Skip to main content
SpringerLink
Log in

Design of Security Training System for Individual Users

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

A technique to induce access to a website falsely made through a message figured out as being sent by a trustworthy person or a simple spam, circulate a malicious code and cause additional security damage is called Phishing. According to security company Kaspersky Lab, 3,730,000 people were exposed to Phishing attack between 2012 and 2013. In addition, recently, the mobile malicious code increased eight times in 2012 due to the propagation of Smartphones compared to 2011, so security threats are increasing. Phishing is carried out by e-mail Phishing using the social engineering attack or SMSishing using short message service (SMS). To prevent this, there are preparation methods such as antivirus software or Phishing filtering systems and security preparation training or education. Yet, social engineering attack such as Phishing e-mail or SMSishing uses human psychology, so there is a limit with security software or system, and general individual users cannot possibly understand its seriousness. Therefore, this study aims to propose a security training system for individual users to be prepared for an e-mail Phishing attack or SMSishing attack. The proposed system consists largely of three types of structures such as trainee, Center System and Monitoring and Reporting System, so it plans to try a virtual social engineering attack by using e-mail and SMS through PCs or Smartphones of the trainees. When the trainees are attacked, they will learn a coping method and have an ability to cope with the e-mail Phishing and SMSishing attack. In addition, through a test using this system, it was found that the click rate of virtual Phishing e-mail messages decreased from 47 to 33 %, and the click rate of threatening links decreased from 16 to 4 % so that the usefulness of this study was examined. From this result, training against security threats in Phishing e-mail for individual users would be possible through the proposed security training system and preparation for the Phishing attack as a result would be possible.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Choi, Y. S., & Seo, D. G. (2006). Analysis on Leakage and countermeasures of private information through social engineering attacks. Journal of Korea Institute of Information Security and Cryptology, 16(1), 40–48.

    Google Scholar 

  2. McAfee Lab. McAfee Threats Report: Third Quarter 2012. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2012.pdf.

  3. Kaspersky Lab. The evolution of phishing attacks: 2011–2013. http://media.kaspersky.com/pdf/Kaspersky_Lab_KSN_report_The_Evolution_of_Phishing_Attacks_2011-2013.pdf.

  4. IDC. Growth accelerates in the worldwide mobile phone and smartphone markets in the second quarter, According to IDC. http://www.idc.com/getdoc.jsp?containerId=prUS24239313.

  5. Kaspersky Lab. Kaspersky Security Bulletin 2012. The overall statistics for 2012. http://www.securelist.com/en/analysis/204792255/”.

  6. Shin, D. G. (2010). Strong hackers, made young applicant twice cry. KISA Press release. http://www.kisa.or.kr/notice/pressView.jsp?mode=view&p_No=8&b_No=8&d_No=415.

  7. Park, K. H., Lee, J. H., & Cho, H. J. (2012). Countermeasure against social technologic attack using privacy input-detection. Journal of the Korea Contents Association, 12(5), 32–39.

    Article  Google Scholar 

  8. Jung, J. H., Kim, J. Y., & Lee, H. C. (2013). Repackaging attack on android banking applications and its countermeasures. Journal of Wireless Personal Communications. http://link.springer.com/content/pdf/10.1007%2Fs11277-013-1258-x.pdf.

  9. Kim, S. H., Lee, S. H., & Jin, S. H. (2013). Active phishing attack and its countermeasures. Electronics and Telecommunications Trends, 28(3), 9–18.

    Google Scholar 

  10. Sa, J. H., & Lee, S. J. (2012). Real-time phishing site detection method. Journal of Korea Institute of Information Security & Cryptology, 22(4), 819–825.

    Google Scholar 

  11. Hsieh, W. B., & Leu, J. S. (2013). A time and location information assisted OTP scheme. Journal of Wireless Personal Communications, 72(1), 509–519.

    Article  Google Scholar 

  12. Xu, Q., Guo, J., & Xiao, B. (2012). The study of content security for mobile internet. Journal of Wireless Personal Communications, 66(3), 523–539.

    Article  Google Scholar 

  13. Yoo, S. J., Lee, D. H., & Yang, H. S. (2013). A novel secure scheme for wireless ad hoc network. Journal of Wireless Personal Communications, 73(2), 197–205.

    Article  Google Scholar 

  14. Kim, J. H., Maeng, Y. J., Nyang, D. H., & Lee, K. H. (2009). Cognitive approach to anti-phishing and anti-pharming. Journal of Korea Institute of Information Security and Cryptology, 19(1), 113–124.

    Google Scholar 

  15. Kim, J. H. (2010). To the criminalization of phishing(Zur Strafbarkeit von Phishing). Journal of IT and Law Research, 4, 251–290.

    Google Scholar 

  16. Han, K. S., Shin, Y. H., & Im, E. G. (2010). A study of spam-spread malware analysis and countermeasure framework. Journal of Security Engineering, 7(4), 363–384.

    Google Scholar 

  17. Ju, Y. W., Kim, W., & Lee, S. H. (2005). A study of security consideration for phishing and pharming. In Proceedings of the Korea institute of communication and information sciences(Summertime) 2005, pp. 1788–1791.

  18. Lee, H. J. (2012). A study on the newtypes of crime using smart phone and the police counter measurements. Journal of Korean Police Studies, 11(4), 319–344.

    Google Scholar 

  19. AhnLab NEWS. Smartphone retail payment malware caution. http://blog.ahnlab.com/ahnlab/1680.

  20. National initiative for cybersecurity education webpage. http://csrc.nist.gov/nice/.

  21. National initiative for cybersecurity careers and studies. http://niccs.us-cert.gov/.

  22. Cisco security education webpage. http://www.cisco.com/web/about/security/cspo/awareness/index.html#~plan.

  23. Security education systems webpage. http://secedsys.com/.

  24. Computer training schools webpage. http://www.computertrainingschools.com/cyber-security-training/.

  25. Korea Internet & Security Agency. (2013). 2013 National Information Security White Paper.

  26. Lee, T., Kim, D., Lee, M., & Peter H. (2010). Markov Chain model-baded trainee behavior pattern analysis for assessment of information security exercise courses. Journal of the Korean Institute of Information Scientists and Engineers moves, 12(16), 1264–1268.

  27. Choi, J.-W., & Woo, C.-W. (2002). Web-based ITS for training computer security. Proceedings of Computing Science and Engineering on Spring in 2002, 1(29), 703–705.

    Google Scholar 

Download references

Acknowledgments

This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under IT/SW Creative research program supervised by the NIPA(National IT Industry Promotion Agency) (NIPA-2013- H0502-13-1030).

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Hannam University, 70, Hannam-ro, Daedeok-gu, Daejeon, Korea

    Il-kwon Lim & Jae-Kwang Lee

  2. ATEK Information Technology Inc., 1359, Gwanpyeong-dong, Yuseong-gu, Daejeon, Korea

    Young-Gil Park

Authors
  1. Il-kwon Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Young-Gil Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jae-Kwang Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jae-Kwang Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lim, Ik., Park, YG. & Lee, JK. Design of Security Training System for Individual Users. Wireless Pers Commun 90, 1105–1120 (2016). https://doi.org/10.1007/s11277-016-3380-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3380-z

Keywords

Search

Navigation