An anti-malvertising model for university students to increase security awareness

Abstract

Accessing the website through the Internet has introduced a new way of advertising information to the users. The term “malvertising” comes from the word malware and advertising. It is one type of attack that performs malware or scareware injection into the online advertisements. The purpose of this study is to investigate security awareness on malvertising attack among university students, propose an anti-malvertising model to improve security awareness, and to evaluate the security awareness of the proposed model. The data collection of the research starts with preliminary study in understanding the malvertising issue. Then, survey questionnaire is distributed to university students from two different local universities (UTM, Kuala Lumpur and UMP, Pahang) from two different backgrounds (IT related and non-IT related courses) to investigate current security awareness on malvertising attack. The study proposes theoretical model on antimalvertising and the security awareness will be analyzed through the survey. The proposed model consists of protection, behavior and monitoring components, identified as independent variables and the security awareness on the antimalvertising will is identified as the dependent variable. The study had found that more than half of the students are aware with the malvertising attack by practicing protection measures, security behavior, and security monitoring that give positive impact to the students’ security awareness. This proposed theoretical model may be beneficial for the students as a basis of reference for anti-malvertising exercise, while promoting the security awareness among university students. Besides, the theoretical model can be used as a reference for the researchers in this field as well as other security practitioners in practicing the suitable components that constitute security awareness for malvertising.