Leveraging Scalable Data Analysis to Proactively Bolster the Anti-Phishing Ecosystem

January 2020

abstract: Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational nature of the infrastructure abused for phishing, and discrepancies between theoretical and realistic anti-phishing systems. Although technical countermeasures cannot always compensate for the human weakness exploited by social engineers, maintaining a clear and up-to-date understanding of the motivation behind---and execution of---modern phishing attacks is essential to optimizing such countermeasures. In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020

Computer science

browser blacklists

cybercrime

internet

phishing

social engineering

web security

Lightweight Spam Filtering Methods

Blaskov, Vladimir

January 2014

<p>Validerat; 20140619 (global_studentproject_submitter)</p>

Technology

lightweight spam filtering

property-based filters

stacked filters

filters order

DNS blacklists

DNS whitelists

sender authentication

greylisting

protocol defects detection

Teknik

Fake Science und was Bibliotheken dagegen tun können

Schmidt, Christian

30 March 2020

»Fake Science« ist eine von vielen Bezeichnungen für gefälschte oder manipulierte Wissenschaft. Wie andere Begriffe, die auf das Attribut »Fake« zurückgreifen, ist auch dieser jüngst von Umdeutungen betroffen. So machte sich die breit inszenierte Medienberichterstattung des Jahres 2018 zu unseriösen Zeitschriftenverlagen den Fake-Science-Begriff für das Phänomen »Predatory Publishing« großzügig zu eigen. Diese rhetorische Aneignung trägt zu sprachlicher Unschärfe bei, lenkt vom Kern des Problems ab und macht den Begriff für seine politische Vereinnahmung anfällig. In Bibliotheken sind die Kompetenzen vorhanden, sowohl gegen die angesprochenen Phänomene im wissenschaftlichen Publikationssystem selbst etwas zu tun als auch solche terminologischen Nebelkerzen zu löschen. / »Fake science« is one of many names for bogus or manipulated science. Like other terms that use the attribute »fake«, it has recently been subject to misinterpretation. For example, the broad media coverage of the year 2018 on dubious journal publishers generously adopted the »fake science« term for the phenomenon known as »predatory publishing«, which is, however, a very different problem. This rhetorical appropriation contributes to terminological imprecision, distracts from the core of the problem and makes the term vulnerable to political usurpation. Academic libraries have the competence not only to do something about the phenomena addressed in the academic publication system itself, but also to remove such terminological smoke candles.

info:eu-repo/classification/ddc/020

ddc:020

info:eu-repo/classification/ddc/302.23

ddc:302.23