Skip to main content
SpringerLink
Log in

AntiPhiMBS: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Application Level

  • Conference paper
  • First Online:
Intelligent Information and Database Systems (ACIIDS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 12672))

Included in the following conference series:

Abstract

A main challenge in the mobile banking system is to mitigate security risks such as phishing attacks, man in the middle attacks, replay attacks, etc. Verizon’s 2019 Data Breach Investigations Report (DBIR) reveals that nearly one-third of all data breaches involved phishing attacks in many kinds of ways. The phishing attack is a type of social engineering attack to steal secret information from users. This paper proposes a new anti-phishing model for Mobile Banking System (AntiPhiMBS) that prevents mobile users from phishing attacks in the mobile banking system at the application level. The model prevents mobile users from phishing app installation by using application id, token number, and a unique id for application received from the bank to operate the mobile banking system. The phisher does not know the application id, token number, and unique id and the relationship among them and is unable to install phishing apps on the user’s mobile. This paper develops the new anti-phishing model AntiPhiMBS with system properties specified using Process meta language (PROMELA) that are successfully verified using Simple PROMELA Interpreter (SPIN). The SPIN verification results show that the proposed anti-phishing model is error-free, and the financial institutions can implement the verified model for mitigating phishing attacks in the mobile banking system at the application installation level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zahid Hasan, M., Sattar, A., Mahmud, A., Talukder, K.H.: A multifactor authentication model to mitigate the phishing attack of e-service systems from Bangladesh perspective. In: Shetty, N.R., Patnaik, L.M., Nagaraj, H.C., Hamsavath, P.N., Nalini, N. (eds.) Emerging Research in Computing, Information, Communication and Applications. AISC, vol. 882, pp. 75–86. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-5953-8_7

    Chapter  Google Scholar 

  2. Shankar, A., Shetty, R., Badrinath, K.: A review on phishing attacks. Int. J. Appl. Eng. Res. 14(9), 2171–2175 (2019)

    Google Scholar 

  3. Bojjagani, S., Brabin, D., Rao, V.: PhishPreventer: a secure authentication protocol for prevention of phishing attacks in mobile environment with formal verification. In: Thampi, S., Madria, S., Fernando, X., Doss, R., Mehta, S., Ciuonzo, D. (eds.) Third International Conference on Computing and Network Communications 2019, vol. 171, pp. 1110–1119. Elsevier B.V, Heidelberg (2020)

    Google Scholar 

  4. Aribake, F.O., Aji, Z.M.: Modelling the phishing avoidance behavior among internet banking users in Nigeria: the initial investigation. J. Comput. Eng. Technol. 4(1), 1–17 (2020)

    Google Scholar 

  5. Megha, N., Ramesh babu, K.R., Sherly, E.: An intelligent system for phishing attack detection and prevention. In: Proceedings of the Fourth International Conference on Communication and Electronics Systems, pp. 1577–1582. IEEE Xplore, Coimbatore, India (2019). https://doi.org/10.1109/icces45898.2019.9002204

  6. Khalid, J., Jalil, R., Khalid, M., Maryam, M., Shafique, M.A., Rasheed, W.: Anti-phishing models for mobile application development: a review paper. In: Bajwa, I.S., Kamareddine, F., Costa, A. (eds.) INTAP 2018. CCIS, vol. 932, pp. 168–181. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-6052-7_15

    Chapter  Google Scholar 

  7. Glavan, D., Racuciu, C., Moinescu, R., Eftimie, S.: Detection of phishing attacks using the anti-phishing framework. Sci. Bull. Naval Acad. 13(1), 208–212 (2020)

    Google Scholar 

  8. Doke, T., Khismatrao, P., Jambhale, V., Marathe, N.: Phishing-inspector: detection & prevention of phishing websites. In: Patil, D.Y. (ed.) International Conference on Automation, Computing and Communication 2019, vol. 32, pp. 1–6. EDP Sciences, India (2020). https://doi.org/10.1051/itmconf/20203203004

    Chapter  Google Scholar 

  9. Meena, K., Kanti, T.: A review of exposure and avoidance techniques for phishing attack. Int. J. Comput. Appl. 107(5), 27–31 (2014)

    Google Scholar 

  10. Naidu, G.: A survey on various phishing detection and prevention techniques. Int. J. Eng. Comput. Sci. 5(9), 17823–17826 (2016)

    Google Scholar 

  11. Akinyede, R.O., Adelakun, O.R., Olatunde, K.V.: Detection and prevention of phishing attack using linkguard algorithm. J. Inf. 4(1), 10–23 (2018). https://doi.org/10.18488/journal.104.2018.41.10.23

    Article  Google Scholar 

  12. Yeop Na, S., Kim, H., Lee, D.H.: Prevention schemes against phishing attacks on internet banking systems. Int. J. Adv. Soft Comput. Appl. 6(1), 1–15 (2014)

    Google Scholar 

  13. Lacey, D., Salmon, P., Glancy, P.: Taking the bait: a systems analysis of phishing attacks. In: 6th International Conference on Applied Human Factors and Ergonomics and the Affiliated Conferences, vol. 3, pp. 1109–1116. Elsevier, Australia (2015). https://doi.org/10.1016/j.promfg.2015.07.185

  14. Bann, L.L., Singh, M.M., Samsudin, A.: Trusted security policies for tackling advanced persistent threat via spear phishing in BYOD environment. In: The Third Information Systems International Conference, vol. 72, pp. 129–136. Elsevier ScienceDirect, Penang Malaysia (2015). https://doi.org/10.1016/j.procs.2015.12.113

  15. Cheves, D.A.: The impact of cybercrime on e-banking: a proposed model. In: International Conference on Information Resources Management, pp. 1–10. Association for Information Systems AIS Electronic Library, West Indies (2019)

    Google Scholar 

  16. Mouton, F., Leenen, L., Venter, H.S.: Social engineering attack detection model: SEADMv2. In: International Conference on Cyberworlds, pp. 216–223. IEEE, Pretoria, South Africa (2015). https://doi.org/10.1109/cw.2015.52

  17. Shashidhar, N., Chen, L.: A phishing model and its applications to evaluating phishing attacks. In: Proceedings of the 2nd International Cyber Resilience Conference, pp. 63–69. Edith Cowan University, Perth Western Australia (2011)

    Google Scholar 

  18. Rajalingam, M., Alomari, S.A., Sumari, P.: Prevention of phishing attacks based on discriminative key point features of webpages phishing attacks. Int. J. Comput. Sci. Secur. 6(1), 1–18 (2012)

    Google Scholar 

  19. Aburrous, M., Hossain, M.A., Dahal, K., Thabtah, F.: Experimental case studies for investigating e-banking phishing techniques and attack strategies. Cogn. Comput. 2, 242–253 (2010). https://doi.org/10.1007/s12559-010-9042-7

    Article  Google Scholar 

  20. Oh, Y., Obi, T.: Identifying phishing threats in government web services. Int. J. Inf. Netw. Secur. 2(1), 32–42 (2013)

    Google Scholar 

  21. Jakobsson, M.: Modeling and Preventing Phishing Attacks. In: Patrick, Andrew S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, p. 89. Springer, Heidelberg (2005). https://doi.org/10.1007/11507840_9

    Chapter  MATH  Google Scholar 

  22. Jagadeesh Kumar, P.S., Nedumaan, J., Tisa, J., Lepika, J., Wenli, H., Xianpei, L.: New malicious attacks on mobile banking applications. Mob. Netw. Appl. 21(3), 561–572 (2016). Special Issue on Mobile Reliability, Security and Robustness, Springer

    Google Scholar 

  23. Yildirim, N., Varol, A.: A research on security vulnerabilities in online and mobile banking systems. In: 7th International Symposium on Digital Forensics and Security, pp. 1–5. IEEE, Barcelos, Potugal (2019)

    Google Scholar 

  24. Hammood, W.A., Abdulla, R., Hammood, O.A., Asmara, S.M., Al-Sharafi, M.A., Hasan, A.M.: A review of user authentication model for online banking system based on mobile imei number. In: The 6th International Conference on Software Engineering & Computer Systems, IOP Conf. Series: Materials Science and Engineering 769, Kuantan, Pahang, Malaysia (2020). https://doi.org/10.1088/1757-899x/769/1/012061

  25. Dhoot, A., Nazarov, A.N., Koupaei, A.N.A.: A security risk model for online banking system. In: 2020 Systems of Signals Generating and Processing in the Field of on Board Communications, pp. 1–4. IEEE, Moscow, Russia (2020)

    Google Scholar 

  26. Akinyede, R.O., Esese, O.A.: Development of a secure mobile e-banking system. Int. J. Comput. 26(1), 23–42 (2017)

    Google Scholar 

  27. Ahmed, A.A., Adullah, A.N.: Real time detection of phishing websites. In: 7th Annual Information Technology, Electronics and Mobile Communication Conference, pp. 1–6. IEEE, Vancouver, Canada(2016)

    Google Scholar 

  28. APWG Homepage. https://docs.apwg.org/reports/apwg_trends_report_q1_2020.pdf. Accessed 11 Nov 2020

  29. JUNIPER Research. https://www.juniperresearch.com/press/press-releases/digital-banking-users-to-exceed-3-6-billion. Accessed 12 Nov 2020

  30. VERIZON data breach investigation report. https://docs.apwg.org/reports/apwg_trends_report_q1_2020.pdf. Accessed 11 Nov 2020

Download references

Author information

Authors and Affiliations

  1. Department of Information and Computer Sciences, Saitama University, Saitama, 338-8570, Japan

    Tej Narayan Thakur & Noriaki Yoshiura

Authors
  1. Tej Narayan Thakur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Noriaki Yoshiura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Noriaki Yoshiura .

Editor information

Editors and Affiliations

  1. Wrocław University of Science and Technology, Wrocław, Poland

    Ngoc Thanh Nguyen

  2. King Mongkut's Institute of Technology Ladkrabang, Bangkok, Thailand

    Suphamit Chittayasothorn

  3. Nanyang Technological University, Singapore, Singapore

    Dusit Niyato

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Bogdan Trawiński

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Thakur, T.N., Yoshiura, N. (2021). AntiPhiMBS: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Application Level. In: Nguyen, N.T., Chittayasothorn, S., Niyato, D., Trawiński, B. (eds) Intelligent Information and Database Systems. ACIIDS 2021. Lecture Notes in Computer Science(), vol 12672. Springer, Cham. https://doi.org/10.1007/978-3-030-73280-6_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-73280-6_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-73279-0

  • Online ISBN: 978-3-030-73280-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation