Measuring the Impact of email Headers on the Predictive Accuracy of Machine Learning Techniques

Tout, Hicham Refaat

01 January 2013

The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning algorithms to detect phishing attack did increase the predictive accuracy of these learning algorithms. The same research also recommended further investigation of the impact of including an expanded set of email headers on the predictive accuracy of machine learning algorithms. In addition, research has shown that the cost of misclassifying legitimate emails as phishing attacks--false positives--was far higher than that of misclassifying phishing emails as legitimate--false negatives, while the opposite was true in the case of fraud detection. Consequently, they recommended that cost sensitive measures be taken in order to further improve the weighted predictive accuracy of machine learning algorithms. Motivated by the potentially high impact of the inclusion of email headers on the predictive accuracy of machines learning algorithms and the significance of enabling cost-sensitive measures as part of the learning process, the goal of this research was to quantify the impact of including an extended set of email headers and to investigate the impact of imposing penalty as part of the learning process on the number of false positives. It was believed that if email headers were included and cost-sensitive measures were taken as part of the learning process, than the overall weighted, predictive accuracy of the machine learning algorithm would be improved. The results showed that adding email headers as features did improve the overall predictive accuracy of machine learning algorithms and that cost-sensitive measure taken as part of the learning process did result in lower false positives.

email based attacks

information security

logistic regression

machine learning

phishing

privacy and security

Computer Sciences

A framework for evaluating countermeasures against sybil attacks in wireless sensor networks

Govender, Servapalan

12 July 2011

Although Wireless Sensor Networks (WSNs) have found a niche in numerous applications, they are constrained by numerous factors. One of these important factors is security in WSNs. There are various types of security attacks that WSNs are susceptible to. The focus of this study is centred on Sybil attacks, a denial of service attack. In this type of attack, rogue nodes impersonate valid nodes by falsely claiming to possess authentic identities, thereby rendering numerous core WSN operations ineffective. The diverse nature of existing solutions poses a difficult problem for system engineers wanting to employ a best fit countermeasure. This problem is the largely unanswered question posed to all system engineers and developers alike whose goal is to design/develop a secure WSN. Resolving this dilemma proves to be quite a fascinating task, since there are numerous factors to consider and more especially one cannot assume that every application is affected by all identified factors. A framework methodology presented in this study addresses the abovementioned challenges by evaluating countermeasure effectiveness based on theoretical and practical security factors. Furthermore, a process is outlined to determine the application’s engineering requirements and the framework also suggests what security components the system engineer ought to incorporate into the application, depending on the application’s risk profile. The framework then numerically aligns these considerations, ensuring an accurate and fairly unbiased best fit countermeasure selection. Although the framework concentrates on Sybil countermeasures, the methodology can be applied to other classes of countermeasures since it answers the question of how to objectively study and compare security mechanisms that are both diverse and intended for different application environments. The report documents the design and development of a comparative framework that can be used to evaluate countermeasures against Sybil attacks in wireless sensor networks based on various criteria that will be discussed in detail. This report looks briefly at the aims and description of the research. Following this, a literature survey on the body of knowledge concerning WSN security and a discussion on the proposed methodology of a specific design approach are given. Assumptions and a short list of factors that were considered are then described. Metrics, the taxonomy for WSN countermeasures, the framework and a formal model are developed. Risk analysis and the best fit methodology are also discussed. Finally, the results and recommendations are shown for the research, after which the document is concluded. / Dissertation (MEng)--University of Pretoria, 2011. / Electrical, Electronic and Computer Engineering / unrestricted

Countermeasure evaluationframework

Risk profiling and analysis

Wsn

Countermeasure taxonomy

Best fit analysis

Security

Sybil attacks

UCTD

Nonclinical panic: A useful analogue for panic disorder?

Hamilton, Gia Renee

01 January 2002

The objective of this study is to see if nonclinical panickers with unexpected panic attacks (NCPs-U) may be a more useful panic disorder (PD) analogue than nonclinical panickers with expected panic attacks (NCPs-E).

Panic attacks

Panic disorders

Stress (Psychology)

Anxiety -- Research

Anxiety sensitivity

Fear

Phobias

Psychology

Applications of Tropical Geometry in Deep Neural Networks

Alfarra, Motasem

04 1900

This thesis tackles the problem of understanding deep neural network with piece- wise linear activation functions. We leverage tropical geometry, a relatively new field in algebraic geometry to characterize the decision boundaries of a single hidden layer neural network. This characterization is leveraged to understand, and reformulate three interesting applications related to deep neural network. First, we give a geo- metrical demonstration of the behaviour of the lottery ticket hypothesis. Moreover, we deploy the geometrical characterization of the decision boundaries to reformulate the network pruning problem. This new formulation aims to prune network pa- rameters that are not contributing to the geometrical representation of the decision boundaries. In addition, we propose a dual view of adversarial attack that tackles both designing perturbations to the input image, and the equivalent perturbation to the decision boundaries.

Deep Learning

Deep Neural Networks

Tropical Geometry

Network Pruning

Lottery Ticket Hypothesis

Adversarial Attacks

Umass September 11 Intervention

Farzinmoghadam, Mohamad

07 November 2016

September 11 terrorist attacks not only affect the United States but also the entire international community. Hundreds perished; most of them innocent citizens from over ninety different nations. It has changed the history of America, much like Japan’s strike against Pearl Harbor. The 9/11 attacks triggered the United States’ ongoing war against terrorism, starting with Afghanistan as the first target to overthrow Taliban, changing the course of world history. The significance of the incident and severity of that traumatic loss makes a case for a memorial on the UMass campus in tribute to those victims. It is worth mentioning that a UMass community member (computer research specialist) lost his life in that event. The intention of this design is to pay a well-deserved tribute to the victims of the September 11 tragedy, together with providing information about the whole story. The statistics of the event have a visceral interpretation. All different aspects and numbers are incorporated into the design: number of the flights, number of the people killed, nationality of the victims, each have their specific place in the design pattern.

Temporary art installations

Public art

Memorial

the September 11 attacks

terrorism

Architecture

Offensive Cyber Operations: An Examination of Their Revolutionary Capabilities

Wardle, Madelyn

28 May 2021

No description available.

Political Science

International Relations

cyber realm

cyber attacks

offensive cyber operations

Metody klasifikace síťového provozu / Methods for Network Traffic Classification

Jacko, Michal

January 2017

This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.

Pokročilé metody zabezpečení sítě proti útokům / Advanced network security methods against attacks

Kusy, Filip

January 2018

This student work focuses on security against network attacks. It focus on network attacks and ways to prevent them. Subsequently, it deals with the Snort variant of the IPS/IDS system. It deal with the connection between Mikrotik and the Snort Linux server

Pobočková VoIP ústředna Asterisk a její nástavby / Asterisk VoIP private branch exchange and its distributions

Melichar, Ondřej

January 2018

This master’s thesis delves into the possibilities of the open-source Private Branch Exchange Asterisk, elaborates on its features and compares it with several other distros. The term SIP stack is explained here with the mention of two of its representatives. Further in the thesis, the security risks of the VoIP technology are explained, and specific attacks are described and then realized. As a part of the testing process, the possibilities of a custom module and its following implementation are explored, as well as the portability between the individual distros and its proper functioning.

Detecting Insider and Masquerade Attacks by Identifying Malicious User Behavior and Evaluating Trust in Cloud Computing and IoT Devices

Kambhampaty, Krishna Kanth

January 2019

There are a variety of communication mediums or devices for interaction. Users hop from one medium to another frequently. Though the increase in the number of devices brings convenience, it also raises security concerns. Provision of platform to users is as much important as its security. In this dissertation we propose a security approach that captures user behavior for identifying malicious activities. System users exhibit certain behavioral patterns while utilizing the resources. User behaviors such as device location, accessing certain files in a server, using a designated or specific user account etc. If this behavior is captured and compared with normal users’ behavior, anomalies can be detected. In our model, we have identified malicious users and have assigned trust value to each user accessing the system. When a user accesses new files on the servers that have not been previously accessed, accessing multiple accounts from the same device etc., these users are considered suspicious. If this behavior continues, they are categorized as ingenuine. A trust value is assigned to users. This value determines the trustworthiness of a user. Genuine users get higher trust value and ingenuine users get a lower trust value. The range of trust value varies from zero to one, with one being the highest trustworthiness and zero being the lowest. In our model, we have sixteen different features to track user behavior. These features evaluate users’ activities. From the time users’ log in to the system till they log out, users are monitored based on these sixteen features. These features determine whether the user is malicious. For instance, features such as accessing too many accounts, using proxy servers, too many incorrect logins attribute to suspicious activity. Higher the number of these features, more suspicious is the user. More such additional features contribute to lower trust value. Identifying malicious users could prevent and/or mitigate the attacks. This will enable in taking timely action against these users from performing any unauthorized or illegal actions. This could prevent insider and masquerade attacks. This application could be utilized in mobile, cloud and pervasive computing platforms.

cloud computing

cyber attacks

cyber security

machine learning

network security

user behavior trust