Abstract
In the era of digital banking, the advent of the latest technologies, utilization of social media, and mobile technologies became prime parts of our digital lives. Unfortunately, phishers exploit digital channels to collect login credentials from users and impersonate them to log on to the victim systems to accomplish phishing attacks. This paper proposes a novel anti-phishing model for Mobile Banking System at the authentication level (AntiPhiMBS-Auth) that averts phishing attacks in the mobile banking system. This model employs a novel concept of a unique id for authentication and application id that is known to users, banking app, and mobile banking system only. Phishers and phishing apps do not know the unique id or the application id, and consequently, this model mitigates the phishing attack in the mobile banking system. This paper utilized a process meta language (PROMELA) to specify system descriptions and security properties and built a verification model of AntiPhiMBS-Auth. The verification model of AntiPhiMBS-Auth is successfully verified using a simple PROMELA interpreter (SPIN). The SPIN verification results prove that the proposed AntiPhiMBS-Auth is error-free, and financial institutions can implement the verified model for mitigating the phishing attacks in the mobile banking system at the authentication level.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tchakounte, F., Molengar, D., Ngossaha, J.M.: A description logic ontology for email phishing. Int. J. Inf. Secur. Sci. 9(1), 44–63 (2020)
Subasi, A., Kremic, E.: Comparison of adaboost with multiboosting for phishing website detection. Procedia Comput. Sci. 168, 272–278 (2020). https://doi.org/10.1016/j.procs.2020.02.251
Ozker, U., Sahingoz, O.K.: Content based phishing detection with machine learning. In: 2020 International Conference on Electrical Engineering (ICEE), Istanbul, Turkey, pp. 1–6. IEEE (2020). https://doi.org/10.1109/ICEE49691.2020.9249892
Priya, S., Selvakumar, S., Velusamy, R.L.: Detection of phishing attacks using radial basis function network trained for categorical attributes. In: 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kharagpur, India, pp. 1–6. IEEE (2020). https://doi.org/10.1109/ICCCNT49239.2020.9225549
Odeh, A., Alarbi, A., Keshta, I., Abdelfattah, E.: Efficient prediction of phishing websites using multilayer perceptron (MLP). J. Theoret. Appl. Inf. Technol. 98(16), 3353–3363 (2020)
Hossain, S., Sarma, D., Chakma, R.J.: Machine learning-based phishing attack detection. Int. J. Adv. Comput. Sci. Appl. 11(9), 378–388 (2020)
Su, Y.: Research on website phishing detection based on LSTM RNN. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chongqing, China, pp. 284–288. IEEE (2020). https://doi.org/10.1109/ITNEC48623.2020.9084799
Abiodun, O., Sodiya, A.S., Kareem, S.O.: Linkcalculator – an efficient link-based phishing detection tool. Acta Informatica Malaysia 4(2), 37–44 (2020). https://doi.org/10.26480/aim.02.2020.37.44
Sharathkumar, T., Shetty, P.R., Prakyath, D., Supriya, A.V.: Phishing site detection using machine learning. Int. J. Res. Eng. Sci. Manag. 3(6), 240–243 (2020)
Drury, V., Meyer, U.: No phishing with the wrong bait: reducing the phishing risk by address separation. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, pp. 646–652. IEEE (2020). https://doi.org/10.1109/EuroSPW51379.2020.00093
Awan, M.A.: Phishing attacks in network security. LC Int. J. STEM (Sci. Technol. Eng. Math) 1(1), 29–33 (2020)
Alabdan, R.: Phishing attacks survey: types, vectors, and technical approaches. Future Internet 12(10), 1–39 (2020). https://doi.org/10.3390/fi12100168
Miller, B., Miller, K., Zhang, X., Terwilliger, M.G.: Prevention of phishing attacks: a three-pillared approach. Issues Inf. Syst. 21(2), 1–8 (2020)
Ustundag Soykan, E., Bagriyanik, M.: The effect of smishing attack on security of demand response programs. Energies 13(17), 1–7 (2020). https://doi.org/10.3390/en13174542
Natadimadja, M.R., Abdurohman, M., Nuha, H.H.: A survey on phishing website detection using hadoop. Jurnal Informatika Universitas Pamulang 5(3), 237–246 (2020). https://doi.org/10.32493/informatika.v5i3.6672
Chaudhry, J.A., Chaudhry, S.A., Rittenhouse, R.G.: Phishing attacks and defenses. Int. J. Secur. Its Appl. 10(1), 247–256 (2016). https://doi.org/10.14257/ijsia.2016.10.1.23
Shaik, C.: Counter challenge authentication method: a defeating solution to phishing attacks. Int. J. Comput. Sci. Eng. Appl. 10(1), 1–8 (2020). https://doi.org/10.5121/ijcsea.2020.10101
Aravindh, B., Ambeth Kumar, V.D., Harish, G., Siddartth, V.: A novel graphical authentication system for secure banking systems. In: 2017 IEEE International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), Chennai, India, pp. 177–183. IEEE (2017). https://doi.org/10.1109/ICSTM.2017.8089147
Sukanya, S., Saravanan, M.: Image based password authentication system for banks. In: 2017 International Conference on Information Communication and Embedded Systems (ICICES), Chennai, India, pp. 1–8. IEEE (2017). https://doi.org/10.1109/ICICES.2017.8070764
Modibbo, A., Aliyu, Y.: Cashless society, financial inclusion and information security in Nigeria: the case for adoption of multifactor biometric authentication. Int. J. Innov. Sci. Res. Technol. 4(11), 872–880 (2019)
Tam, L.T., Chau, N.M., Mai, P.N., Phuong, N.H., Tran, V.K.H., Hanh, P.H.: Cybercrimes in the banking sector: case study of Vietnam. Int. J. Soc. Sci. Econ. Invention 6(5), 272–277 (2020). https://doi.org/10.23958/ijssei/vol06-i05/207
Lakshmi Prasanna, A.V., Ramesh, A.: Secure Internet banking authentication. J. Eng. Serv. 11(2), 152–161 (2020)
Aldwairi, M., Masri, R., Hassan, H., ElBarachi, M.: A novel multi-stage authentication system for mobile applications. Int. J. Comput. Sci. Inf. Secur. 14(7), 389–396 (2016)
Srinivasa Rao, A.H., Deepashree, C.S., Pawaskar, D., Divya, K., Drakshayini, L.: GeoMob - a geo location based browser for secured mobile banking. Int. J. Res. Eng. Sci. Manag. 2(5), 515–519 (2019)
Miiri, E.M., Kimwele, M., Kennedy, O.: Using keystroke dynamics and location verification method for mobile banking authentication. J. Inf. Eng. Appl. 8(6), 26–36 (2018)
Song, J., Lee, Y.S., Jang, W., Lee, H., Kim, T.: Face recognition authentication scheme for mobile banking system. Int. J. Internet Broadcast. Commun. 8(2), 38–42 (2016). https://doi.org/10.7236/IJIBC.2016.8.2.38
Macek, N., Adamovic, S., Milosavljevic, M., Jovanovic, M., Gnjatovic, M., Trenkic, B.: Mobile banking authentication based on cryptographically secured iris biometrics. Acta Polytechnica Hungarica 16(1), 45–62 (2019)
Credential spill report. https://info.shapesecurity.com/rs/935-ZAM-778/images/Shape_Credential_Spill_Report_2018.pdf. Accessed 20 Nov 2020
2019 Phishing trends and intelligence report. https://info.phishlabs.com/2019-pti-report-evolving-threat. Accessed 20 Nov 2020
2020 phishing and fraud report. https://www.f5.com/content/dam/f5-labs-v2/article/articles/threats/22--2020-oct-dec/20201110_2020_phishing_report/F5Labs-2020-Phishing-and-Fraud-Report.pdf. Accessed 20 Nov 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Thakur, T.N., Yoshiura, N. (2021). AntiPhiMBS-Auth: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Authentication Level. In: Jensen, C.S., et al. Database Systems for Advanced Applications. DASFAA 2021 International Workshops. DASFAA 2021. Lecture Notes in Computer Science(), vol 12680. Springer, Cham. https://doi.org/10.1007/978-3-030-73216-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-73216-5_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73215-8
Online ISBN: 978-3-030-73216-5
eBook Packages: Computer ScienceComputer Science (R0)