International Conference on Computer and Knowledge Engineering

Home / 15th International Conference on Computer and Knowledge Engineering

Multi-Layered Defense Against Modern Phishing: A Dual-Sandbox and CDR Approach

Authors :

Mahdi Seyfipoor¹ Mohammad Mahdi Eskandari²

1- School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran 2- Computer Engineering, University of Tehran, Tehran, Iran

Keywords :

phishing،cybersecurity،sandbox،content disarm and reconstruction،Office document

Abstract :

Phishing attacks are a form of social engineering. They exploit human behavior to gain initial access to an organization. In this paper, we examine two common attack vectors: phishing websites and Office documents (e.g., Word and Excel), which are widely used in organizations. To counter these attacks, this paper proposes a dual sandbox architecture. It uses the Virtual Network Computing (VNC) protocol for websites and the Remote Desktop Protocol (RDP) for Office documents. Another approach is content disarm and reconstruction (CDR) for Office documents. This method parses different file types and eliminates potential threats. The CDR-enhanced sandbox performed strongly on Office, achieving 98.14% Recall and a False Positive Rate (FPR) of 0.5%. The website sandbox also achieved 94% Recall and an FPR of 6%, which is due to strict input validation, filtering of user inputs, and restrictions on files downloaded from the Internet. These findings confirm the defensive capabilities of architecture.