Skip to main content
SpringerLink
Log in

AntiPhiMBS-Auth: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Authentication Level

  • Conference paper
  • First Online:
Database Systems for Advanced Applications. DASFAA 2021 International Workshops (DASFAA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12680))

Included in the following conference series:

Abstract

In the era of digital banking, the advent of the latest technologies, utilization of social media, and mobile technologies became prime parts of our digital lives. Unfortunately, phishers exploit digital channels to collect login credentials from users and impersonate them to log on to the victim systems to accomplish phishing attacks. This paper proposes a novel anti-phishing model for Mobile Banking System at the authentication level (AntiPhiMBS-Auth) that averts phishing attacks in the mobile banking system. This model employs a novel concept of a unique id for authentication and application id that is known to users, banking app, and mobile banking system only. Phishers and phishing apps do not know the unique id or the application id, and consequently, this model mitigates the phishing attack in the mobile banking system. This paper utilized a process meta language (PROMELA) to specify system descriptions and security properties and built a verification model of AntiPhiMBS-Auth. The verification model of AntiPhiMBS-Auth is successfully verified using a simple PROMELA interpreter (SPIN). The SPIN verification results prove that the proposed AntiPhiMBS-Auth is error-free, and financial institutions can implement the verified model for mitigating the phishing attacks in the mobile banking system at the authentication level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Tchakounte, F., Molengar, D., Ngossaha, J.M.: A description logic ontology for email phishing. Int. J. Inf. Secur. Sci. 9(1), 44–63 (2020)

    Google Scholar 

  2. Subasi, A., Kremic, E.: Comparison of adaboost with multiboosting for phishing website detection. Procedia Comput. Sci. 168, 272–278 (2020). https://doi.org/10.1016/j.procs.2020.02.251

    Article  Google Scholar 

  3. Ozker, U., Sahingoz, O.K.: Content based phishing detection with machine learning. In: 2020 International Conference on Electrical Engineering (ICEE), Istanbul, Turkey, pp. 1–6. IEEE (2020). https://doi.org/10.1109/ICEE49691.2020.9249892

  4. Priya, S., Selvakumar, S., Velusamy, R.L.: Detection of phishing attacks using radial basis function network trained for categorical attributes. In: 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kharagpur, India, pp. 1–6. IEEE (2020). https://doi.org/10.1109/ICCCNT49239.2020.9225549

  5. Odeh, A., Alarbi, A., Keshta, I., Abdelfattah, E.: Efficient prediction of phishing websites using multilayer perceptron (MLP). J. Theoret. Appl. Inf. Technol. 98(16), 3353–3363 (2020)

    Google Scholar 

  6. Hossain, S., Sarma, D., Chakma, R.J.: Machine learning-based phishing attack detection. Int. J. Adv. Comput. Sci. Appl. 11(9), 378–388 (2020)

    Google Scholar 

  7. Su, Y.: Research on website phishing detection based on LSTM RNN. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chongqing, China, pp. 284–288. IEEE (2020). https://doi.org/10.1109/ITNEC48623.2020.9084799

  8. Abiodun, O., Sodiya, A.S., Kareem, S.O.: Linkcalculator – an efficient link-based phishing detection tool. Acta Informatica Malaysia 4(2), 37–44 (2020). https://doi.org/10.26480/aim.02.2020.37.44

    Article  Google Scholar 

  9. Sharathkumar, T., Shetty, P.R., Prakyath, D., Supriya, A.V.: Phishing site detection using machine learning. Int. J. Res. Eng. Sci. Manag. 3(6), 240–243 (2020)

    Google Scholar 

  10. Drury, V., Meyer, U.: No phishing with the wrong bait: reducing the phishing risk by address separation. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, pp. 646–652. IEEE (2020). https://doi.org/10.1109/EuroSPW51379.2020.00093

  11. Awan, M.A.: Phishing attacks in network security. LC Int. J. STEM (Sci. Technol. Eng. Math) 1(1), 29–33 (2020)

    Google Scholar 

  12. Alabdan, R.: Phishing attacks survey: types, vectors, and technical approaches. Future Internet 12(10), 1–39 (2020). https://doi.org/10.3390/fi12100168

    Article  Google Scholar 

  13. Miller, B., Miller, K., Zhang, X., Terwilliger, M.G.: Prevention of phishing attacks: a three-pillared approach. Issues Inf. Syst. 21(2), 1–8 (2020)

    Google Scholar 

  14. Ustundag Soykan, E., Bagriyanik, M.: The effect of smishing attack on security of demand response programs. Energies 13(17), 1–7 (2020). https://doi.org/10.3390/en13174542

    Article  Google Scholar 

  15. Natadimadja, M.R., Abdurohman, M., Nuha, H.H.: A survey on phishing website detection using hadoop. Jurnal Informatika Universitas Pamulang 5(3), 237–246 (2020). https://doi.org/10.32493/informatika.v5i3.6672

    Article  Google Scholar 

  16. Chaudhry, J.A., Chaudhry, S.A., Rittenhouse, R.G.: Phishing attacks and defenses. Int. J. Secur. Its Appl. 10(1), 247–256 (2016). https://doi.org/10.14257/ijsia.2016.10.1.23

    Article  Google Scholar 

  17. Shaik, C.: Counter challenge authentication method: a defeating solution to phishing attacks. Int. J. Comput. Sci. Eng. Appl. 10(1), 1–8 (2020). https://doi.org/10.5121/ijcsea.2020.10101

    Article  Google Scholar 

  18. Aravindh, B., Ambeth Kumar, V.D., Harish, G., Siddartth, V.: A novel graphical authentication system for secure banking systems. In: 2017 IEEE International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), Chennai, India, pp. 177–183. IEEE (2017). https://doi.org/10.1109/ICSTM.2017.8089147

  19. Sukanya, S., Saravanan, M.: Image based password authentication system for banks. In: 2017 International Conference on Information Communication and Embedded Systems (ICICES), Chennai, India, pp. 1–8. IEEE (2017). https://doi.org/10.1109/ICICES.2017.8070764

  20. Modibbo, A., Aliyu, Y.: Cashless society, financial inclusion and information security in Nigeria: the case for adoption of multifactor biometric authentication. Int. J. Innov. Sci. Res. Technol. 4(11), 872–880 (2019)

    Google Scholar 

  21. Tam, L.T., Chau, N.M., Mai, P.N., Phuong, N.H., Tran, V.K.H., Hanh, P.H.: Cybercrimes in the banking sector: case study of Vietnam. Int. J. Soc. Sci. Econ. Invention 6(5), 272–277 (2020). https://doi.org/10.23958/ijssei/vol06-i05/207

    Article  Google Scholar 

  22. Lakshmi Prasanna, A.V., Ramesh, A.: Secure Internet banking authentication. J. Eng. Serv. 11(2), 152–161 (2020)

    Google Scholar 

  23. Aldwairi, M., Masri, R., Hassan, H., ElBarachi, M.: A novel multi-stage authentication system for mobile applications. Int. J. Comput. Sci. Inf. Secur. 14(7), 389–396 (2016)

    Google Scholar 

  24. Srinivasa Rao, A.H., Deepashree, C.S., Pawaskar, D., Divya, K., Drakshayini, L.: GeoMob - a geo location based browser for secured mobile banking. Int. J. Res. Eng. Sci. Manag. 2(5), 515–519 (2019)

    Google Scholar 

  25. Miiri, E.M., Kimwele, M., Kennedy, O.: Using keystroke dynamics and location verification method for mobile banking authentication. J. Inf. Eng. Appl. 8(6), 26–36 (2018)

    Google Scholar 

  26. Song, J., Lee, Y.S., Jang, W., Lee, H., Kim, T.: Face recognition authentication scheme for mobile banking system. Int. J. Internet Broadcast. Commun. 8(2), 38–42 (2016). https://doi.org/10.7236/IJIBC.2016.8.2.38

    Article  Google Scholar 

  27. Macek, N., Adamovic, S., Milosavljevic, M., Jovanovic, M., Gnjatovic, M., Trenkic, B.: Mobile banking authentication based on cryptographically secured iris biometrics. Acta Polytechnica Hungarica 16(1), 45–62 (2019)

    Google Scholar 

  28. Credential spill report. https://info.shapesecurity.com/rs/935-ZAM-778/images/Shape_Credential_Spill_Report_2018.pdf. Accessed 20 Nov 2020

  29. 2019 Phishing trends and intelligence report. https://info.phishlabs.com/2019-pti-report-evolving-threat. Accessed 20 Nov 2020

  30. 2020 phishing and fraud report. https://www.f5.com/content/dam/f5-labs-v2/article/articles/threats/22--2020-oct-dec/20201110_2020_phishing_report/F5Labs-2020-Phishing-and-Fraud-Report.pdf. Accessed 20 Nov 2020

Download references

Author information

Authors and Affiliations

  1. Department of Information and Computer Sciences, Saitama University, Saitama, 338-8570, Japan

    Tej Narayan Thakur & Noriaki Yoshiura

Authors
  1. Tej Narayan Thakur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Noriaki Yoshiura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Noriaki Yoshiura .

Editor information

Editors and Affiliations

  1. Aalborg University, Aalborg, Denmark

    Christian S. Jensen

  2. Singapore Management University, Singapore, Singapore

    Ee-Peng Lim

  3. Academia Sinica, Taipei, Taiwan

    De-Nian Yang

  4. National Central University, Taoyuan City, Taiwan

    Chia-Hui Chang

  5. Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jianliang Xu

  6. National Chiao Tung University, Hsinchu, Taiwan

    Wen-Chih Peng

  7. National Cheng Kung University, Tainan City, Taiwan

    Jen-Wei Huang

  8. National Tsing Hua University, Hsinchu, Taiwan

    Chih-Ya Shen

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Thakur, T.N., Yoshiura, N. (2021). AntiPhiMBS-Auth: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Authentication Level. In: Jensen, C.S., et al. Database Systems for Advanced Applications. DASFAA 2021 International Workshops. DASFAA 2021. Lecture Notes in Computer Science(), vol 12680. Springer, Cham. https://doi.org/10.1007/978-3-030-73216-5_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-73216-5_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-73215-8

  • Online ISBN: 978-3-030-73216-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation