WO2021251926A1 - Cyber attacker detection method - Google Patents
Cyber attacker detection method Download PDFInfo
- Publication number
- WO2021251926A1 WO2021251926A1 PCT/TR2021/050373 TR2021050373W WO2021251926A1 WO 2021251926 A1 WO2021251926 A1 WO 2021251926A1 TR 2021050373 W TR2021050373 W TR 2021050373W WO 2021251926 A1 WO2021251926 A1 WO 2021251926A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attacker
- website
- information
- cyber
- imitation
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Definitions
- the invention relates to a method that allows the detection of cyber attackers stealing the information of the website owner corporation clients, such as username, password, etc., by means of using the phishing websites developed for fraudulent on the internet environment.
- the invention relates to a method that allows to detect the information of cyber attackers operating particularly on the finance field with the help of marked data and imitation website.
- the attackers take the user's information via the phishing websites that they develop and then cause them material and moral damage.
- the cyber attackers copy the websites of corporations serving to their clients and publish them with the same content by using different domain names.
- the attackers only make changes in the code section of the website and in this way ensure that the information entered on the user entries is directed to themselves, not to the service provider corporations. Thereby they have the users of their target corporation clients log in to the fake website and aim to steal the combinations of username and password that they use to log in.
- the cyber attackers enter the real corporation websites with the username and password information that they have obtained and hence access into the user account.
- TR2017/01866 a system, which provides users with a phishing attack detection and blocking mechanism against phishing messages coming from channels such as e-mail, SMS, instant messaging applications in mobile device environments, is mentioned.
- the system does not contain a solution that allows the attacker's information to be detected.
- the present invention relates to the cyber attacker detection method in order to eliminate the above-mentioned disadvantages and to bring new advantages to the related technical field.
- the main object of the invention is to develop a method that allows the attacker's identification to be detected in the cyber attacks carried out by the phishing method.
- Another object of the invention is to develop a method that allows the financial loss of the users exposed to cyber attack to be prevented and/or regained by means of the detection of attacker's information.
- Another object of the invention is to present a deterrent method for the cyber attackers.
- the focus is on the fake websites that are operating on the finance sector and are used with the aim of phishing.
- the user accounts are accessed through legal corporate finance websites and the user's tangible assets are transferred to the attackers' accounts.
- Our invention aims to present people with a safer internet environment by the way of obtaining the attackers' information and transmitting it to the necessary authorities.
- the present invention in order to realize all the objects which are mentioned above and will emerge from the following detailed description, is a cyber attacker detection method that allows the attacker's information to be obtained in cyber attacks carried out by phishing method over the fake websites that imitate a legal corporate website established to give service to the customers for fraudulent purposes. Accordingly, the method comprises the process steps of • logging into the fake website created by the cyber attacker for fraudulent purposes, with the marked user data,
- Figure 1 gives a view of an exemplary system in which the method subject to our invention is applied.
- FIG. 1 gives a view of a system in which the method subject to our invention is applied.
- Our invention is a cyber attacker detection method that allows the attacker's (S) information to be obtained in cyber attacks carried out by phishing method over the fake websites (1 ) that imitate a legal corporate website (2) established to give service to the customers for fraudulent purposes.
- the fake websites (1 ) have been focused that are operating in the financial sector.
- Our invention uses the method of redirecting to the imitation website (4) imitating the corporate website (2) in order to obtain the attacker (S) information.
- the attacker (S) will see the marked username and password combination as a user data raising to the bait and will log into the corporate website (2).
- a firewall unit (3) that performs security control on the corporate website (2) will detect that the user information that wants to log in is marked and transfer the attacker's (S) session to the imitation website (4) that enables the detection of the attacker (S) information.
- the imitation website (4) is an environment designed by security experts (U) to be identical in appearance to the corporate website (2), but imitated in terms of content, user, and account information.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method that allows the detection of cyber attackers stealing the information of the website owner corporation clients, such as username, password, etc., by means of using the phishing websites developed for fraud on the internet environment.
Description
CYBER ATTACKER DETECTION METHOD
Technical Field
The invention relates to a method that allows the detection of cyber attackers stealing the information of the website owner corporation clients, such as username, password, etc., by means of using the phishing websites developed for fraudulent on the internet environment.
The invention relates to a method that allows to detect the information of cyber attackers operating particularly on the finance field with the help of marked data and imitation website.
Present State of the Invention
In today's cyber world, the attackers take the user's information via the phishing websites that they develop and then cause them material and moral damage. The cyber attackers copy the websites of corporations serving to their clients and publish them with the same content by using different domain names. The attackers only make changes in the code section of the website and in this way ensure that the information entered on the user entries is directed to themselves, not to the service provider corporations. Thereby they have the users of their target corporation clients log in to the fake website and aim to steal the combinations of username and password that they use to log in. The cyber attackers enter the real corporation websites with the username and password information that they have obtained and hence access into the user account. If there is a second verification method at the entry of corporation website, the attacker moves quickly and can enter the user information that they have obtained over the fake website into the real corporation website instantaneously. Thus, a second verification message is conveyed from the corporation to the user and the user enter this message to the fake website and consequently, convey this to the attacker again. The attacker will also have full access in the user account with the second verification information that he has obtained. The attacks, which were carried out with the phishing technique described, target especially online banking etc. offered to customers by financial institutions and thus provide access to the bank accounts of the users and in this way, the users suffer a great economic loss. In the present art, if it is detected that a website is phishing, an action is taken to close the website, but no action can be taken by the corporations for the detection of the attacker. This situation results in the attacker continuing to attack. Also, the money account numbers, which the cyber attackers have used to steal the tangible assets of the users, can only be learned as a result of the user complaint and blocked. Until the user complaint reaches the corporation, the money account will be available to the attacker. In the present art, there is no
system developed for the detection of attacker information in the cyber attacks carried out by the phishing. Therefore, it brings about the inability to prevent the financial loss experienced through phishing websites.
In the present art, there are systems developed for the detection of frauds carried out over the internet. In TR2017/01866, a system, which provides users with a phishing attack detection and blocking mechanism against phishing messages coming from channels such as e-mail, SMS, instant messaging applications in mobile device environments, is mentioned. The system does not contain a solution that allows the attacker's information to be detected.
Consequently, the problems that are mentioned above and could not be solved in the light of the present art made it necessary to make an innovation in the related technical field.
Summary of the Invention
The present invention relates to the cyber attacker detection method in order to eliminate the above-mentioned disadvantages and to bring new advantages to the related technical field.
The main object of the invention is to develop a method that allows the attacker's identification to be detected in the cyber attacks carried out by the phishing method.
Another object of the invention is to develop a method that allows the financial loss of the users exposed to cyber attack to be prevented and/or regained by means of the detection of attacker's information.
Another object of the invention is to present a deterrent method for the cyber attackers.
In the preferred embodiment of the invention, the focus is on the fake websites that are operating on the finance sector and are used with the aim of phishing. With the information obtained by the attackers through the fake phishing website, the user accounts are accessed through legal corporate finance websites and the user's tangible assets are transferred to the attackers' accounts. Our invention aims to present people with a safer internet environment by the way of obtaining the attackers' information and transmitting it to the necessary authorities.
The present invention, in order to realize all the objects which are mentioned above and will emerge from the following detailed description, is a cyber attacker detection method that allows the attacker's information to be obtained in cyber attacks carried out by phishing method over the fake websites that imitate a legal corporate website established to give service to the customers for fraudulent purposes. Accordingly, the method comprises the process steps of
• logging into the fake website created by the cyber attacker for fraudulent purposes, with the marked user data,
• taking the marked data entered on mentioned fake website by the cyber attacker for fraudulent purposes and entering a legally serving corporate website,
• detecting the attacker by determining that the data entered on the corporate website are marked data by a firewall unit that analyzes the entered information,
• redirecting the detected attacker to the imitation website that obtains the attacker information by imitating the corporate website mentioned by the firewall unit,
• transmitting the information of the attacker entering the imitation website and/or the information entered by the attacker on the imitation website to the relevant security units.
The present invention should be evaluated together with the figures explained below, in order that it will be constructed, and its advantages will be understood together with the additional elements in the best way.
Brief Description of The Figures
Figure 1 gives a view of an exemplary system in which the method subject to our invention is applied.
List of the Reference Numbers
1. Fake website
2. Corporate website
3. Firewall unit
4. Imitation website S: Attacker
U: Expert
Detailed Description of the Invention
In this detailed description, the innovation subject to the invention is explained with examples that do not have any limiting effect only for a better understanding of the subject.
Figure 1 gives a view of a system in which the method subject to our invention is applied. Our invention is a cyber attacker detection method that allows the attacker's (S) information to be obtained in cyber attacks carried out by phishing method over the fake websites (1 ) that imitate a legal corporate website (2) established to give service to the customers for fraudulent purposes. In the preferred embodiment of our invention, the fake websites (1 ) have been focused that are operating in the financial sector. Our invention uses the method of redirecting to the imitation website (4) imitating the corporate website (2) in order to obtain the attacker (S) information. The process becomes active by means of firstly entering a marked username and password combination by a security expert (U) on the fake website (1) created by the attacker (S). The attacker (S) will see the marked username and password combination as a user data raising to the bait and will log into the corporate website (2). A firewall unit (3) that performs security control on the corporate website (2) will detect that the user information that wants to log in is marked and transfer the attacker's (S) session to the imitation website (4) that enables the detection of the attacker (S) information. The imitation website (4) is an environment designed by security experts (U) to be identical in appearance to the corporate website (2), but imitated in terms of content, user, and account information. When the attacker (S) enters the imitation website (4), while he thinks that he has accessed the stolen user account and that everything is fine for him, the attacker's (S) movements are followed by the security experts (U). As soon as the attacker enters the imitation website (4), the access information such as IP address, country location is delivered to the security experts (U). Again, when the attacker tries to send money to his own bank account from the account he has logged in, he will also have transmitted his account information to the security experts (U). As a result, the security experts (u) will have obtained both the access and the bank account information of the attacker (S). When the obtained data is transmitted to the necessary authorities via the imitation website (4), since the attackers' (S) accounts are canceled, their work will be difficult and the process of catching the attackers (S) by the security forces will be facilitated.
Claims
1. A cyber attacker detection method that allows the attacker's (S) information to be obtained in cyber attacks carried out by phishing method over the fake websites (1) that imitate a legal corporate website (2) established to give service to the customers for fraudulent purposes, characterized by comprising the process steps of
• logging into the fake website (1) created by the cyber attacker (S) for fraudulent purposes, with the marked user data,
• taking the marked data entered on mentioned fake website (1) by the cyber attacker (S) for fraudulent purposes and entering a legally serving corporate website (2),
• detecting the attacker (2) by determining that the data entered on the corporate website (2) are marked data by a firewall unit (3) that analyzes the entered information,
• redirecting the detected attacker (S) to the imitation website (4) that obtains the attacker (S) information by imitating the corporate website (2) mentioned by the firewall unit (3),
• transmitting the information of the attacker (S) entering the imitation website (4) and/or the information entered by the attacker (S) on the imitation website (4) to the relevant security units.
2. The cyber attacker detection method according to claim 1 , characterized by comprising the process step of logging into the fake website (1) created by the cyber attacker (S) for fraudulent purposes, with the marked user data.
3. The cyber attacker detection method according to claim 1 , characterized by comprising the process step of transmitting the IP information and/or country location information of the attacker (S) logging into the imitation website (4) and/or the account information entered on the imitation website (4) by the attacker (S) to the relevant security units.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TR2020/08876A TR202008876A1 (en) | 2020-06-09 | 2020-06-09 | CYBER ATTACK DETECTION METHOD |
TR2020/08876 | 2020-06-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021251926A1 true WO2021251926A1 (en) | 2021-12-16 |
Family
ID=78846330
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/TR2021/050373 WO2021251926A1 (en) | 2020-06-09 | 2021-04-22 | Cyber attacker detection method |
Country Status (2)
Country | Link |
---|---|
TR (1) | TR202008876A1 (en) |
WO (1) | WO2021251926A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060161989A1 (en) * | 2004-12-13 | 2006-07-20 | Eran Reshef | System and method for deterring rogue users from attacking protected legitimate users |
US20130145462A1 (en) * | 2011-12-02 | 2013-06-06 | Institute For Information Industry | Phishing Processing Method and System and Computer Readable Storage Medium Applying the Method |
US20130312081A1 (en) * | 2012-05-18 | 2013-11-21 | Estsecurity Co., Ltd. | Malicious code blocking system |
US10511628B1 (en) * | 2019-03-07 | 2019-12-17 | Lookout, Inc. | Detecting realtime phishing from a phished client or at a security server |
-
2020
- 2020-06-09 TR TR2020/08876A patent/TR202008876A1/en unknown
-
2021
- 2021-04-22 WO PCT/TR2021/050373 patent/WO2021251926A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060161989A1 (en) * | 2004-12-13 | 2006-07-20 | Eran Reshef | System and method for deterring rogue users from attacking protected legitimate users |
US20130145462A1 (en) * | 2011-12-02 | 2013-06-06 | Institute For Information Industry | Phishing Processing Method and System and Computer Readable Storage Medium Applying the Method |
US20130312081A1 (en) * | 2012-05-18 | 2013-11-21 | Estsecurity Co., Ltd. | Malicious code blocking system |
US10511628B1 (en) * | 2019-03-07 | 2019-12-17 | Lookout, Inc. | Detecting realtime phishing from a phished client or at a security server |
Also Published As
Publication number | Publication date |
---|---|
TR202008876A1 (en) | 2021-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Kaur et al. | Dark web: A web of crimes | |
Brody et al. | PHISHING, PHARMING AND IDENTITY THEFT. | |
Jakobsson et al. | Phishing and countermeasures: understanding the increasing problem of electronic identity theft | |
Al-Musib et al. | Business email compromise (BEC) attacks | |
Banday et al. | Phishing-A growing threat to e-commerce | |
Blanco Hache et al. | ’Tis the season to (be jolly?) wise-up to online fraudsters. Criminals on the Web lurking to scam shoppers this Christmas: 1 a critical analysis of the United Kingdom's legislative provisions and policies to tackle online fraud | |
Kumar et al. | Detection of phishing attack using visual cryptography in ad hoc network | |
Sonowal et al. | Introduction to phishing | |
Stevenson | Plugging the" Phishing" Hole: Legislation Versus Technology | |
Jakobsson | The rising threat of launchpad attacks | |
Bhardwaj et al. | Types of hacking attack and their countermeasure | |
Tundis et al. | The role of Information and Communication Technology (ICT) in modern criminal organizations | |
WO2021251926A1 (en) | Cyber attacker detection method | |
Greer | The growth of cybercrime in the United States | |
Bhati et al. | Prevention approach of phishing on different websites | |
Hegt | Analysis of current and future phishing attacks on internet banking services | |
Berghel et al. | Phish phactors: Offensive and defensive strategies | |
Ayub et al. | Trends, Patterns and Consequences of Cybercrime in Nigeria | |
Cassim | Addressing the spectre of phishing: are adequate measures in place to protect victims of phishing? | |
Dhanalakshmi et al. | Fraud and Identity Theft Issues | |
Nemane et al. | An Anti-Phishing Strategy Based on Visual Cryptography | |
Butler | Investigation of phishing to develop guidelines to protect the Internet consumer's identity against attacks by phishers | |
Tanvir | Phishing-An Analysis About Types, Causes, Preventives and Case Research in The Modern-Day Situation | |
Mihai | Overview on phishing attacks | |
Ceesay | Mitigating phishing attacks: a detection, response and evaluation framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21821496 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21821496 Country of ref document: EP Kind code of ref document: A1 |