Phishing attack detection model based the hybrid approach to data protection in industrial control system
Автор: Mityukov E.A., Zatonsky A.V.
Рубрика: Инфокоммуникационные технологии и системы
Статья в выпуске: 2 т.20, 2020 года.
Бесплатный доступ
Introduction. Today there is an annual development of phishing techniques cybercriminals who are aimed at industrial control systems in order to compromise sensitive information, the task is to develop new methods for determining phishing attacks aimed at the industrial sector is extremely important. Aim. The article discusses developed method to protection against phishing attacks on users and services of industrial control systems. Materials and methods. The possible literature sources of the subject area are analyzed. Based on the information gathered from previous studies, work on improving the architecture of the phishing protection system are continued. With aimed at improving the accuracy of detection of phishing URLs (Uniform Resource Locator), eight heuristics in the system architecture are added. Most heuristics are aimed at semantic verification of URLs, in terms of the use of special characters, periods, slashes, URL protocols and ports, including the length of the URL itself. Additionally, the validity of the SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate, phishing keywords in the URL and difference the hosting country of the provider with the country of the top-level domain is checked. Results. The practical research of the new architecture system with various combinations of heuristics are carried out. Quantitative data showing the improvement of key indicators to detecting phishing URLs by the system are presented. Security Officer decides on phishing or legitimate URL by new architecture of system are helped. Conclusion. The presented system shows the following indicators: TPR (True Positive Rate) - 97.85 % and FPR (False positive Rate) - 2.09 %. Also, the accuracy of the method to 98.16 % is improved.
Свойства url, cybersecurity, cyberattacks, industrial control system, anti-phishing, url features
Короткий адрес: https://sciup.org/147233758
IDR: 147233758 | DOI: 10.14529/ctcr200206