Defending against common cyber attacks: Phishing and cross-site scripting

2018 International Symposium on Programming and Systems (ISPS) Pub Date : 2018-04-24 DOI:10.1109/ISPS.2018.8378960

A. Pathan

{"title":"Defending against common cyber attacks: Phishing and cross-site scripting","authors":"A. Pathan","doi":"10.1109/ISPS.2018.8378960","DOIUrl":null,"url":null,"abstract":"Social engineering is a very common method of deceiving people in the Cyberspace. Phishing is one of the most common attacks that the social engineers use to trick the users to reveal their confidential information. While various types of security schemes and Intrusion Detection Systems (IDSs) may be employed to mitigate other types of cyber-attacks, phishing cannot be thwarted only by using those, even if the techniques are sophisticated. This is because, often the human mistakes are involved in the process of leakage of confidential data and information. Hence, awareness of the issue and controlled cyber behavior would be key to defending against phishing type attack. Another cyber-attack, Cross-Site Scripting (XSS) could also be tackled efficiently by using some Content Security Policy (CSP) which would work alongside the traditionally used security and defense mechanisms. The purpose of this talk is to share some research findings in these and relevant areas. Also, some information would be shared for the general readers of the topic. We would like to explore how the major portion of these types of attacks could be thwarted or mitigated just by observing some precautions while interacting in the Cyberspace.","PeriodicalId":294761,"journal":{"name":"2018 International Symposium on Programming and Systems (ISPS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Symposium on Programming and Systems (ISPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISPS.2018.8378960","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Social engineering is a very common method of deceiving people in the Cyberspace. Phishing is one of the most common attacks that the social engineers use to trick the users to reveal their confidential information. While various types of security schemes and Intrusion Detection Systems (IDSs) may be employed to mitigate other types of cyber-attacks, phishing cannot be thwarted only by using those, even if the techniques are sophisticated. This is because, often the human mistakes are involved in the process of leakage of confidential data and information. Hence, awareness of the issue and controlled cyber behavior would be key to defending against phishing type attack. Another cyber-attack, Cross-Site Scripting (XSS) could also be tackled efficiently by using some Content Security Policy (CSP) which would work alongside the traditionally used security and defense mechanisms. The purpose of this talk is to share some research findings in these and relevant areas. Also, some information would be shared for the general readers of the topic. We would like to explore how the major portion of these types of attacks could be thwarted or mitigated just by observing some precautions while interacting in the Cyberspace.

查看原文本刊更多论文

防御常见的网络攻击:网络钓鱼和跨站点脚本

社会工程是网络空间中一种非常常见的欺骗手段。网络钓鱼是社会工程师用来欺骗用户泄露其机密信息的最常见攻击之一。虽然可以采用各种类型的安全方案和入侵检测系统(ids)来减轻其他类型的网络攻击，但即使技术很复杂，也不能仅通过使用这些方案和入侵检测系统来阻止网络钓鱼。这是因为，往往是人为失误的过程中涉及的机密数据和信息的泄露。因此，意识到这个问题并控制网络行为将是防御网络钓鱼类型攻击的关键。另一种网络攻击，跨站点脚本(XSS)也可以通过使用一些内容安全策略(CSP)来有效地解决，该策略将与传统使用的安全和防御机制一起工作。这次演讲的目的是分享在这些和相关领域的一些研究成果。此外，还将为本主题的一般读者共享一些信息。我们想探索如何通过在网络空间互动时观察一些预防措施来挫败或减轻这些类型的攻击的主要部分。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 International Symposium on Programming and Systems (ISPS)

自引率

0.00%

发文量