KOLEJ PENGAJIAN PENGKOMPUTERAN INFORMATIK & MEDIA

ITT320 – INTRODUCTION TO COMPUTER

SECURITY PROJECT PROPOSAL

(PHISHING ATTACK)

T5CDCS1105D

PREPARED BY:
NO NAME ID
1) NURBAITI JANNATI BINTI NUHAIRI 2021209912
2) IRDINA SHAHIRA BINTI INDRA SHAHID 2021496466
3) ADAM MUZAMMIL BIN AHMAD HUMAIZI 2021880622
4) SALMAN AKIF BIN ABDUL SHAHID 2021214676
5) NUR AQMAR DANISH BIN HAKIM 2020882952

PREPARED FOR:
DR. NAJIAHTUL SYAFIQAH BINTI ISMAIL

DATE OF SUBMISSION:
19th NOVEMBER 2023

1
TABLE OF CONTENTS

1.0 MEMBERS PROFILE...................................................................................................2

2.0 PROJECT INTRODUCTION..........................................................................................5

2.1 PROJECT OBJECTIVE..................................................................................................5

3.0 SELECTED CLASSICAL CRYPTOGRAPHY......................................................................7

4.0 PROJECT APPROACHES / PROGRAMMING LANGUAGE USES.................................8

5.0 PROJECT TIMELINE..................................................................................................11

6.0 PROJECT RISK AND LIMITATION..............................................................................12

7.0 SUMMARY...............................................................................................................13

8.0 REFERNCES...........................................................................................................14

1
1.0 MEMBERS PROFILE

Name: Nurbaiti Jannati binti Nuhairi

Matrix No: 2021209912

I/C No: 030217-11-0030

Address: Lot PT2297 Taman Dahlia Jaya 2,

Jalan Kemboja, Kg Baru Kerteh, 24300
Kerteh, Kemaman, Terengganu.

Phone No: 011-40378263

Email: 2021209912@student.uitm.edu.my

Job Description: Conduct research on

project proposals and explore our chosen
tool.

Name: Irdina Shahira Binti Indra Shahid

Matrix No: 2021496466

I/C No: 030323-07-0044

Address: No 32, Jalan TPT 8,Taman

Puchong Tekali,47150 Puchong, Selangor

Phone No: 019-7007740

Email: 2021496466@student.uitm.edu.my

Job Description: Conduct an attack to the

victim’s computer.

2
Name: Adam Muzammil Bin Ahmad Humaizi

Matrix No: 2021880622

I/C No: 030306-06-0215

Address: 10244,Kampung Jaya, Jalan Air

Puteh,24000 Kemaman Terengganu

Phone No: 014-8153764

Email:2021880622@student.uitm.edu.my

Job Description: Conduct research on

current phishing trends and cyber threats.

Name: SALMAN AKIF BIN ABDUL SHAHID

Matrix No: 2021214676

I/C No: 03012-30-80651

Address: No. 220, Blok 11, Jalan Dinar F

U3/F, Seksyen U3, Taman Subang Perdana,
40150, Shah Alam, Selangor

Phone No: 019-6097517

Email: 2021214676@student.uitm.edu.my

Job Description: Test and validate the

functionality.

3
Name: NUR AQMAR DANISH BIN HAKIM

Matrix No: 2020882952

I/C No: 02121-11-00347

Address: Lot 95, Jalan Kampung Pasir Baru,

W/p Kuala Lumpur, 58200

Phone No: 01112379774

Email: akmardanishhakim@gmail.com

Job Description: Overview the attack

process.

4
2.0 PROJECT INTRODUCTION

These days’ reports about cyberattacks are commonplace and refer to any
intentional attempt to compromise, interfere with, or obtain unauthorized access to
computer systems or networks. These assaults use a variety of tactics and
instruments to take advantage of weaknesses in computer systems, and they are
coordinated by individuals, criminal organizations, or state-sponsored agencies.
Monitoring computer systems, networks, and infrastructure resources is essential, as
is using strategies and tools to detect and address data breaches and impending
threats. Phishing is a common strategy used by attackers, making it stand out among
the many cyber security dangers. Phishing is a type of cyberattack that aims to trick
people or organizations into disclosing private information, such as login passwords,
bank account details, or personal data.

Cybercriminals frequently assume the identity of respectable establishments,

such banks, online retailers, or governmental bodies. Their goal is to take advantage
of people's confidence by sending emails or messages that contain links that take
recipients to phone websites to force them to divulge personal information. Large
companies that store significant volumes of corporate data and lack adequate
security measures are especially vulnerable to this kind of attack.

This project's main goal is to improve your capacity to recognize and

understand phishing frauds. As a result, the initiative attempts to use genuine
technologies to demonstrate the wide-ranging effects of phishing attacks on people.
Teams will be split up to carry out this project one team will act as the attacker and
the target of the phishing assault, while another team will only act as the attacker.
The attacking team's job is to use common manipulation techniques used by
attackers, like posing as a reliable source and investigating ways in which attackers
take advantage of people to gain sensitive data.

5
2.1 PROJECT OBJECTIVE

 To study how phishing works on the internet.

 To learn how to encrypt and decrypt important data by using Caesar cipher
method.
 To understand how to gather information on unauthorized intruders and
prevent them from accessing actual systems.
 To identify any suspicious activities or attacks that might happen to the system.

6
3.0 SELECTED CLASSICAL CRYPTOGRAPHY

For our project, we’re taking a hands-on approach by exploring the practical
application of the Caesar Cipher, a classic encryption method, for both defenders and
attackers. Instead of overwhelming participants with multiple methods, we’re
focusing on the Caesar Cipher as a representative of historical cryptographic
techniques. Defenders will actively utilize the Caesar Cipher to secure information,
gaining practical insights into safeguarding sensitive data. On the offensive side,
attackers, in their simulated role, will employ the Caesar Cipher, providing a realistic
perspective on how this historical encryption method can be used for deceptive
practices. This focused application of the Caesar Cipher ensures a deep and
immersive educational experience, allowing participants to bridge the gap between
historical techniques and modern security challenges. It is crucial to emphasize that
our project strictly adheres to ethical guidelines, maintaining transparency and
responsible engagement throughout the learning process.

7
4.0 PROJECT APPROACHES / PROGRAMMING
LANGUAGE USES

1. Requirement Analysis: We gather information requirements needed for

building a Java programme. We also clear outline of the project from start to
end, including:

I. Each stage of the process

ii. Whose working on each

stage Iii. Key dependencies

iv. Required resources

v. A timeline of how long each stage would take.

2. System Design: Designed a high – quality system that can encrypt

and decrypt information using Caesar cipher.

8
 3. Implementation: Stage where everything is put into action and begins the full
development process to build the software as outlined by both requirement’s
phase and the system design phase.

4. Testing and configuration: After we have completed working on a

programme development, our team member who act as a defender will use
the Caesar Cipher method to encrypt all the crucial information while others
who act as an attacker will use the Caesar Cipher codes to hack or stole the
data or information.

5. Deployment: For development projects, this is the stage in which the software
is deployed to the end user. For the other industries, this is when the final
deliverable is launched and delivered to end users.

6. Maintenance: Once a project is deployed, there may be instances where a new

bug is discovered, or a software update is required. It is common in software
development to be continuously working on this phase.

The Java programming language was selected to build this Caesar cipher due
to its versatility and resilience. Java will be extremely useful in the construction of
the encryption and decryption techniques for this Caesar cipher.

The reason we chose java as our programming language is because Java is

designed around the principles of Object-Oriented Programming, promoting modular
and reusable code. The Caesar Cipher implementation can leverage OOP concepts
for modularity and code organization. For example, classes and objects can be used
to encapsulate encryption and decryption methods.

9
 Furthermore, Java provides a robust exception-handling mechanism, allowing
developers to handle runtime errors effectively. Robust exception handling can be
used to validate user input, ensuring that the entered key for the Caesar Cipher is
within a valid range. If an invalid key is provided, the program can catch the
exception and prompt the user to enter a valid key. This contributes to the creation
of stable and reliable applications.

10
5.0 PROJECT TIMELINE

Project DURATION (WEEK)

Timeline 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Requirement
Analysis
System Design
Implementation
Testing
Deployment
Maintenance

11
6.0 PROJECT RISK AND LIMITATION

Phishing poses substantial risks, with financial loss being a prime concern for
victims. In a typical phishing scenario, a hacker might impersonate a trusted entity,
such as a bank, in an email, phone call, or text message. Unsuspecting targets,
especially those less familiar with technology, may mistake the communication as
genuine. Clicking on embedded links in the deceptive message can grant the hacker
access to sensitive personal information, ranging from bank account details to
passwords. This unauthorized access can lead to financial losses for the victim as the
hacker exploits the acquired information.

Moreover, the threat extends beyond monetary concerns to encompass the

risk of compromising personal information. Victims who inadvertently click on links
in suspicious emails expose their names, passwords, bank account details, and even
social media credentials to malicious actors. Recognizing phishing attempts becomes
paramount in preventing unauthorized access to personal data. For instance, a
phishing email might deceive a user into entering their login credentials on a fake
page, enabling the hacker to access the victim's personal information and potentially
engage in identity theft or other malicious activities.

While organizations strive to mitigate these risks, one notable limitation lies in
the challenge of balancing stringent security measures with user experience. Overly
complex security protocols may impact user productivity and create resistance to
security practices, highlighting the need to strike a balance between robust
cybersecurity measures and ensuring a seamless user experience. This balancing act
is crucial to fostering a security-conscious culture within organizations without
hindering the daily workflows of users.

12
7.0 SUMMARY

The project focuses on combating cyber threats, with a particular emphasis on

phishing attacks that aim to compromise computer systems. Phishing involves
deceptive tactics to extract sensitive information. The main objective is to raise
awareness and understanding of phishing through practical simulations, with teams
playing the roles of attackers and targets.

In the exploration of classical cryptography, the project takes a hands-on

approach, concentrating on the practical application of the Caesar Cipher for both
defenders and attackers. This focused learning experience aims to bridge historical
cryptographic techniques with modern security challenges.

The project follows a systematic approach, encompassing requirements

analysis, system design, implementation, testing, deployment, and maintenance. The
Java programming language is chosen for its versatility and support for Object-
Oriented Programming principles, particularly useful for implementing the Caesar
Cipher.

Highlighting the risks associated with phishing attacks, the project

underscores the potential financial losses and risks to personal information. A key
limitation is acknowledged, emphasizing the delicate balance required between
robust cybersecurity measures and user experience.

In summary, this comprehensive project aims to equip participants with

practical skills in recognizing and addressing phishing threats, leveraging classical
cryptography, ethical guidelines, and a systematic development approach
throughout the learning process.

13
8.0 REFERNCES

 Hasson, E. (2020, June 17). What is phishing | Attack techniques & scam
examples | Imperva. Learning Center.
https://www.imperva.com/learn/application-security/phishing-attack-scam/
 GeeksforGeeks. (2023, May 11). Caesar Cipher in Cryptography.
https://www.geeksforgeeks.org/caesar-cipher-in-cryptography/
 Vayansky, I., & Kumar, S. A. (2018). Phishing – challenges and solutions.
Computer Fraud & Security, 2018(1), 15–20. https://doi.org/10.1016/s1361-
3723(18)30007-1
 Cameron Mckenzie (2023, March 06). Advantages of Java languange.

https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-
Opinions/Java

 Sharif Abuadbba, Shuo Wang, Mahathir Almashor & Muhammed Ejaz

Ahmed (2022, April) Web Phishing Detection Limitations and Mitigation.

https://www.researchgate.net/publication/359728914_Towards_Web_Phisng
Detection_Limitations_and_Mitigation

14