Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.Comment: ACM CCS 1

NoFish; Total Anti-Phishing Protection System

Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although software companies launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, 201C;No Fish201D; is a total anti-phishing protection system created especially for end-users as well as for organizations. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data

Malicious Malware Detection Using Machine Learning Perspectives

The opportunity for potential attackers to use more advanced techniques to exploit more people who are online is growing. These methods include getting visitors to click on dangerous URLs that could expose them to spam and ads, financial fraud, defacement of their website, and malware.  In this study, we tested different machine learning algorithms against a set of harmful URLs to see how well they worked overall and how well they found malware, spam, defacement, or phishing. The ISXC-URL-2016 dataset from the University of New Brunswick was used to make the dataset. The data was evaluated in Weka using the Random Forest, Decision Tree, Naïve Bayes, and Support Vector Machine algorithms. Each evaluation had a split of 80% of the data and a 5-fold, 10-fold, or 15-fold cross-validation. It was found that the 10-fold Random Forest algorithm correctly categorized 98.8% of the dataset's cases with the most accuracy.  The results of this experiment showed that machine learning can be a useful tool for companies that want to improve their security. Despite different limitations encountered in the completion of this research, This study is the most comprehensive available on the use of practices relevant to Malware detection. Keywords:Machine Learning, URLs, Random Forest, Naive Bayes, Decision Tree, Support Vector Machine DOI: 10.7176/JIEA/12-2-02 Publication date: November 30th 202

A Detection Method for Phishing Web Page Using DOM-Based Doc2Vec Model

Detecting phishing web pages is a challenging task. The existing detection method for phishing web page based on DOM (Document Object Model) is mainly aiming at obtaining structural characteristics but ignores the overall representation of web pages and the semantic information that HTML tags may have. This paper regards DOMs as a natural language with Doc2Vec model and learns the structural semantics automatically to detect phishing web pages. Firstly, the DOM structure of the obtained web page is parsed to construct the DOM tree, then the Doc2Vec model is used to vectorize the DOM tree, and to measure the semantic similarity in web pages by the distance between different DOM vectors. Finally, the hierarchical clustering method is used to implement clustering of web pages. Experiments show that the method proposed in the paper achieves higher recall and precision for phishing classification, compared to DOM-based structural clustering method and TF-IDF-based semantic clustering method. The result shows that using Paragraph Vector is effective on DOM in a linguistic approach

A Survey on Phishing Attacks in Cyberspace

Phishing is a type of cyber attack in which cybercriminals use various advanced techniques to deceive people, such as creating fake webpages or malicious e-mails. The objective of phishing attacks is to gather personal data, money, or personal information from victims illegally. The primary aim of this review is to survey the literature on phishing attacks in cyberspace. It discusses different types of phishing attacks, such as spear phishing, e-mail spoofing, phone phishing, web spoofing, and angler phishing, as well as negative consequences they may cause for people. Phishing is typically carried out through different delivery methods such as e-mail, phone calls, or messaging. Victims of phishing are usually either not sensitive to privacy protection or do not have enough knowledge about social engineering attacks to know they are at risk. In addition, this paper introduces different methods for detecting phishing attacks. The last section discusses certain limitations of existing studies on phishing detection and potential future researc

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Categorization of Phishing Detection Features And Using the Feature Vectors to Classify Phishing Websites

abstract: Phishing is a form of online fraud where a spoofed website tries to gain access to user's sensitive information by tricking the user into believing that it is a benign website. There are several solutions to detect phishing attacks such as educating users, using blacklists or extracting phishing characteristics found to exist in phishing attacks. In this thesis, we analyze approaches that extract features from phishing websites and train classification models with extracted feature set to classify phishing websites. We create an exhaustive list of all features used in these approaches and categorize them into 6 broader categories and 33 finer categories. We extract 59 features from the URL, URL redirects, hosting domain (WHOIS and DNS records) and popularity of the website and analyze their robustness in classifying a phishing website. Our emphasis is on determining the predictive performance of robust features. We evaluate the classification accuracy when using the entire feature set and when URL features or site popularity features are excluded from the feature set and show how our approach can be used to effectively predict specific types of phishing attacks such as shortened URLs and randomized URLs. Using both decision table classifiers and neural network classifiers, our results indicate that robust features seem to have enough predictive power to be used in practice.Dissertation/ThesisMasters Thesis Computer Science 201

Advances in Cybercrime Prediction: A Survey of Machine, Deep, Transfer, and Adaptive Learning Techniques

Cybercrime is a growing threat to organizations and individuals worldwide, with criminals using increasingly sophisticated techniques to breach security systems and steal sensitive data. In recent years, machine learning, deep learning, and transfer learning techniques have emerged as promising tools for predicting cybercrime and preventing it before it occurs. This paper aims to provide a comprehensive survey of the latest advancements in cybercrime prediction using above mentioned techniques, highlighting the latest research related to each approach. For this purpose, we reviewed more than 150 research articles and discussed around 50 most recent and relevant research articles. We start the review by discussing some common methods used by cyber criminals and then focus on the latest machine learning techniques and deep learning techniques, such as recurrent and convolutional neural networks, which were effective in detecting anomalous behavior and identifying potential threats. We also discuss transfer learning, which allows models trained on one dataset to be adapted for use on another dataset, and then focus on active and reinforcement Learning as part of early-stage algorithmic research in cybercrime prediction. Finally, we discuss critical innovations, research gaps, and future research opportunities in Cybercrime prediction. Overall, this paper presents a holistic view of cutting-edge developments in cybercrime prediction, shedding light on the strengths and limitations of each method and equipping researchers and practitioners with essential insights, publicly available datasets, and resources necessary to develop efficient cybercrime prediction systems.Comment: 27 Pages, 6 Figures, 4 Table

Model for phishing websites classification using artificial neural network

Internet users might be exposed to various forms of threats that can create economic harm, identity fraud, and lack of faith in e-commerce and online banking by consumers as the internet has become a necessary part of everyday activities. Phishing can be regarded as a type of web extortions described as the skill of imitating an honest company's website aimed at obtaining private information for example usernames, passwords, and bank information. The accuracy of classification is very significant in order to produce high accuracy results and least error rate in classification of phishing websites. The objective of this research is to model a suitable neural network classifier and then use the model to class the phishing website data set and evaluate the performance of the classifier. This research will use a phishing website data set which was retrieved from UCI repository and will be experimented using Encog Workbench tool. The main expected outcome from this study is the preliminary ANN classifier which classifies the target class of the phishing websites data set accurately, either phishy, suspicious or legitimate ones. The results indicate that ANN (9-5-1) model outperforms other models by achieving the highest accuracy and the least MSE value which is 0.04745