Minimizing user’s role in phishing prevention

A paper presented to Prof. Michael Robinson and Prof. Vicki Parrish In partial fulfillment of the requirements for CMPE 294 By Piyushkumar Patel SID # 4840057 San Jose State University San Jose, California May 2008

TABLE OF CONTENTS

ABSTRACT............................................................................................................ 4 INTRODUCTION.................................................................................................. 4 PROJECT DESCRIPTION .................................................................................. 5 GOALS OF THE PROJECT................................................................................ 5 LITERATURE REVIEW ..................................................................................... 6 WHY USERS ARE BEING TRICKED .......................................................................... 6 1.) Lack of proper technical knowledge ........................................................... 6 2.) Lack of attention to security indicators....................................................... 7 3.) Visual deception .......................................................................................... 8 4.) Forged emails.............................................................................................. 9 5.) Visual similarity ........................................................................................ 10 WHY BROWSERS FAIL?....................................................................................... 10 Internet Explorer and Mozilla Firefox ........................................................... 10 ANTI PHISHING TOOLBARS .................................................................................. 11 1.) NetCraft ..................................................................................................... 11 2.) Google Safe Browsing............................................................................... 11 3.) SiteAdvisor ................................................................................................ 11 4.) SpoofGuard ............................................................................................... 11 SITEKEY AND SIGN-IN SEAL ................................................................................ 12 DESIGN PROPOSAL ......................................................................................... 14 DESIGN ................................................................................................................ 14 ANTI PHISHING ENGINE ...................................................................................... 15 TYPO ENGINE ...................................................................................................... 16 DATABASE TRACKER .......................................................................................... 18 PASSWORD PROTECTOR ...................................................................................... 18 USER AWARENESS........................................................................................... 19 TRAINING AS A PART OF THE GAME .................................................................... 19 CONCLUSION..................................................................................................... 20 REFERENCE:...................................................................................................... 21

2

LIST OF FIGURES

FIGURE 1 SSL SECURITY ALERT ...............................................................................7 FIGURE 2 FIREFOX DISPLAYS YELLOW COLOR IN NAVIGATOR ..................................8 FIGURE 3 PAGE DISPLAYED AS STANDARD WINDOW ................................................9 FIGURE 4 INTERACTION BETWEEN SUB SYSTEMS ....................................................15 FIGURE 5 FLOW DIAGRAM OF ANTI PHISHING ENGINE .............................................17

3

ABSTRACT Phishing is an illegal activity tried to acquire sensitive user information by sending out fake web pages or emails on the Internet. Phishing attacks are sophisticated and masked as a reliable entity that makes almost every user vulnerable. User’s role aggravates the situation because of inability to recognize such crafted attacks. The increasing number of complex phishing attacks cause more financial damage. Most of the attackers use social engineering techniques to fool users. An extensive solution is needed that minimizes user’s role to identify and further prevent phishing attacks. INTRODUCTION To develop a substantial system that prevents advance phishing attacks we need to understand why different phishing strategies work and how an average user responds to them. We need to inspect fraudulent websites that present remarkable interface causing victims to overlook security. Research shows that current security measures are proven obsolete against advance phishing attacks especially where user interaction is highly desirable [1]. A study of existing browser built-in phishing prevention strategies and related flaws can be helpful to build a better anti-phishing system. In future, anti phishing systems should only acknowledge phishing attempts to user and further should refuse user from accessing fraudulent web sites. Virtually, it should not involve and expect user to bring out decisive actions that prevent fraudulent websites.

4

PROJECT DESCRIPTION In this paper, we studied how phishing works and why users fail to recognize different phishing attempts. We assessed existing phishing prevention techniques and tools. Some of them are incorporated in browsers such as certificate warnings, visual security indicators and toolbars while the others are standalone applications or web services. We also analyzed behavior of popular web browsers’ phishing prevention techniques and derived that most of them don’t acknowledge needs for a large community of users. User’s role plays an important role in phishing prevention. We explored visual deception phishing techniques including but not limited to deceptive text in URL, images under text, fake images mimicking windows, masking windows, and deceptive look and feels of websites [1]. We also analyzed how visual content comparison tools can play an important role to distinguish fake websites with complex graphics.

In this paper, we will study various techniques to address current issues with existing plug-ins and tool bars to prevent phishing. We are proposing a solution to minimize user’s role in phishing prevention by enhancing and introducing new anti-phishing system. Finally we will conduct analysis to find an easy and entertaining way for user education. GOALS OF THE PROJECT By this project we want to introduce a modular approach to prevent phishing attempts. The proposed solution will refuse access to illegitimate websites before users can interact with them. We want to prove how user’s browsing patterns and history can be helpful to decide anti-phishing strategies and develop automatic machine learning environment. We

5

want to build a system that could be precise by itself with minimum participation of a user. We want to address and incorporate certain behavioral aspects of users in our proposal.

We aim to educate users and spread awareness to achieve more reliability within the system. We need to make user training more interesting and entertaining. Spreading community awareness among other users by sharing the knowledge would also be our intention. LITERATURE REVIEW

Why users are being tricked? Dhamija et al. indicates that 90% of users are unable to identify good phishing websites because a large number of users ignore both security indicators and warnings without proper knowledge [1]. Attackers achieved certain strategies to trick such users. The most common problems with an average user are, 1.) Lack of proper technical knowledge Most of the users are not aware of how the Internet and their own underlying system work. Users who lack such technical knowledge are likely to phishing attacks. They fail to distinguish fraudulent websites from legitimate websites. User’s unawareness to domain name system and URLs worsens the problem. For example, most of the users believe that www.paypal.com and www.pay-pal.com is same. They believe www.members-bankofamerica.com is a part of Bank of America’s websites. They can’t

6

even distinguish that www.ebay.com.us is not actually www.ebay.com. These users often have some confusion in reading email headers that helps to identify actual senders. 2.) Lack of attention to security indicators Users often fail to recognize various security warnings or indicators within the browser. For example, Firefox web browser shows a padlock icon in the right corner when a secure connection is established. Most of the users are not aware of this padlock icon because they don’t have any knowledge of SSL. They tend to overlook browser’s address bar, tool bars and indicators. The attackers can trick users by taking advantage of their uneasiness to verify authenticity of a website. For example, most of the users say yes to the following security alert,

Figure 1 SSL Security Alert

7

Figure 2 Firefox displays yellow color in navigator

Users are not vigil enough to security indicators embedded in browsers and some of them even don’t know about their presence. For example, the navigator in the Firefox web browser turns yellow for legitimate SSL connection as shown in Figure 2. Research indicates that browser indicators are proven ineffective to shield against advance phishing attacks [1]. 3.) Visual deception Visual deception is the most common trick used by attackers. They use number of techniques, for example, in a link to Paypal’s website they direct users to www.paypa1.com which remains unnoticed by most of the users. They also use long, malformed or obfuscated URLs with similar visual content. Another classic example of visual trick is referring to www.bankofthevvest.com site where VV looks as W in the URL.

8

If a user is aware of browser’s security indicators even then an experienced attacker can present an image as a part of the webpage. The image could overlay the navigation bar or part of it to show a padlock icon hiding the original URL. Sometimes attackers present an image with the help of scripting languages to hide underlying text or a link. It can direct users to spoofed web site when clicked. They can provide a small webpage that mimics the actual window of operating system as shown in Figure 3. Normally attackers present it in form of error or warning to get quick response from users. A combination of such techniques works very effectively against average user on the Internet.

Figure 3 Page displayed as standard Window

4.) Forged emails Email helps attackers to misguide users. Most of the phishing emails pretends to be sent by legitimate organization of user’s interest, mostly banks. Attackers use well known graphics associated with the firm or the company to send out promotions, winning

9

notifications or security warnings as a part of social engineering techniques. It’s been noticed that users are likely to respond faster if the emails are sent or forwarded by a known user e.g. a friend. Attackers often include information retrieved from social networks to generate sophisticated attack that looks welcoming. Usually sender’s email address is fake in such emails to conceal the identity of an attacker. 5.) Visual similarity Sometimes attackers present websites with same look and feel as legitimate websites. They include rich graphics to make it similar as original website. Users tend to believe it legitimate when they find same looking contents and graphics. They fail to notice other indicators under influence of rich graphics. In her research paper, Dhamija et al. noticed that the phishing site with the best graphics was able to trick more than 90% of users [1].

Why Browsers Fail? Most of the browsers today provide inbuilt phishing prevention techniques. They help upto certain extent but when user takes an active participation, they seem to fail. Internet Explorer and Mozilla Firefox The new version of Internet Explorer comes with inbuilt Phishing Filter working based on a blacklist and a whitelist of phishing sites. On average, half of the IE’s users are either unaware of this inbuilt phishing filter or don’t enable it. The filter is configurable by users hence can be configured in wrong way. Due to lack of proper documentation and training, sometimes users are unaware of the exact meaning of various indicators. As a result confusions arise for actions to be taken on a phishing attempt. Apart from plug-ins browsers have some serious design issues as well. For example, a number of phishing

10

attempts are made by visual deception that involves Javascript but there is no way a user can disable Javascript temporarily on the Internet Explorer. Raffetseder, et al. describes that development of an extensive anti-phishing browser plug-in requires engineering exercise which is not found in recently available browser [2].

Anti phishing toolbars A numbers of third party tools are available that claims to prevent phishing. Most of them come as a browser extension or as a toolbar. Garera et al. studied some popular toolbars and plug-ins and reveals that most of them are proven weak [3]. 1.) NetCraft NetCraft comes as a browser toolbar that checks for valid domain name of sites. NetCraft uses a database of web sites to check domain name. It’s hard for it to spot new phishing sites. 2.) Google Safe Browsing Google toolbar uses blacklist of forged websites built on a database and have similar problem as NetCraft. 3.) SiteAdvisor It primarily works on website rating and if the spoofed website is relatively new then it may not reflect the proper rank instantly. 4.) SpoofGuard SpoofGuard performs several checks to decide authenticity of a website. It first checks for possible domain name and URL forgery. Then it performs password field and link check following by content comparison. It assigns weight for each individual check and if the total weight of all the check exceeds the predefined threshold then it triggers warning

11

to the user. SpoofGuard is more promising than other toolbars because it doesn’t involve blacklist, whitelist or any database [4]. SpoofGuard though suffers from false positives and sometimes annoy the user by insignificant warnings. Users ignore such warning messages and sometimes reduce the threshold that essentially invites phishing.

In general most of the tools use database of spoofed websites. The basic nature of fraudulent websites is their volatile nature making it difficult to spot them and list in such databases explicitly. Another disadvantage of toolbars is their location in the browser. They appear on periphery of a browser and most of the users don’t pay attention to their indicators. Some of them appear as a popup warning which alerts the users but possible false positives diverts them to ignore warnings and proper trust relationship could not be established.

SiteKey and sign-in seal SiteKey is a two phase secure authentication process introduced by Bank of America. In the first phase, user is asked for a challenge question. This challenge is based on some user information known in advance such as security question, social security number or a birth date. The first phase authenticates the user and then the server shows a SiteKey which is a combination of text and a small picture. If the user identifies his own SiteKey, the server is proven to be genuine and user can provide the real password.

The next time, if the user tries to access the website from the same machine then the first phase of authentication is bypassed. In order to achieve it, the server provides a SiteKey bypass token to the machine for the first time. This bypass token can be stored as a browser cookie or persistent object on user’s machine. A number of security flaws are 12

found in SiteKey approach. Toull et al. discussed them in detail and found that the most common problem is the Man in the Middle attack where a proxy server can silently sniff the traffic and later replay user credentials [5].

Yahoo provided a better solution as a sign in seal on its webpage. The sign in seal can be created by any user which remains same for the system. The seal is stored on the server and retrieved by the client when the browser requests for the page. It requires a unique identifier to be stored on user’s machine in form of cookie or persistent object. Attacker or eaves dropper could get the encrypted identifier but not the sign in seal. The problem with this approach is the storage of the identifier. If the browser history or cookies are removed then the sign in seal doesn’t work. This scheme doesn’t work well on public terminals. Moreever if the site is spoofed when the seal is not displayed on public machines, user falsely believe it as a legitimate site. The frequency of sign in attempts also impacts the success rate in this approach. User signing in several times on daily basis tends to ignore the seal as compared to the user who signs in every week.

Attackers can exploit these anti phishing approaches with a combination of techniques discussed earlier. A new approach against visual deception is derived by Dhamija et al. where the server proves its identity to the user by presenting shared visual secret [6]. In this approach, a visual hash is provided by the server as a part of the webpage objects such as text boxes, drop down lists or buttons. An attacker can sniff the conversation but can’t reverse the hash. In another approach Ross et al. describes a new idea to prevent password stealing by spoofed site [7]. A password is derived and stored as a hash of original password and URL of the legitimate site. If the URL is spoofed, the computed

13

hash is invalid. It provides irreversible hash to the attacker. This process doesn’t involve the user except for the first time to trigger the hash function. DESIGN PROPOSAL Users can reveal any information that is known to them and attackers can take advantage of it. Attackers could retrieve information that a user can retrieve or provide. Some behavioral aspects of an average user should be considered in the design of anti-phishing system. For example, tool bars or other indicators are small in size and can easily be neglected. Research shows that popup warnings are more effective than passive indicators [8]. One potential disadvantage of popup warning is their accuracy. Users ignore them if they are produced from false positives. We need to configure our system in such a way that best adapt to user’s behavior.

To develop an anti-phishing system user’s browsing patterns could be very helpful. Browser should be responsive to unusual activities but it should be aware of user’s behavior based on browsing patterns. In fact any rigorous action taken by browser, impact the user’s behavior in the future. For example, if the browser produces pop up warnings for less significant fault then the user would decrease the threshold or disable such security warnings. DESIGN

Proposed system would be a combination of phishing prevention techniques derived from existing toolbars, current research and some new approaches. It could be a browser plugin or a small standalone application. We would divide the system in several sub systems. Figure 4 gives an overview of its communication architecture. 14

White list of URLs Anti phishing Engine

Database

Black list of URLs

Password Protector

Typo Engine

Figure 4 Interaction between sub systems

Anti Phishing engine

The anti-phishing engine would be a combination of various techniques currently deployed in toolbars. It implements a chaining mechanism to decide the legitimacy of a website. Figure 5 shows the flow of an engine. Following steps describes its behavior,

1. It first checks the website domain name and URL in the blacklist before the GET method is called by browser. Known spoofed websites are blocked at this point. If the URL is not found in the blacklist then it lookups the URL from the whitelist of trusted sites.

15

2. If the engine fails to get a URL from the whitelist, the website is considered to be new. For each new website the engine checks for the domain name and possible URL forgeries. Then it performs the check for links, sub links and references of a web page against the blacklist. Further password fields and other web page contents are checked. This entire process weights a website based on the results from each check. If all of the tests are successfully passed with proper total weight then a website is allowed for an access to the user. Its contents are saved in the local database and the URL is marked in the whitelist with minimum rank. 3. If the website is found in the whitelist then the contents of the website are checked against the stored contents of the same website. Every time when a user successfully accesses the website its contents are stored hence the local database always contains the latest copy of any desired webpage. If the contents are not matched as per the threshold value, user is blocked to access the website. Above certain threshold value, it will be removed from the database and unlisted from the whitelist.

Typo engine

The typo engine works as small daemon running in the background. It retrieves the website name or URL from the whitelist. A function that randomly shuffles the character of URL will be implemented inside it. For example, if www.google.com is retrieved from the whitelist, it will generate URLs such as www.googe.com, www.gogle.com etc. The selection of a URL from the whitelist is based on the rank associated with the URL. If the site is highly accessed by the user then the rank associated with it will be higher as compared to the new site and will be retrieved first by Typo engine. The generated URLs

16

are then passed to a browser simulator to go through an entire process of checking by another instance of anti-phishing engine. At the end if the site is found illegitimate then it is added in the black list otherwise it will be discarded. User will not be prompted Start

Check website/URL in the black list

Yes URL found

No Check URL in the white list

Check the contents from database

Warning

Yes URL found

No

Block user accessing website

Check for URL forgery, password fields, sub links etc. Assign proper weight.

Save contents in the database

Allow user to access web site

Mark it in white list with minimal rank

End

Figure 5 Flow diagram of anti phishing engine

17

for any action taken by the Typo engine.

In the checking process the browser simulator will provide dummy information if the website is found. For example, the Typo engine generated www.gmil.com will be provided with fake credentials by simulator and will check for potential redirection or spoofed result page. The beauty of this engine is its automatic background operation which will be activated only when the browser is idle.

Database tracker

This module can retrieve and share white lists with other peers. The potential problem with this tracker could be the security of data being transferred between peers.

Password protector

A webpage with password or other fields that can reveal sensitive information are marked by Password protector module. For the first time when the user provides credentials, they are stored in the database. When a user tries to access the website again it will be checked by anti-phishing engine. If it is identified as a genuine website then a user is asked to provide the master password. This master password is created by user and stored on the disk. The Password protector module automatically fills the webpage with stored credentials, retrieved from the database, when provided with a master password. User can check the credentials and submit them. This process shields user from accidental mistakes by system or him. The password hashing described by Ross et al. can be used to provide better security [7].

18

When a URL is needed to be stored, it will be stored as a hash. The hash function for individual system will be different so that a whilelist or a blacklist can not be spoofed by other systems.

We would implement this system as an Open source project and seek help from current researchers. We plan to implement it as a standalone application first and later as a browser extension. The proposed system can take advantage of behavioral responses of user and provide collaborative machine learning techniques. It will use large overlaying windows to warn the users. Though the accuracy can be an issue when using such blocking messages. USER AWARENESS

Irrespective of the precision of any anti-phishing system user awareness is always required. A browser however should monitor user actions in response to phishing warnings or suggestions and should refer user to a training program that specifies secure browsing methods. Now the question is how to best convince user to take this training program? User tends to refuse or be inattentive to such cumbersome training programs.

Training as a part of the game

Research shows that well designed education and training can be effective to educate users [9]. Users are willing to accept entertaining education. A small game could be more helpful to educate users about security. Sheng et al. have developed a game that educates users about phishing [10]. The player in this game has to kill a fish that displays malformed URLs or domains. A helper inside the game provides suggestions to player to

19

distinguish the target fish. In the end, the game shows statistics where user failed to recognize the fish. The next level of the game would be accessible only if the user scores above the defined threshold. Gradually role of the helper reduces when the user gets comfortable in recognizing the fish. We would advance this approach further by feeding results into anti-phishing system. The results and statistics of the game could be helpful in setting threshold value of modules in anti-phishing engine. For example, if the user scores less to recognize URLs with IP address, the threshold is set to high value for the URL check. This approach inside engine provides automatic machine learning. User initially starts from highest threshold values in the system and gradually they get tuned as per user’s behavior. High accuracy and performance can be achieved through this approach. CONCLUSION

Our study reveals how current research and some new ideas can be integrated to develop more reliable anti-phishing tool. We concluded that average user is prone to sophisticated attacks if involved in making decisions to avoid phishing. We need to minimize user’s efforts and participation by introducing reliable system. The design approach specified in this paper can be helpful to enhance or develop consistent system. We derived that user data and their browsing patterns can be helpful to achieve automation. Anti-phishing system can learn itself and share the information among community to prevent phishing attacks. We also derived that user education can be effective if provided as an entertaining game and can further help both the self learning system and the user.

20

REFERENCE: 1. Dhamija, R., Tygar, J. D., and Hearst, M. 2006. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22 - 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 581-590. DOI= http://doi.acm.org/10.1145/1124772.1124861 2. Raffetseder, T., Kirda, E., and Kruegel, C. 2007. Building Anti-Phishing Browser Plug-Ins: An Experience Report. In Proceedings of the Third international Workshop on Software Engineering For Secure Systems (May 20 - 26, 2007). International Conference on Software Engineering. IEEE Computer Society, Washington, DC, 6. DOI= http://dx.doi.org/10.1109/SESS.2007.6 3. Garera, S., Provos, N., Chew, M., and Rubin, A. D. 2007. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM Workshop on Recurring Malcode (Alexandria, Virginia, USA, November 02 - 02, 2007). WORM '07. ACM, New York, NY, 1-8. DOI= http://doi.acm.org/10.1145/1314389.1314391 4. Zhang, Y., Egelman, S., Cranor, L. F., and Hong, J. Phinding Phish: Evaluating AntiPhishing Tools. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007) (San Diego, CA, 28th February - 2nd March, 2007). Retrieved May 4, 2008, from http://lorrie.cranor.org/pubs/ndss-phish-toolsfinal.pdf 5. Youll, J. 2006. Fraud Vulnerabilities in SiteKey Security at Bank of America. Review draft to Bank of America/RSA (Cambridge, MA, July 18, 2006). Retrieved May 3, 2008, from http://cr-labs.com/publications/SiteKey-20060718.pdf

21

6. Dhamija, R. and Tygar, J. D. 2005. The battle against phishing: Dynamic Security Skins. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 06 - 08, 2005). SOUPS '05, vol. 93. ACM, New York, NY, 77-88. DOI= http://doi.acm.org/10.1145/1073001.1073009 7. Ross, B, Jackson, C., Miyake, N., Boneh, D., and Mitchell, J. C. 2005. Stronger Password Authentication Using Browser Extensions. In Proceedings of the 14th Usenix Security Symposium, 2005 (Baltimore, MD, August 1–5, 2005). Retrieved May 1, 2008, from http://crypto.stanford.edu/PwdHash/pwdhash.pdf 8. Wu, M., Miller, R. C., and Garfinkel, S. L. 2006. Do security toolbars actually prevent phishing attacks?. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22 - 27, 2006). R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 601-610. DOI= http://doi.acm.org/10.1145/1124772.1124863 9. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., and Nunge, E. 2007. Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (San Jose, California, USA, April 28 - May 03, 2007). CHI '07. ACM, New York, NY, 905-914. DOI= http://doi.acm.org/10.1145/1240624.1240760 10. Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L. F., Hong, J., and Nunge, E. 2007. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007). SOUPS '07, vol. 229. ACM, New York, NY, 88-99. DOI= http://doi.acm.org/10.1145/1280680.1280692

22

Minimizing user's role in phishing prevention

www.members-bankofamerica.com is a part of Bank of America's websites. They can't. 6 .... Yahoo provided a better solution as a sign in seal on its webpage.
Download PDF
722KB Sizes 2 Downloads 131 Views
Report

Recommend Documents

Social Phishing
Dec 12, 2005 - The phisher could then notify the victim of a “security threat.” Such a message may .... to enter his secure University credentials. In a control group, ..... Client- side defense against web-based identity theft. In Proc. 11th Ann
Phishing Detection System
various features such as HTML Email, IP-based URL, no of domains used,age ... E. Classifying Phishing Emails Using Confidence-Weighted Linear Classifiers.
Social Phishing - Markus Jakobsson
Dec 12, 2005 - a phisher were able to induce an interruption of service to a ... Table 1: Results of the social network phishing attack and control experiment.
Minimizing off-target signals in RNA fluorescent in ... - Semantic Scholar
Feb 17, 2010 - k-mers in list Ai precede all the k-mers in list Aj if i < j. Each of these smaller ... .mskcc.org/$aarvey/repeatmap/downloads.html. Simple graphical ...
Minimizing off-target signals in RNA fluorescent in ... - Semantic Scholar
Feb 17, 2010 - object numbers, first, we set minimal pixel intensity thresholds to 8–10 ... We enumerate all k-mers of a genome into a list, sort this list, count ... sorted in parallel). For large genomes we typically use m= 1024. Note that our me
Compulsive behavior in tobacco users
with the degree of impairment (Spinella, 2003, 2002). OCD is ... for obsessions (Y-BOCS-O), compulsions (Y-BOCS-C), and the total score (Y-BOCS-T). 2.2.2.
Minimizing Movement
Many more variations arise from changing the desired property of the final ..... Call vertices vk,v3k+1,v5k+2,...,v(2k+1)(r1−1)+k center vertices. Thus we have r1 ...
Minimizing Movement
has applications to map labeling [DMM+97, JBQZ04, SW01, JQQ+03], where the .... We later show in Section 2.2 how to convert this approximation algorithm, ...
minimizing machining distortion in aluminum alloys thru ...
... be reached by email at , or by phone at his office at 909-502-0200. .... created causing different areas of a part to contract at different rates. During the later ... Comparison of Different Uphill Quenching Methods. The Uphill ...
SaaS Security Best Practices: Minimizing Risk in the Cloud - Media15
Aug 7, 2015 - To minimize risk in the cloud, we have established the following best ..... are accessed by the appropriate users in the appropriate computing.
Samples-of-phishing-mails.pdf
Loading… Page 1. Whoops! There was a problem loading more pages. Samples-of-phishing-mails.pdf. Samples-of-phishing-mails.pdf. Open. Extract. Open with.
Compulsive behavior in tobacco users
to nonusers, which was not due to demographic influences or use of other psychoactive drugs. Both the ... toms, which persisted after controlling for demographics and other DUFs [r(157)=.17, P=.028. (two-tailed ... Brody, A. L., Mandelkern, M. A., Lo
Visual-Similarity-Based Phishing Detection
[email protected] ... republish, to post on servers or to redistribute to lists, requires prior specific .... quiring the user to actively verify the server identity. There.
Bullying Prevention Is Crime Prevention
The Olweus Bullying Prevention Program—First developed in Norway after a number of bullying victims .... article in the Journal of the American Medical.
Skewed Flip-Flop Transformation for Minimizing Leakage in ...
low voltage high performance dual threshold CMOS circuits,” in Proc. Design. Automation Conf., June 1998, pp. 489-494. [3] M. Ketkar and S. S. Sapatnekar, ...
Minimizing Cubic and Homogeneous Polynomials over Integers in the ...
Furthermore, we show that the problem of minimizing a homogeneous polynomial of any fixed degree over the integer points in a ... Del Pia, Hildebrand, Weismantel, Zemmer: Minimizing Cubic and Homogeneous Polynomials over Integers in the Plane ..... I
Skewed Flip-Flop Transformation for Minimizing Leakage in ...
ABSTRACT. Mixed Vt has been widely used to control leakage without affect- ing circuit performance. However, current approaches target the combinational circuits even though sequential elements, such as flip-flops, contribute an appreciable proportio
Minimizing power consumption in digital CMOS circuits - IEEE Xplore
scaling strategy, which uses parallelism and pipelining, to tradeoff silicon area and power reduction. Since energy is only consumed when capacitance is being ...
SaaS Security Best Practices: Minimizing Risk in the Cloud - Media15
Aug 7, 2015 - OTP one-time password. SaaS software as a service. SBI security business intelligence. SCIM system for cross-domain identity management.
Prevention Prevention and Detection Detection ...
IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 365- 373 ..... Packet passport uses a light weight message authentication code (MAC) such as hash-based message ... IP Spoofing”, International Jo
Dengue Prevention
The 10-Minute. Mozzie Wipe-Out. Exercise. Page 24. 5 Easy Steps. •Change water in vases/ bowls every other day. •Add sand granular insecticide* to water. 1.