Paper Example on Analyzing Phishing Attacks in IoT Networks: A Literature Review

Introduction

The purpose of this literature review is to analyze several types of research done in the past by different authors. It will help in the understanding of existing research on phishing attacks in IoT networks and present the knowledge in a written report format (Gupta, Arachchilage and Psannis, 2018). Conducting the literature review will help in the building of knowledge, learning of concepts, techniques, and research methods that have been used in past researches on phishing attacks on the information of things devices (Gan and Heartfield, 2016). The literature review will also make it easier to understand the means through which research findings are outlined and discussed. Over the years, many research articles have been published by different authors using different procedures and techniques, and assessing such articles will help in formulating the understanding of the topic and a need for further research (Jing et al., 2014).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

What the Literature Review is trying to Explain

The literature review will try to explain phishing as a growing threat in the IoT devices, most of which the internet. The phishing attacks are conducted using specific communication methods such as emails, pop-up messages, web page levels, and other types of messages (Santos, Rabadao and Goncalves, 2018). It will also motivate a need for further research because, despite many techniques being explained as a means to deal with the internet menace, the researchers have been unable to provide reliable solutions that will help eradicate phishing activities (Lin et al., 2017).

(Gupta, Arachchilage and Psannis, 2018) explain that three main phases exist in the phishing cycle where various phishers repeat the cycles several times to be successful in an attack. In the first phase, the attacker explores several organizations and selects various targets from the list. They then create phishing websites, create many spam emails, and send them to the selected targets. The second phase begins when the victims read the spam emails, and the third phase begins when the users click on the link provided as they are redirected to the phishing site set.

Problem of Interest

The problem of interest is the way different individuals create and send identical messages and websites to deceive unsuspecting users (Shaikh, Shabut, and Hossain, 2016). Phishing attacks have been on the rise with more successful results being realized due to a lack of awareness about phishing in the society, as well as people frequently ignoring critical warning messages sent to them. The phishers use social engineering schemes in whaling to target employees in high government jobs so that they can acquire highly confidential information, most of which focus on their bank accounts and employee data. Such types of attacks are not easy to detect because they neither use fake websites nor malware.

Current Approaches to solving the problem

The current approaches to answer the challenge of phishing in IoT networks include Crime, prevention Review, and Investigation of gaps of research (CRI) approach and training users about phishing (Kharchenko et al., 2016). The CRI approach aims at supporting new researches and strengthening literature review for phishing crimes as it results in a useful literature review that helps to create effective frameworks in different studies (Ali, Sabir, and Ullah, 2016). The user training approach is an effective solution as it describes why users should not blindly follow links of websites, especially those that ask for sensitive information like passwords. A past study shows that it is useful to train users as it helps them to know fake websites as long as they read the materials on phishing seriously and understand why it is a crime (Deogirikar and Vidhate, 2017).

Hafeez et al. (2016) explain the Securebox, which is a cheap platform that is easily deployable for the securing and management of IoT networks. Security is, most of the time, overlooked in many IoT industries, especially the fast-growing ones because of a limitation of devices, development deadlines, and budget constraints. The secure box creates a model that is cloud-assisted and effectively acts in IoT environments that are resource-constrained (Hafeez et al., 2016). The secure box approach has two significant components, including Securebox Frontend and Security and Management Service, which play a significant part in the reduction of phishing cases. The platform stimulates cloud-based security, and other services of management, which include traffic analysis, automated updates of security and management of the users' preferences.

Challenges of the Approaches

The challenges of the CRI approach include low consumer education, which acts as a barrier to the prevention of phishing attacks (Hossain, Fotouhi, and Hasan, 2015). Exploring the online habits of users may pose a threat to any mitigation to reduce the effects of phishing or completely eradicate the vice (Cui et al., 2017). The quantitative data collected in one of the researches show that many people do not know how to categorize messages correctly in their emails. Age, gender, and education also are a hindrance to this approach as many people have little knowledge of online habits (Tewari, Jain, and Gupta, 2016). The challenges of the user training approach are such as users ignoring the materials presented to them because they feel that they are familiarized with the warnings they receive; hence they have a comprehensive knowledge on how to protect themselves from such attacks.

Conclusion

Internet technology is on the rise as many people adopt it in use for different purposes, from online social networks to various forms of online banking. However, such a rise comes with its share of disadvantages as many criminals have adopted phishing as a means of stealing from others. A solution to solve the challenges that face the approaches is for companies to create privacy and data security for their users and ensure that all the data that people offer to them is safeguarded and kept private. Companies that run social media sites and email services must provide their users are safe from attackers who aim at stealing information and using it in criminal activities. Assurance of privacy is only capable when companies adopt this strategy.

References

Ali, I., Sabir, S. and Ullah, Z., 2016. Internet of Things Security, Device Authentication, and Access Control: A Review. International Journal of Computer Science and Information Security (IJCSIS), 14(8) pp. 456-466.

Cui, Q., Jourdan, G.V., Bochmann, G.V., Couturier, R. and Onut, I.V., 2017, April. Tracking phishing attacks over time. In Proceedings of the 26th International Conference on World Wide Web (pp. 667-676).

Deogirikar, J., and Vidhate, A., 2017, February. Security attacks in IoT: A survey. In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics, and Cloud)(I-SMAC) (pp. 32-37). IEEE. 32-37.

Gan, D., and Heartfield, R., 2016. Social engineering on the internet of everything. Cutter IT Journal, 29(7), pp.20-29.

Gupta, B.B., Arachchilage, N.A., and Psannis, K.E., 2018. Defending against phishing attacks: the taxonomy of methods, current issues, and future directions. Telecommunication Systems, 67(2), pp.247-267.

Hafeez, I., Ding, A.Y., Suomalainen, L., Kirichenko, A. and Tarkoma, S., 2016, December. Secure box: Toward safer and smarter IoT networks. In Proceedings of the 2016 ACM Workshop on Cloud-Assisted Networking (pp. 55-60). https://dl.acm.org/doi/pdf/10.1145/3010079.3012014

Hossain, M.M., Fotouhi, M., and Hasan, R., 2015, June. Towards an analysis of security issues, challenges, and open problems in the internet of things. In 2015 IEEE World Congress on Services (pp. 21-28). IEEE. 1-8.

Jing, Q., Vasilakos, A.V., Wan, J., Lu, J., and Qiu, D., 2014. Security of the Internet of Things: perspectives and challenges. Wireless Networks, 20(8), pp.2481-2501.

Kharchenko, V., Kolisnyk, M., Piskachova, I. and Bardis, N., 2016. Markov model of the Smart Business Center wired network considering attacks on software and hardware components. International journal of computers and communications, 10, pp.113-119.

Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., and Zhao, W., 2017. A survey on the internet of things: Architecture, enabling technologies, security, and privacy, and applications. IEEE Internet of Things Journal, 4(5), pp.1125-1142.

Santos, L., Rabadao, C., and Goncalves, R., 2018, June. Intrusion detection systems in the Internet of Things: A literature review. In 2018 13th Iberian Conference on Information Systems and Technologies (CISTI) (pp. 1-7). IEEE.

Shaikh, A.N., Shabut, A.M., and Hossain, M.A., 2016, December. A literature review on phishing crime, prevention review, and investigation of gaps. In 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA) (pp. 9-15). IEEE.

Tewari, A., Jain, A.K., and Gupta, B.B., 2016. A recent survey of various defence mechanisms against phishing attacks. Journal of Information Privacy and Security, 12(1), pp.3-13.