Technical Field
Embodiments disclosed herein are related to systems and methods for increasing internet security. In particular, systems and methods disclosed herein may leverage a user's conditioning to execute a particular action when presented with a stimulus to terminate malicious content when the particular action provides a beneficial result for safe and trusted content.
Related Art
As people use the internet for more and more reasons, scammers and so-called “black-hat” hackers increasingly look to the internet as a new frontier of illicit opportunity. People who use the internet to conduct financial transactions, such as making purchases and banking, can be attacked by the scammers and hackers and can be tricked into unwittingly divulging important personal information, such as login information, passwords, bank account information, and credit card numbers. The attackers can use this information for their financial gain, which can hurt the financial standing and credit rating of the people whose information is stolen.
One example of a known method used by attackers to obtain the personal information of internet users is called a “man-in-the-middle” attack. The “man-in-the-middle” attack is a type of abuse in which a proxy is used to intercept, modify and forward the internet traffic between one or more parties attempting to communicate or transact with one another. The attacking “man-in-the-middle” effectively “gets between” the one or more parties so that while it appears that the parties are establishing connections between one another, they are actually establishing a connection with the attacker. The attacker can thus intercept or even change data, such as personal data and financial data by impersonating the one or more parties to each other, compromising the security of internet communications and transactions. In many cases, these so-called “man-in-the-middle” attacks typically result from vulnerable security protocols.
Another common attack is what is known as a “man-in-the-browser” attack. In this attack, the proxy resides in a browser of one of the one or more parties as a client. “Man-in-the-browser” attacks can be problematic as they defy traditional efforts to detect the presence of a proxy using heuristics such as an IP address, machine identification number, or media access control (MAC) address of a machine because the proxy cannot be distinguished from the client by a server. Often, these so-called “man-in-the browser” attacks result from vulnerability in the code of the browser or operating systems, or other software vulnerabilities permitting infection of the client.
The variety and portability of internet-capable device have resulted in not only users being capable of performing internet communications and transactions more frequently, but also in the opportunity for attackers to trick users into giving them personal information and financial data. The lucrative potential that these attacks present the attackers encourages attackers to try and stay one or more steps ahead of the security. When a countermeasure or other security provision is put into place to stop or otherwise limit the effect of an attack, the attackers develop ways to overcome the countermeasure, or find additional ways to exploit the operating system, browser or other executable software to launch another, possibly more effective attack.
Accordingly, there is a need for a system and method that provides a system, method, and device that thwarts attacks by denying an attack using a user-conditioned response to a stimulus.