Geri Dön

Techniques for assisting users in making security decisions

Başlık çevirisi mevcut değil.

PDF İndir

  1. Tez No: 598727
  2. Yazar: SEVTAP DUMAN
  3. Danışmanlar: DR. ENGİN KİRDA
  4. Tez Türü: Doktora
  5. Konular: Bilgi ve Belge Yönetimi, Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol, Bilim ve Teknoloji, Information and Records Management, Computer Engineering and Computer Science and Control, Science and Technology
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 2017
  8. Dil: İngilizce
  9. Üniversite: Northeastern University
  10. Enstitü: Yurtdışı Enstitü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 156

Özet

Özet yok.

Özet (Çeviri)

We are witnessing an arms race between attackers and security experts in today's Internet. Attackers hide their intentions and mimic legitimate behaviour to evade detection. Prominent attacks target endusers' systems with a wide range of goals, such as monetary, financial, political, espionage, destructive. . In this thesis, I examined two well-known instances of these attacks. One of these attacks is the widespread use of trick banners that use social engineering techniques to lure victims into clicking on deceptive fake links and potentially leading to a malicious domain or malware. Other examined Trick banner is an Internet advertising banner with a deceptive visual appearance, crafted to lure users into clicking on them. approaches involve e-mail attacks, such as spearphishing and e-mail attachment attacks. By impersonating trusted e-mail senders through carefully crafted messages and spoofed metadata, adversaries can trick victims into launching attachments containing malicious code or into clicking on malicious links that grant attackers a foothold into otherwise well-protected networks. Unfortunately, current mitigations are unreliable and relying on fallible malware detection techniques or user education. In Spearphishing attacks the adversary crafts e-mail messages that are custom-tailored to the victim and thus appear legitimate. Our hypothesis is that online systems can be designed with optimized settings to help users to make security decisions efficiently. Thus, in this dissertation, I make several contributions to help endusers to make decisions on security: • This dissertation shows how to distinguish trick banners from legitimate download links. I present a set of features to characterize trick banners based on their visual properties such as image size, color, placement on the enclosing web page, whether they contain animation effects, and whether they consistently appear with the same visual properties on consecutive loads of the same web page. I have implemented a tool called TrueClick, which uses image processing and machine learning techniques to build a classifier based on five identified features to detect the trick banners on a web page automatically. • This dissertation shows how to identify a legitimate e-mail sender from a spearphishing e-mail attack. I present a novel automated approach to defend users against spearphishing attacks. The approach first builds probabilistic models of both e-mail metadata and stylometric features of e-mail content. Then, subsequent emails are compared to these models to detect characteristic indicators of spearphishing attacks. • This dissertation aids the end users in making an informed decision about whether or not an e-mail attachment is what they expect. I present adopting a default policy of isolated attachment rendering. E-mails bearing attachments are transparently rewritten to contain static renderings of the attachments within a sandboxed virtual machine environment.

Benzer Tezler

  1. Tez No

    102669

    Sigortacılık sisteminde aktif-pasif yönetimi ve Türkiye hayat sigortası örneğinde portföy performansının boyutlarını belirleyen faktörlerin irdelenmesine ilişkin bir model denemesi

    Assets and liablity management in the insurance sector and investigating sectors that are determinating dimensions of the portfolio performance by relating to model testing in the Turkish life insurance sector

    ALİ İHSAN DOĞAN

    Doktora

    Türkçe

    Türkçe

    2001

    SigortacılıkMarmara Üniversitesi

    Bankacılık Ana Bilim Dalı

    PROF.DR. ABDÜLGAFFAR AĞAOĞLU

  2. Tez No

    694578

    Ödeme yöntemlerine yönelik karar modeli ve dijital cüzdan uygulamasıyla ilgili tüketici araştırması

    Decision model for payment methods and consumer research on digital wallet application

    SEDA ASMAZ GÜLER

    Yüksek Lisans

    Türkçe

    Türkçe

    2021

    Endüstri ve Endüstri Mühendisliğiİstanbul Teknik Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    PROF. DR. YUSUF İLKER TOPCU

  3. Tez No

    869564

    A new approach to corporate social responsibility: Corporate digital responsibility, analysis of Turkish banking and e-commerce sectors

    Kurumsal sosyal sorumluluğa yeni bir yaklaşım: Kurumsal dijital sorumluluk, Türk bankacılık ve e-ticaret sektörlerinin analizi

    CEYDA CİHAN AYDOĞDU

    Doktora

    İngilizce

    İngilizce

    2024

    BankacılıkGalatasaray Üniversitesi

    Radyo Televizyon ve Sinema Ana Bilim Dalı

    PROF. DR. BANU MÜJDE BASKAN KARSAK

  4. Tez No

    822060

    Pertübasyon yöntemi ile hassas veri güvenliğine yönelik çok değişkenli veriler için tahmin analizi

    Prediction analysis for multivariate data with respect to sensitive data security using the perturbation method

    İLKER İLTER

    Yüksek Lisans

    Türkçe

    Türkçe

    2023

    Endüstri ve Endüstri MühendisliğiSakarya Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    DOÇ. DR. SAFİYE SENCER

  5. Tez No

    692576

    İnsani yardım lojistiğinde dağıtım merkezi yer seçimi ve İstanbul uygulaması

    Distribution center location selection in humanitarian logistics and Istanbul application

    HAFİZE YILMAZ

    Doktora

    Türkçe

    Türkçe

    2021

    Endüstri ve Endüstri Mühendisliğiİstanbul Teknik Üniversitesi

    Endüstri Mühendisliği Ana Bilim Dalı

    DOÇ. DR. ÖZGÜR KABAK

Geri Dön