Detecting Visually Similar Web Pages: Application to Phishing Detection

Teh-Chung, Chen

06 1900

We propose a novel approach for detecting visual similarity between two web pages. The proposed approach applies Gestalt theory and considers a webpage as a single indivisible entity. The concept of supersignals, as a realization of Gestalt principles, supports our contention that web pages must be treated as indivisible entities. We objectify, and directly compare, these indivisible supersignals using algorithmic complexity theory. We apply our new approach to the domain of anti-Phishing technologies, which at once gives us both a reasonable ground truth for the concept of “visually similar,” and a high-value application of our proposed approach. Phishing attacks involve sophisticated, fraudulent websites that are realistic enough to fool a significant number of victims into providing their account credentials. There is a constant tug-of-war between anti-Phishing researchers who create new schemes to detect Phishing scams, and Phishers who create countermeasures. Our approach to Phishing detection is based on one major signature of Phishing webpage which can not be easily changed by those con artists –Visual Similarity. The only way to fool this significant characteristic appears to be to make a visually dissimilar Phishing webpage, which also reduces the successful rate of the Phishing scams or their criminal profits dramatically. For this reason, our application appears to be quite robust against a variety of common countermeasures Phishers have employed. To verify the practicality of our proposed method, we perform a large-scale, real-world case study, based on “live” Phish captured from the Internet. Compression algorithms (as a practical operational realization of algorithmic complexity theory) are a critical component of our approach. Out of the vast number of compression techniques in the literature, we must determine which compression technique is best suited for our visual similarity problem. We therefore perform a comparison of nine compressors (including both 1-dimensional string compressors and 2-dimensional image compressors). We finally determine that the LZMA algorithm performs best for our problem. With this determination made, we test the LZMA-based similarity technique in a realistic anti-Phishing scenario. We construct a whitelist of protected sites, and compare the performance of our similarity technique when presented with a) some of the most popular legitimate sites, and b) live Phishing sites targeting the protected sites. We found that the accuracy of our technique is extremely high in this test; the true positive and false positive rates reached 100% and 0.8%, respectively. We finally undertake a more detailed investigation of the LZMA compression technique. Other authors have argued that compression techniques map objects to an implicit feature space consisting of the dictionary elements generated by the compressor. In testing this possibility on live Phishing data, we found that derived variables computed directly from the dictionary elements were indeed excellent predictors. In fact, by taking advantage of the specific characteristic of dictionary compression algorithm, we slightly improve on our accuracy when using a modified/refined LZMA algorithm for our already perfect NCD classification application. / Software Engineering and Intelligent Systems

Phishing

Computer security

Webpage similarity

From the Barcelona Process to the Union for the Mediterranean: Sectors and Levels of Integration and Trust in the Mediterranean Region

Boening, Astrid Bettina

25 April 2009

This dissertation is a case study of the EuroMed Partnership (EMP). It aims to examine the complex political, economic and social interrelationships in the EMP, and their impact on regional security in the Euro-Mediterranean region. The main thesis proposed here is that regional integration is taking place to the point of a regional security complex being established among EMP-member countries. This would contrast with the Middle East Regional Security Complex suggested by Buzan and Waever (2003). The dynamics observed reflect realist concerns with security among members. They also display neo-liberal integration approaches as well as the regional reciprocal (re-)constructions of structure, interests, and identities as suggested in the constructivist literature. A triangulated mix of qualitative research methods is utilized with primary data from elite interviews, as well as from official publications of member governments and institutes. Secondary data from analyses by other researchers provide comparison data for this dissertation. It will contribute to a framework for understanding the shifting security environment in the Euro-Mediterranean region from 1995 to the present in terms of regional integration, peacemaking and peacekeeping.

Design and implementation of the crypto-assistant: an eclipse plugin for usable password-based column level encryption based on hiberate and jasypt

Garcia, Ricardo Rodriguez

01 March 2013

The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities according to team SHATTER [72]. In the quest to improve the security landscape, we identify an opportunity area: two tools Hibernate and Jasypt that work together to provide password-based database encryption. The goal is to encourage developers to think about security and incorporate security related tasks early in the development process through the improvement of their programming system or integrated development environment (IDE). To this end, we modified the Hibernate Tools plugin for the popular Eclipse IDE, to integrate it with Hibernate and Jasypt with the purpose of mitigating the impact of the lack of security knowledge and training. We call this prototype the Crypto-Assistant. We designed an experiment to simulate a situation where the developers had to deal with time constraints, functional requirements, and lack of familiarity with the technology and the code they are modifying. We provide a report on the observations drawn from this preliminary evaluation. We anticipate that, in the near future, the prototype will be released to the public domain and encourage IDE developers to create more tools like Crypto-Assistant to help developers create more secure applications. / UOIT

Security

Usability

Software

Tool

Encryption

Design and Evaluation of Cooperative Location Verification Protocol for Vehicular Ad-Hoc Networks

Zhang, Pengfei

16 March 2012

Vehicular ad hoc networks (VANETs) have attracted much attention over the last few years. VANETs own several significant characteristics, such as the high-rate changing topology led by velocity of vehicles, time-and-location critical safety applications, and Global Positioning System (GPS) devices. In VANETs, as vehicle movement is usually restricted in just bidirectional movements along the roads and streets, geographical location information becomes very useful. In addition, many studies show that position-based routing protocol is a more promising routing strategy for VANETs; therefore security and verification of location information are necessary to be researched. In this thesis, a location verification approach, namely the Cooperative Location Verification (CLV) protocol, is proposed, aiming to prevent position-spoofing attacks on VANETs. The CLV basically uses two vehicles, a Verifier and a Cooperator, to verify the claimed position of a vehicle (Prover), according to two challenge-response procedures. Additionally, the security analysis of the CLV is presented. In order to enhance the CLV by reduce the network overhead, a reputation management system is designed. It utilizes the verification results of the CLV application and maintain every vehicle's reliability in the network. In addition, the solution to sparse networks is briefly discussed. In the simulation, the results show that the proposed CLV performs better than another location verification algorithm, namely the Secure Location Verification (SLV). And the effectiveness of the reputation management system is also demonstrated.

VANETs

Security

Localization

Reputation Management

Social-based trustworthy data forwarding in vehicular delay tolerant networks

Alganas, Abdulelah

01 March 2011

Vehicular ad hoc network (VANET) is an emerging new communication technol-ogy which has attracted a lot of research attention from academic community and indus-try. For many applications in VANETs, information has to be transmitted through mul-tiple hops before it reaches its destination that makes it a subject to various security at-tacks and privacy breaches. Thus, security and privacy issues could limit its adaption by the public community. In this study, we propose and evaluate social based trustworthy data forwarding scheme for VANET. First, by using social network analysis techniques, we provide a framework to strategically deploy Road-Side Units (RSUs) infrastructure in order to im-prove reliability, efficiency, and high packet delivery for VANET. It is based on multiple social centrality assessments of street network which help in placing RSUs at high social intersections. This social placement of RSUs will dramatically improve data dissemina-tion as the opportunity of contacting vehicles increase while costs of RSU deployment can be kept under control. Second, we propose a secure and privacy-preserving message forwarding protocol, which utilizes RSUs to forward messages between vehicles. The protocol takes advantage of high performance capability of RSUs to store and forward messages to their destinations, where these RSUs utilize re-encryption technique to form a mix network to provide adequate privacy for senders and receivers. Then detailed anal-ysis in terms of security, message overhead, delivery ratio, and average delay are per-formed to evaluate the efficiency and effectiveness of our proposed scheme. Lastly, we tackled the security and privacy challenges existing in social-aware data diffusion by proposing an efficient vehicle social evaluation (EVSE) scheme. Our scheme enables each vehicle to show its authentic social evaluation to others while not disclosing its past location information. As a result, it can meet the prerequisites for the success of social aware data diffusion in VANETs. / UOIT

VANET

RSU

Privacy

Security

DTN

Security and Planning: A Canadian Case Study Analysis

Bartolo, Giuseppe

January 2012

This thesis explores security planning policy in Canada. It provides a historical overview of the securing of cities from the threat of mass violence and demonstrates how violence affects urban populations and the form and function of cities as a result. A purposefully stampeded case study approach is used to determine the state of security planning in Canada and compare selected cities to a benchmark case of Washington D.C. This thesis contributes to the understanding of security planning within Canada in the post September 11, 2001 world and offers insight into strategies used in defense of urban areas The review of literature and discussion sections also provide a critical assessment of security planning which has occurred in the time following WWII, the IRA crisis in Britain the FLQ crisis in Quebec and the terrorist attacks in London and New York in the past decade. Research questions are answered through a case study and literature analysis approach. Results demonstrate that American responses to the threat of terrorism have motivated various governmental agencies to create policy and physical responses to respond to the threat of terrorism. This thesis concludes that Canada, in comparison to the United States and other areas has done little to secure itself against terrorist attack and more specifically that urban planning and municipalities in Canada have done little to integrate anti-terrorism security planning into their planning policy. It is argued that a lack of federal mandates, a lack of motivation and education in planning spheres as well as funding issues are contributing factors.

security planning

anti-terrorism

Planning

Design and Evaluation of Cooperative Location Verification Protocol for Vehicular Ad-Hoc Networks

Zhang, Pengfei

16 March 2012

Vehicular ad hoc networks (VANETs) have attracted much attention over the last few years. VANETs own several significant characteristics, such as the high-rate changing topology led by velocity of vehicles, time-and-location critical safety applications, and Global Positioning System (GPS) devices. In VANETs, as vehicle movement is usually restricted in just bidirectional movements along the roads and streets, geographical location information becomes very useful. In addition, many studies show that position-based routing protocol is a more promising routing strategy for VANETs; therefore security and verification of location information are necessary to be researched. In this thesis, a location verification approach, namely the Cooperative Location Verification (CLV) protocol, is proposed, aiming to prevent position-spoofing attacks on VANETs. The CLV basically uses two vehicles, a Verifier and a Cooperator, to verify the claimed position of a vehicle (Prover), according to two challenge-response procedures. Additionally, the security analysis of the CLV is presented. In order to enhance the CLV by reduce the network overhead, a reputation management system is designed. It utilizes the verification results of the CLV application and maintain every vehicle's reliability in the network. In addition, the solution to sparse networks is briefly discussed. In the simulation, the results show that the proposed CLV performs better than another location verification algorithm, namely the Secure Location Verification (SLV). And the effectiveness of the reputation management system is also demonstrated.

VANETs

Security

Localization

Reputation Management

A Secure Business Framework for File Purchasing Application in Vehicular Ad Hoc Networks

Yuan, Shuang

January 2008

Vehicular ad hoc networks (VANETs) are gaining growing interest from both industry and academia. Driven by road safety requirements, the car manufacturers, transportation authorities and communications standards organizations are working together to make a quantum step in terms of vehicular information technology (IT) by equipping the vehicles with sensors, on-board processing and wireless communication modules. VANETs are composed of OBUs (On Board Units) and RSUs (Road Side Units). The communication standard used in VANETs is called DSRC (Dedicated Short Range Communication). With many essential vehicle components (radios, spectrum, standards, etc) coming into place, a lot of new applications are emerging beside road safety, which support not only safety related services, but also entertainment and mobile Internet access services. In this study, we propose a promising commercial application for file purchasing in VANETs, where a legitimate vehicle can purchase digital files/data through a roadside unit (RSU). Due to the high mobility of the vehicles, the contact period between an RSU and a vehicle could be insufficient to download the complete file. To purchase a digital file, a vehicle purchases a permission key from a fixed RSU and then begins to download the file from the RSU via vehicle-to-RSU communications (V2R) when it is in the transmission range of the RSU. Once the vehicle in the process of downloading a file leaves the transmission range of the RSU, its neighboring vehicles with a piece of the file cooperatively help to complete the file transfer via vehicle-to-vehicle (V2V) communications. Such a commercial file purchasing system can obviously initiate a new application scenario. However, it cannot be put into practice unless the security issues, such as the user privacy, incentives for inter-vehicle cooperation, and the copyright protection for the file content are well addressed. In order to deal with these security issues, we develop a secure business framework for the file purchasing system in this study. In this framework, we preserve the user privacy by using the pseudo identity for each vehicle. We stimulate the cooperation between vehicles through micro-payment incentive mechanism and guarantee the secure payment at the same time. To protect the digital file content from unauthorized distribution, we encrypt the file content before delivery to an end user and use digital fingerprint technology to generate a unique copy for each vehicle after delivery. In a word, we propose a file purchasing application in VANETs and also develop a secure framework for this application.

security

VANET

Electrical and Computer Engineering

Security in Private Branch IP-Telephony Network with QoS Demands

IMRAN AKBAR, KHURRAM SHAHZAD

January 2009

At the moment the demand for IP Telephony is increasing because of its scalability and efficient use of bandwidth. The main issues are security and quality of voice in IP Telephony .The study comprises previous research papers and, on the bases of those papers, comparison is made between two security techniques, IPSec VPN and MPLS VPN. The goal behind this study is to build an IP Telephony setup, with security for private branch network, which is an ISP. IP Telephony networks are currently facing issues regarding security and competent packet switching. The comparison further describes that MPLS VPN technique is more scalable and efficient than IPSec VPN, which has been approved in implementation. In the implementation, one centralized call manager is configured to establish calls between different sites. To secure traffic over the internet which travels from one site to another other site, MPLS VPN is configured in MPLS domain. In order to increase the performance of IP Telephony, quality of service (QoS) is implemented. QoS provides thriving outcomes and it is also practically implemented in the lab. QoS enhances the flow of data by prioritizing the voice packets. At the end, it is concluded that MPLS VPN is more efficient and scalable than IPSec VPN, and shows better results, while completely supporting QoS.

Security in IP Telephony

IP Telephony

Enhancing Network Security in Linux Environment

Mohammed, Ali, Sama, Sachin, Mohammed, Majeed

January 2012

Designing a secured network is the most important task in any enterprise or organization development. Securing a network mainly involves applying policies and procedures to protect different network devices from unauthorized access. Servers such as web servers, file servers, mail servers, etc., are the important devices in a network. Therefore, securing these servers is the first and foremost step followed in every security implementation mechanism. To implement this, it is very important to analyse and study the security mechanisms provided by the operating system. This makes it easier for security implementation in a network. This thesis work demonstrates the tasks needed to enhance the network security in Linux environment. The various security modules existing in Linux makes it different from other operating systems. The security measures which are mainly needed to enhance the system security are documented as a baseline for practical implementation. After analysing the security measures for implementing network security, it is important to understand the role of network monitoring tools and Linux inbuilt log management in maintaining the security of a network. This is accomplished by presenting a detailed discussion on network monitoring tools and log management in Linux. In order to test the network security, a network is designed using Linux systems by configuring different servers and application firewall for packet filtering. The security measures configured on each server to enhance its security are presented as part of the implementation. The results obtained while an unauthorized user accessing the servers from the external network are also documented along with attack information retrieved by different network monitoring tools and Linux inbuilt log messages.

Network Security

Linux

Computer Networks