Phishing website detection using intelligent data mining techniques. Design and development of an intelligent association classification mining fuzzy based scheme for phishing website detection with an emphasis on E-banking.

Abur-rous, Maher Ragheb Mohammed

January 2010

Phishing techniques have not only grown in number, but also in sophistication. Phishers might have a lot of approaches and tactics to conduct a well-designed phishing attack. The targets of the phishing attacks, which are mainly on-line banking consumers and payment service providers, are facing substantial financial loss and lack of trust in Internet-based services. In order to overcome these, there is an urgent need to find solutions to combat phishing attacks. Detecting phishing website is a complex task which requires significant expert knowledge and experience. So far, various solutions have been proposed and developed to address these problems. Most of these approaches are not able to make a decision dynamically on whether the site is in fact phished, giving rise to a large number of false positives. This is mainly due to limitation of the previously proposed approaches, for example depending only on fixed black and white listing database, missing of human intelligence and experts, poor scalability and their timeliness. In this research we investigated and developed the application of an intelligent fuzzy-based classification system for e-banking phishing website detection. The main aim of the proposed system is to provide protection to users from phishers deception tricks, giving them the ability to detect the legitimacy of the websites. The proposed intelligent phishing detection system employed Fuzzy Logic (FL) model with association classification mining algorithms. The approach combined the capabilities of fuzzy reasoning in measuring imprecise and dynamic phishing features, with the capability to classify the phishing fuzzy rules. Different phishing experiments which cover all phishing attacks, motivations and deception behaviour techniques have been conducted to cover all phishing concerns. A layered fuzzy structure has been constructed for all gathered and extracted phishing website features and patterns. These have been divided into 6 criteria and distributed to 3 layers, based on their attack type. To reduce human knowledge intervention, Different classification and association algorithms have been implemented to generate fuzzy phishing rules automatically, to be integrated inside the fuzzy inference engine for the final phishing detection. Experimental results demonstrated that the ability of the learning approach to identify all relevant fuzzy rules from the training data set. A comparative study and analysis showed that the proposed learning approach has a higher degree of predictive and detective capability than existing models. Experiments also showed significance of some important phishing criteria like URL & Domain Identity, Security & Encryption to the final phishing detection rate. Finally, our proposed intelligent phishing website detection system was developed, tested and validated by incorporating the scheme as a web based plug-ins phishing toolbar. The results obtained are promising and showed that our intelligent fuzzy based classification detection system can provide an effective help for real-time phishing website detection. The toolbar successfully recognized and detected approximately 92% of the phishing websites selected from our test data set, avoiding many miss-classified websites and false phishing alarms.

Phishing

e-banking

Fuzzy logic

Association

Classification

Machine learning

Data mining

Website detection

An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing

Salem, Omran S.A.

January 2012

Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

Cybersecurity Awareness Training : Using ContextBased MicroTraining to teach senior citizens about phishing

Lindvall, David

January 2022

While most Swedish citizens take advantage of the numerous benefits and conveniences today’s digitalized society offers, many senior citizens are digitally excluded. It is considered that a lack of digital technological knowledge is a big contributing factor. The lack of knowledge and experience with digital technology manifests into different types of fear, where fear of falling victim to cybercrime is the most prevalent. Phishing is a common cybercrime, which is still successfully employed by cybercriminals regardless of the various security measures and information available. Senior citizens are especially vulnerable, as phishing can be hard to recognize for less technical people. To combat this, education designed for increasing a user’s cybersecurity awareness is crucial. However, as cybersecurity can be a complex topic, there is a need for simplifying it and delivering related education in a meaningful way. This is where the method ContextBased MicroTraining (CBMT) comes in. For this thesis, a browser add-on called WebSec Coach, which utilizes the CBMT framework, is used as a tool to investigate how CBMT can support Swedish senior citizens in increasing their cybersecurity awareness regarding phishing. This was examined by conducting semi-structured interviews with eight respondents, from the age of 65 and up, that possessed some level of previous computer literacy. The results were then analyzed using thematic analysis, which showed that CBMT implemented in an embedded learning tool, like WebSec Coach, increased the cybersecurity awareness regarding phishing for all respondents. Regardless of the small sample size, the results in combination with previous research point to CBMT being a directly effective method in increasing cybersecurity awareness. Furthermore, the results showed that all respondents perceived WebSec Coach positively and were interested in using it themselves after the interviews. This indicates a potential acceptance amongst senior citizens, provided that the application reaches that target group.

CBMT

cybersecurity awareness

phishing

WebSec Coach

digital exclusion

Information Systems

Improving Email Security in Organizations : Solutions and Guidelines

Andrén, Axel, Kashlan, Ghaith, Nantarat, Atichoke

January 2023

Data breaches from email attacks have been an issue since email was first implemented. Common attack methods like phishing are still a threat to organizations to this very day. That is because it never seems to stop evolving and keeps becoming more and more convincing. Email compromises have caused billions of dollars in damage worldwide, and it shows no sign of stopping. The purpose and research questions of this thesis are formulated to find guidelines or solutions that organizations can follow to improve their overall email security and awareness. In this thesis, both a systematic literature review and interviews are methods used to conduct the research. That way, both the technical portion of the subject, as well as the human perspective are covered. We found that the most common and significant email threats to organizations are phishing, BEC, and APT attacks. This thesis provides methods to mitigate these threats. What has also become clear is that human mistakes are a large portion of the problem concerning email attacks.

Email Security

Email Awareness

Phishing

Email Attacks

Social Engineering

Computer and Information Sciences

Data- och informationsvetenskap

Phishing detection challenges for private and organizational users : A comparative study

Brandqvist, Johan, Lieberth Nilsson, John

January 2023

Email communication has become an indispensable aspect of modern life, enabling rapid and efficient information exchange for individuals and organizations worldwide. However, the rise of phishing attacks poses a significant threat to the security and privacy of email users, with attackers continuously refining their techniques to exploit unsuspecting victims. This systematic literature review (SLR) aims to examine the challenges faced in email phishing detection for both private and organizational users, highlighting the unique obstacles and requirements for each user group. By analyzing relevant and current research from the past three years, this study seeks to identify the key challenges in email phishing detection, including the evolving tactics used by attackers, the limitations of current detection methods, and the hurdles in user education and awareness. Furthermore, it investigates the differential impact of these challenges on private and organizational users, with a focus on the potential differences. The comparative analysis offers valuable insights into the distinct challenges private and organizational users face in their efforts to defend against email phishing attacks. Understanding these differences is crucial for developing targeted, effective solutions that can enhance the overall resilience and security of email communication systems. Ultimately, this SLR serves as a foundation for future research and development in the field of phishing detection, fostering a safer online environment for all users.

Phishing

detection

challenge

comparison

email

Information Systems, Social aspects

Ranking Social Engineering Attack Vectors in The Healthcare and Public Health Sector

Gaurav Sachdev (14563787)

06 February 2023

<p>The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.</p>

Social Engineering

Phishing attacks

Healthcare and Public Health

cybersecurity

GAINING MONITORING CAPABILITIES AND INSIGHTS INTO RESPONSES FROM PHISHING DATA

Raqab, Alah

09 July 2014

No description available.

Industrial Engineering

Statistics

Operations Research

Cyber-attacks

phishing

design for six sigma

quality contorl

Characterizing and Detecting Online Deception via Data-Driven Methods

Hu, Hang

27 May 2020

In recent years, online deception has become a major threat to information security. Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. In this thesis, we aim at measuring the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a powerful tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also analyze credential sharing on phishing websites, and measure what happens after victims share their credentials. Finally, we discuss potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant. In the first part of this thesis (Chapter 3), we focus on measuring how email providers detect and handle forged emails. We also try to understand how forged emails can reach user inboxes by deliberately composing emails. Finally, we check how email providers warn users about forged emails. In the second part (Chapter 4), we measure the adoption of anti-spoofing protocols and seek to understand the reasons behind the low adoption rates. In the third part of this thesis (Chapter 5), we observe that a lot of phishing emails use email tracking techniques to track targets. We collect a large dataset of email messages using disposable email services and measure the landscape of email tracking. In the fourth part of this thesis (Chapter 6), we move on to phishing websites. We implement a powerful tool to detect squatting domains and train a machine learning model to classify phishing websites. In the fifth part (Chapter 7), we focus on the credential leaks. More specifically, we measure what happens after the targets' credentials are leaked. We monitor and measure the potential post-phishing exploiting activities. Finally, with new voice platforms such as Alexa becoming more and more popular, we wonder if new phishing and privacy concerns emerge with new platforms. In this part (Chapter 8), we systematically assess the attack surfaces by measuring sensitive applications on voice assistant systems. My thesis measures important parts of the complete process of online deception. With deeper understandings of phishing attacks, more complete and effective defense mechanisms can be developed to mitigate attacks in various dimensions. / Doctor of Philosophy / In recent years, online deception becomes a major threat to information security. The most common form of online deception starts with a phishing email, then redirects targets to a phishing website where the attacker tricks targets sharing their credentials. General phishing emails are relatively easy to recognize from both the target's and the defender's perspective. They are usually from strange addresses, the content is usually very general and they come in a large volume. However, Online deception that caused significant consequences is usually spear phishing. Spear-phishing emails come in a very small volume, target a small number of audiences, sometimes impersonate a trusted entity and use very specific content to redirect targets to a phishing website, where the attacker tricks targets sharing their credentials. Sometimes, attackers use domain impersonation techniques to make the phishing website even more convincing. In this thesis, we measure the entire process. Starting from phishing emails, we examine anti-spoofing protocols, analyze email services' policies and warnings towards spoofing emails, and measure the email tracking ecosystem. With phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis. We also studied credential sharing on phishing websites. We measure what happens after targets share their credentials. Finally, we analyze potential phishing and privacy concerns on new platforms such as Alexa and Google Assistant.

Spear-Phishing

Email Spoofing

Email Tracking

Domain Squatting

Password Reuse

Voice Personal Assistant

Gone Phishing: How Task Interruptions Impact Email Classification Ability

Slifkin, Elisabeth

01 January 2024

With the continuous rise in email use, the prevalence and sophistication of phishing attacks have increased. Expanding cybersecurity awareness and strengthening email practices will help reduce the dangers posed by phishing emails, but ultimately, the extent to which a user can accurately detect phishing emails directly impacts the amount of risk to which they are exposed. Being interrupted while reading and replying to emails is a consequence of working in a dynamic world. Interruptions are often identified to be disruptive, both in terms of time costs and performance changes; they reliably increase a task's completion time, but their impact on accuracy is less consistent. The present three studies manipulated the length (Experiment 1), difficulty (Experiment 2), and similarity (Experiment 3) of interruptions in accordance with the memory for goals (MFG) model, which aims to explain why interruptions may be disruptive. Participants classified emails as either phishing or legitimate, while periodically being interrupted with a secondary task. Across all three experiments, interruptions did not affect classification accuracy, but they did reliably increase classification response time. Oculomotor analyses indicated that interruptions, regardless of type, impaired memory of previously encoded email information. This was evidenced across all three experiments by an increase in refixations and an increase in the distance between fixations pre- and post-interruption. MFG can account for some of these findings, but not all. Interruptions did not impair performance on an email classification task when participants could review the interrupted information, yet overall classification accuracy was still low. These results may suggest a pathway toward improving email classification performance however, as participants exhibited behaviors known to improve performance on other tasks, such as revisiting previously viewed areas of an email.

Email classification

task interruptions

eye tracking

phishing

Cognitive Psychology

Human Factors Psychology

Getting the general public to create phishing emails : A study on the persuasiveness of AI-generated phishing emails versus human methods

Ekekihl, Elias

January 2024

Artificial Intelligence (AI) is ever increasingly becoming more and more widespread, and is available, for the most part freely to anyone. While AI can be used for both good and bad, the potential for misuse exists. This study focuses on the intersection of AI and cybersecurity, with a focus on AI-generated phishing emails. In this study a mixed-method approach was applied and, an experiment, interviews, and a survey were conducted. Experiments and interviews were conducted with 9 participants with various backgrounds, but novices in phishing. In the experiment, phishing emails were created in three distinct ways: Human-Crafted, Internet-aided, and AI-generated. Emails were evaluated during semi-structured interviews, and each participant reviewed six emails in total, where two of these, were real phishing emails. The results from the interviews indicate that AI-generated phishing emails are as persuasive as those created in the Human-Crafted task. On the contrary, in the survey, participants ranked the AI-generated phishing email as the most persuasive, followed by Human-Crafted. The survey was answered by 100 participants. Familiarity plays a crucial part in both persuasiveness and also willingness to go along with the requests in the phishing emails, this was highlighted during interviews and the survey. Urgency was seen as very negative by both the respondents and interviewees. The results from the study highlight the potential for misuse, specifically with the creation of AI-generated phishing emails, research into protection measures should not be overlooked. Adversaries have the potential to use AI, as it is right now, to their advantage.

AI

ChatGPT

cybersecurity

GenAI

persuasiveness

phishing

Information Systems, Social aspects