Skip to main content
SpringerLink
Log in

Phishing Prevention Using Defense in Depth

  • Conference paper
  • First Online:
Advances in Security, Networks, and Internet of Things

Abstract

Phishing attacks are very damaging, costing even moderately sized companies an average of over $1 million per year. It is also a fast growing and quickly evolving threat with nearly 1.5 million phishing websites created each month while each phishing site having an average duration of 54 h. The combination of the potential damage done by phishing attacks and the complex task of “staying ahead of the phishers” requires a layered approach composed of multiple complimentary components. In this paper, we investigate phishing prevention from three different perspectives including web security gateway, email security gateway, and in-depth security awareness training.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. D.J. Brown, B. Suckow, T. Wang, A survey of intrusion detection systems. Department of Computer Science, University of California, San Diego (2002)

    Google Scholar 

  2. J. Chang, K.K. Venkatasubramanian, A.G. West, I. Lee, Analyzing and defending against web-based malware. ACM Comput. Surv. 45(4), 1–35 (2013)

    Article  Google Scholar 

  3. M.E. Cueva Hurtado, G. Gutierrez, C.R. Narvaéz Guillen, F.J. Álvarez Pineda, M.D.C. Ruilova Sanchez, Systematic literature review: open source tools for intrusion detection in wired and wireless networks, in 2019 International Conference on Information Systems and Computer Science (INCISCOS) (2019), pp. 208–215

    Google Scholar 

  4. A. Das, S. Baki, A.E. Aassal, R. Verma, A. Dunbar, SOK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22(1), 671–708 (2019)

    Article  Google Scholar 

  5. S. Edwards, Network Intrusion Detection Systems: Important IDS Network Security Vulnerabilities (2002)

    Google Scholar 

  6. J.M. Estevez-Tapiador, P. Garcia-Teodoro, J.E. Diaz-Verdejo, Anomaly detection methods in wired networks: a survey and taxonomy. Comput. Commun. 27(16), 1569–1584 (2004)

    Article  Google Scholar 

  7. L. Fan, Y. Ma, W. Kou, D. Kang, T. Wang, Mail security gateway mechanism for email security, in 2015 International Symposium on Computers & Informatics (Atlantis Press, Paris, 2015)

    Google Scholar 

  8. E.D. Frauenstein, R. von Solms, Combatting phishing: a holistic human approach, in 2014 Information Security for South Africa (IEEE, New York, 2014), pp. 1–10

    Book  Google Scholar 

  9. C. Gaboret, The successful low-cost deployment of a secure email gateway. Available at psu.edu, Citeseer database.

    Google Scholar 

  10. J.L. García-Dorado, P.M.S. del Río, J. Ramos, D. Muelas, V. Moreno, J.E.L. de Vergara, J. Aracil, Low-cost and high-performance: VoIP monitoring and full-data retention at multi-gb/s rates using commodity hardware. Int. J. Netw. Manage. 24(3), 181–199 (2014)

    Article  Google Scholar 

  11. E.S. Grant, A.F. Mohammad, Cloud computing security gateway proposed service architecture, in Computer Games, Multimedia and Allied Technology (CGAT 2012) (2012), p. 124

    Google Scholar 

  12. Z. Inayat, A. Gani, N.B. Anuar, S. Anwar, M.K. Khan, Cloud-based intrusion detection and response system: open research issues, and solutions. Arab. J. Sci. Eng. 42(2), 399–423 (2017)

    Article  Google Scholar 

  13. N. Jiang, H. Lin, Z. Yin, L. Zheng, Performance research on industrial demilitarized zone in defense-in-depth architecture. in 2018 IEEE International Conference on Information and Automation (ICIA) (2018), pp. 534–537

    Google Scholar 

  14. G.B. Joe Schreiber, R. Langston, List of open source IDS tools (2020)

    Google Scholar 

  15. M. Khonji, Y. Iraqi, A. Jones, Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091–2121 (2013)

    Article  Google Scholar 

  16. S. Khurshid, S. Khan, S. Bashir, Text-based intelligent content filtering on social platforms, in 2014 12th International Conference on Frontiers of Information Technology (2014), pp. 232–237

    Google Scholar 

  17. M. Lanterman, Cybersecurity in pandemic times (2020). Accessed 03 Jun 2020

    Google Scholar 

  18. D. Laufenberg, L. Li, H. Shahriar, M. Han, Developing a blockchain-enabled collaborative intrusion detection system: an exploratory study, in Future of Information and Communication Conference (Springer, New York, 2020), pp. 172–183

    Google Scholar 

  19. A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, J. Srivastava, A comparative study of anomaly detection schemes in network intrusion detection, in Proceedings of the 2003 SIAM International Conference on Data Mining (SIAM, New York, 2003), pp. 25–36

    Google Scholar 

  20. D. Moon, H. Im, I. Kim, J.H. Park, DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing apt attacks. J. Supercomput. 73(7), 2881–2895 (2017)

    Article  Google Scholar 

  21. N. Moradpoor, B. Clavie, B. Buchanan, Employing machine learning techniques for detection and classification of phishing emails, in 2017 Computing Conference (IEEE, New York, 2017), pp. 149–156

    Google Scholar 

  22. K. Om, Secure email gateway, in 2017 IEEE International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM) (2017), pp. 49–53

    Google Scholar 

  23. S.-N. Orzen, Interaction understanding in the OSI model functionality of networks with case studies, in 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI) (IEEE, New York, 2014), pp. 327–330

    Google Scholar 

  24. K. Parsons, A. McCormac, M. Pattinson, M. Butavicius, C. Jerram, Phishing for the truth: a scenario-based experiment of users’ behavioural response to emails, in IFIP International Information Security Conference (Springer, New York, 2013), pp. 366–378

    Google Scholar 

  25. T.S. Pham, T.H. Hoang et al., Machine learning techniques for web intrusion detection—a comparison, in 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE) (IEEE, New York, 2016), pp. 291–297

    Google Scholar 

  26. P. Puhakainen, M. Siponen, Improving employees’ compliance through information systems security training: an action research study. MIS Quart. 34(4), 757–778 (2010)

    Article  Google Scholar 

  27. K. Renaud, Cooking up security awareness & training. Netw. Secur. 2018(5), 20–20 (2018)

    Article  Google Scholar 

  28. F. Sadique, R. Kaul, S. Badsha, S. Sengupta, An automated framework for real-time phishing URL detection, in 2020 10th Annual Computing and Communication Workshop and Conference (CCWC) (2020), pp. 0335–0341

    Google Scholar 

  29. D. Sarabia-Jacome, I. Lacalle, C.E. Palau, M. Esteve, Efficient deployment of predictive analytics in edge gateways: fall detection scenario, in 2019 IEEE 5th World Forum on Internet of Things (WF-IoT) (IEEE, New York, 2019), pp. 41–46

    Google Scholar 

  30. A.A. Sharifi, B. Akram Noorollahi, F. Farokhmanesh, Intrusion Detection and Prevention Systems (IDPS) and security issues. Int. J. Comput. Sci. Netw. Secur. 14(11), 80 (2014)

    Google Scholar 

  31. S. Soniya, S. Maria Celestin Vigila, Intrusion detection system: classification and techniques, in 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (2016), pp. 1–7

    Google Scholar 

  32. N. Stembert, A. Padmos, M.S. Bargh, S. Choenni, F. Jansen, A study of preventing email (spear) phishing by enabling human intelligence, in 2015 European Intelligence and Security Informatics Conference (IEEE, New York, 2015), pp. 113–120

    Google Scholar 

  33. A. Umamaheswari, B. Kalaavathi, Honeypot TB-IDS: trace back model based intrusion detection system using knowledge based honeypot construction model. Cluster Comput. 22(6), 14027–14034 (2019)

    Article  Google Scholar 

  34. M. Uğurlu, I.A. Dogru, A survey on deep learning based intrusion detection system, in 2019 4th International Conference on Computer Science and Engineering (UBMK) (2019), pp. 223–228

    Google Scholar 

  35. U.S. Department of Homeland Security. Covid-19 exploited by malicious cyber actors

    Google Scholar 

  36. I. Vacas, I. Medeiros, N. Neves, Detecting network threats using OSINT knowledge-based IDS, in 2018 14th European Dependable Computing Conference (EDCC) (IEEE, New York, 2018), pp. 128–135

    Book  Google Scholar 

  37. Verizon Wireless, 2019 Data Breach Investigations Report (2019). Accessed 3 Jun 2020

    Google Scholar 

  38. VMware, The Secure Email Gateway Architecture (2020)

    Google Scholar 

  39. M.E. Whitman, P. Fendler, J. Caylor, D. Baker, Rebuilding the human firewall, in Proceedings of the 2nd Annual Conference on Information Security Curriculum Development (2005), pp. 104–106

    Google Scholar 

  40. B. Wilson, Introducing cyber security by designing mock social engineering attacks. J. Comput. Sci. Coll. 34(1), 235–241 (2018)

    Google Scholar 

  41. L.H. Yeo, X. Che, S. Lakkaraju, Understanding modern intrusion detection systems: a survey (2017). Reprint arXiv:1708.07174

    Google Scholar 

  42. C.V. Zhou, C. Leckie, S. Karunasekera, T. Peng, A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains, in NOMS Workshops 2008-IEEE Network Operations and Management Symposium Workshops (IEEE, New York, 2008), pp. 321–327

    Google Scholar 

  43. E. Zhu, Y. Chen, C. Ye, X. Li, F. Liu, OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access 7, 73271–73284 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Technology Department, Kennesaw State University, Marietta, GA, USA

    Joel Williams, Job King, Byron Smith, Seyedamin Pouriyeh, Hossain Shahriar & Lei Li

Authors
  1. Joel Williams
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Job King
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Byron Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Seyedamin Pouriyeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hossain Shahriar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joel Williams .

Editor information

Editors and Affiliations

  1. Electrical and Computer Engineering, and Computer Science, University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Department of Computer Science, University of Georgia, Athens, GA, USA

    Hamid R. Arabnia

  3. School of Computing and Data Sciences, Wentworth Institute of Technology, Boston, MA, USA

    Leonidas Deligiannidis

  4. Computer Science and Information Engineering, Asian University, Taichung City, Taiwan

    Min-Shiang Hwang

  5. Facultad de Informática - CIC PBA, Universidad Nacional de La Plata, La Plata, Argentina

    Fernando G. Tinetti

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Williams, J., King, J., Smith, B., Pouriyeh, S., Shahriar, H., Li, L. (2021). Phishing Prevention Using Defense in Depth. In: Daimi, K., Arabnia, H.R., Deligiannidis, L., Hwang, MS., Tinetti, F.G. (eds) Advances in Security, Networks, and Internet of Things. Transactions on Computational Science and Computational Intelligence. Springer, Cham. https://doi.org/10.1007/978-3-030-71017-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71017-0_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71016-3

  • Online ISBN: 978-3-030-71017-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation