Obtaining the threat model for e-mail phishing

Olivo, Cleber K.; Santin, Altair O.; Oliveira, Luiz Sérgio de

doi:10.1016/j.asoc.2011.06.016

Cited by 25 publications

(17 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…25 We refer to [90] where the authors built a dataset with emails from Wikileaks archives and Phishbowls from different universities. [167], [177], [179], [180] [162], [163], [165], [166], [171], [184] [161], [188]- [190], [192], [196], [197] [168]- [170], [173], [178], [186], [195] [176], [181]…”

Section: Dataset Properties 1) Dataset Sources and Availabilitymentioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

109

View full text Add to dashboard Cite

Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and baserate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

show abstract

Section: Dataset Properties 1) Dataset Sources and Availabilitymentioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

109

View full text Add to dashboard Cite

show abstract

“…According to Olivoa et al [12], a threat model is a feature set of the attacker's strategy. In theory, a threat model should describe the capabilities of the attacker as well as identify the threats, based on the anticipated security requirements [13].…”

Section: Threat Modelmentioning

confidence: 99%

Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches

Chen

Huang

2019

Inventions

View full text Add to dashboard Cite

This paper introduces an information security threat modeling (ISTM) scheme, which leverages the strengths of software engineering and risk management approaches, called I-SERM. The proposed I-SERM scheme effectively and efficiently prioritizes information security threats for IT systems that utilize a large number of sensors, such as Internet of Things (IoT)-based energy systems. I-SERM operations include determining functional components, identifying associated threat types, analyzing threat items, and prioritizing key threats with the use of software engineering tools such as product flow diagrams, use case diagrams, and data flow diagrams. By simultaneously referring to a proposed STRIDE+p matrix and a defined threat breakdown structure with reference score (TBS+r) scheme, the I-SERM approach enables systematic ISTM. To demonstrate the usability of I-SERM, this study presents a practical case aimed at electricity load balancing on a smart grid. In brief, this study indicates a substantive research direction that combines the advantages of software engineering and risk management into a systematic ISTM process. In addition, the demonstration of I-SERM in practice provides a valuable and practical reference for I-SERM application, and contributes to research in the field of information security designs for IoT-based Energy Internet systems. Inventions 2019, 4, 53 2 of 22ISTs, and taking the considerable remedial actions required are important steps that should be taken based on both theoretical and pragmatic consideration.The IoT has become a mainstream of ICT-based technology enabling smarter applications in the fields of facility monitoring and process management (i.e., Industry 4.0), medical areas, etc. IoT technology also makes possible the construction of smart power systems with intelligent energy management applications. Pan et al. [1] designed and implemented an IoT framework for smart energy functions in buildings. Marinakis and Doukas [2] also emphasized the enhancement of IoT-enabled intelligent energy management in buildings. In addition, Ejaz et al. [3] discussed the issue of how to adopt IoT technology to provide efficient energy management in smart cities. Noor-A-Rahim et al. [4] proposed an IoT-based framework to provide reliable communications between renewable energy facilities, remote IoT components, and control centers. These articles indicate that complex IoT-supported systems like smart buildings or cities, with many factors affecting the total energy consumption in different energy application scenarios, have been the focus of much Energy Internet research.Electricity is undoubtedly an indispensable form of energy for modern society. With the trend of rapid urbanization, people have become highly dependent on their use of electricity. As a result, the stability and reliability of the power supply plays a critical role in the operation of modern power systems. In addition to relying on the effective operation of power equipment, an ICT-supported infrastructure platform capable of superviso...

show abstract

“…Cleber K.Olivo et al [16] offered a pitch to ascertain the neededskins, which delineate the threat archetypal; email phishing assailantstratagem. Threat model vetoed the use of inaptskins in the recognition engine and ensuingsway on its efficacy.…”

Section: Literature Analysismentioning

confidence: 99%