierrez, C.R. Narvaéz Guillen, F.J. Álvarez Pineda, M.D.C. Ruilova Sanchez, Systematic literature review: open source tools for intrusion detection in wired and wireless networks, in 2019 International Conference on Information Systems and Computer Science (INCISCOS) (2019), pp. 208–215
A. Das, S. Baki, A.E. Aassal, R. Verma, A. Dunbar, SOK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22(1), 671–708 (2019)
S. Edwards, Network Intrusion Detection Systems: Important IDS Network Security Vulnerabilities (2002)
J.M. Estevez-Tapiador, P. Garcia-Teodoro, J.E. Diaz-Verdejo, Anomaly detection methods in wired networks: a survey and taxonomy. Comput. Commun. 27(16), 1569–1584 (2004)
L. Fan, Y. Ma, W. Kou, D. Kang, T. Wang, Mail security gateway mechanism for email security, in 2015 International Symposium on Computers & Informatics (Atlantis Press, Paris, 2015)
E.D. Frauenstein, R. von Solms, Combatting phishing: a holistic human approach, in 2014 Information Security for South Africa (IEEE, New York, 2014), pp. 1–10
C. Gaboret, The successful low-cost deployment of a secure email gateway. Available at psu.edu, Citeseer database.
J.L. García-Dorado, P.M.S. del Río, J. Ramos, D. Muelas, V. Moreno, J.E.L. de Vergara, J. Aracil, Low-cost and high-performance: VoIP monitoring and full-data retention at multi-gb/s rates using commodity hardware. Int. J. Netw. Manage. 24(3), 181–199 (2014)
E.S. Grant, A.F. Mohammad, Cloud computing security gateway proposed service architecture, in Computer Games, Multimedia and Allied Technology (CGAT 2012) (2012), p. 124
Z. Inayat, A. Gani, N.B. Anuar, S. Anwar, M.K. Khan, Cloud-based intrusion detection and response system: open research issues, and solutions. Arab. J. Sci. Eng. 42(2), 399–423 (2017)
N. Jiang, H. Lin, Z. Yin, L. Zheng, Performance research on industrial demilitarized zone in defense-in-depth architecture. in 2018 IEEE International Conference on Information and Automation (ICIA) (2018), pp. 534–537
G.B. Joe Schreiber, R. Langston, List of open source IDS tools (2020)
M. Khonji, Y. Iraqi, A. Jones, Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091–2121 (2013)
S. Khurshid, S. Khan, S. Bashir, Text-based intelligent content filtering on social platforms, in 2014 12th International Conference on Frontiers of Information Technology (2014), pp. 232–237
M. Lanterman, Cybersecurity in pandemic times (2020). Accessed 03 Jun 2020
D. Laufenberg, L. Li, H. Shahriar, M. Han, Developing a blockchain-enabled collaborative intrusion detection system: an exploratory study, in Future of Information and Communication Conference (Springer, New York, 2020), pp. 172–183
A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, J. Srivastava, A comparative study of anomaly detection schemes in network intrusion detection, in Proceedings of the 2003 SIAM International Conference on Data Mining (SIAM, New York, 2003), pp. 25–36
D. Moon, H. Im, I. Kim, J.H. Park, DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. J. Supercomput. 73(7), 2881–2895 (2017)
N. Moradpoor, B. Clavie, B. Buchanan, Employing machine learning techniques for detection and classification of phishing emails, in 2017 Computing Conference (IEEE, New York, 2017), pp. 149–156
K. Om, Secure email gateway, in 2017 IEEE International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM) (2017), pp. 49–53
S.-N. Orzen, Interaction understanding in the OSI model functionality of networks with case studies, in 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI) (IEEE, New York, 2014), pp. 327–330
K. Parsons, A. McCormac, M. Pattinson, M. Butavicius, C. Jerram, Phishing for the truth: a scenario-based experiment of users’ behavioural response to emails, in IFIP International Information Security Conference (Springer, New York, 2013), pp. 366–378
T.S. Pham, T.H. Hoang et al., Machine learning techniques for web intrusion detection—a comparison, in 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE) (IEEE, New York, 2016), pp. 291–297
P. Puhakainen, M. Siponen, Improving employees’ compliance through information systems security training: an action research study. MIS Quart. 34(4), 757–778 (2010)
K. Renaud, Cooking up security awareness & training. Netw. Secur. 2018(5), 20–20 (2018)
F. Sadique, R. Kaul, S. Badsha, S. Sengupta, An automated framework for real-time phishing URL detection, in 2020 10th Annual Computing and Communication Workshop and Conference (CCWC) (2020), pp. 0335–0341
D. Sarabia-Jacome, I. Lacalle, C.E. Palau, M. Esteve, Efficient deployment of predictive analytics in edge gateways: fall detection scenario, in 2019 IEEE 5th World Forum on Internet of Things (WF-IoT) (IEEE, New York, 2019), pp. 41–46
A.A. Sharifi, B. Akram Noorollahi, F. Farokhmanesh, Intrusion Detection and Prevention Systems (IDPS) and security issues. Int. J. Comput. Sci. Netw. Secur. 14(11), 80 (2014)
S. Soniya, S. Maria Celestin Vigila, Intrusion detection system: classification and techniques, in 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (2016), pp. 1–7
N. Stembert, A. Padmos, M.S. Bargh, S. Choenni, F. Jansen, A study of preventing email (spear) phishing by enabling human intelligence, in 2015 European Intelligence and Security Informatics Conference (IEEE, New York, 2015), pp. 113–120
A. Umamaheswari, B. Kalaavathi, Honeypot TB-IDS: trace back model based intrusion detection system using knowledge based honeypot construction model. Cluster Comput. 22(6), 14027–14034 (2019)
M. Uğurlu, I.A. Dogru, A survey on deep learning based intrusion detection system, in 2019 4th International Conference on Computer Science and Engineering (UBMK) (2019), pp. 223–228
U.S. Department of Homeland Security. Covid-19 exploited by malicious cyber actors
I. Vacas, I. Medeiros, N. Neves, Detecting network threats using OSINT knowledge-based IDS, in 2018 14th European Dependable Computing Conference (EDCC) (IEEE, New York, 2018), pp. 128–135
Verizon Wireless, 2019 Data Breach Investigations Report (2019). Accessed 3 Jun 2020
VMware, The Secure Email Gateway Architecture (2020)
M.E. Whitman, P. Fendler, J. Caylor, D. Baker, Rebuilding the human firewall, in Proceedings of the 2nd Annual Conference on Information Security Curriculum Development (2005), pp. 104–106
B. Wilson, Introducing cyber security by designing mock social engineering attacks. J. Comput. Sci. Coll. 34(1), 235–241 (2018)
L.H. Yeo, X. Che, S. Lakkaraju, Understanding modern intrusion detection systems: a survey (2017). Reprint arXiv:1708.07174
C.V. Zhou, C. Leckie, S. Karunasekera, T. Peng, A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains, in NOMS Workshops 2008-IEEE Network Operations and Management Symposium Workshops (IEEE, New York, 2008), pp. 321–327
E. Zhu, Y. Chen, C. Ye, X. Li, F. Liu, OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access 7, 73271–73284 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Williams, J., King, J., Smith, B., Pouriyeh, S., Shahriar, H., Li, L. (2021). Phishing Prevention Using Defense in Depth. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, MS., Tinetti, F.G. (eds) Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence. Springer, Cham. https://doi.org/10.1007/978-3-030-71017-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-71017-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71016-3
Online ISBN: 978-3-030-71017-0
eBook Packages: EngineeringEngineering (R0)