A novel hybrid approach of SVM combined with NLP and probabilistic neural network for email phishing

Phishing attacks are one of the slanting cyber-attacks that apply socially engineered messages that are imparted to individuals from expert hackers going for tricking clients to uncover their delicate data, the most mainstream correspondence channel to those messages is through clients' emails. Phishing has turned into a generous danger for web clients and a noteworthy reason for money related misfortunes. Therefore, different arrangements have been created to handle this issue. Deceitful emails, also called phishing emails, utilize a scope of impact strategies to convince people to react, for example, promising a fiscal reward or summoning a feeling of criticalness. Regardless of far reaching alerts and intends to instruct clients to distinguish phishing sends, these are as yet a pervasive practice and a worthwhile business. The creators accept that influence, as a style of human correspondence intended to impact others, has a focal job in fruitful advanced tricks. Cyber criminals have ceaselessly propelling their techniques for assault. The current strategies to recognize the presence of such malevolent projects and to keep them from executing are static, dynamic and hybrid analysis. In this work we are proposing a hybrid methodology for phishing detection incorporating feature extraction and classification of the mails using SVM. At last, alongside the chose features, the PNN characterizes the spam mails from the genuine mails with more exactness and accuracy

Predicting the performance of users as human sensors of security threats in social media

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber threats, specifically on social media. For this, we have conducted an online test and accompanying questionnaire-based survey, which was taken by 4,457 users. The test included eight realistic social media scenarios (four attack and four non-attack) in the form of screenshots, which the participants were asked to categorise as “likely attack” or “likely not attack”. We present the overall performance of human sensors in our experiment for each exhibit, and also apply logistic regression and Random Forest classifiers to evaluate the feasibility of predicting that performance based on different characteristics of the participants. Such prediction would be useful where accuracy of human sensors in detecting and reporting social media security threats is important. We identify features that are good predictors of a human sensor’s performance and evaluate them in both a theoretical ideal case and two more realistic cases, the latter corresponding to limited access to a user’s characteristics

Information security awareness in a developing country context : insights from the government sector in Saudi Arabia

Purpose The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme. Design/methodology/approach An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis. Findings The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge. Originality/value This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context

Learning from safety science: A way forward for studying cybersecurity incidents in organizations

In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents

ANALYZING TEMPORAL PATTERNS IN PHISHING EMAIL TOPICS

In 2020, the Federal Bureau of Investigation (FBI) found phishing to be the most common cybercrime, with a record number of complaints from Americans reporting losses exceeding $4.1 billion. Various phishing prevention methods exist; however, these methods are usually reactionary in nature as they activate only after a phishing campaign has been launched. Priming people ahead of time with the knowledge of which phishing topic is more likely to occur could be an effective proactive phishing prevention strategy. It has been noted that the volume of phishing emails tended to increase around key calendar dates and during times of uncertainty. This thesis aimed to create a classifier to predict which phishing topics have an increased likelihood of occurring in reference to an external event. After distilling around 1.2 million phishes until only meaningful words remained, a Latent Dirichlet allocation (LDA) topic model uncovered 90 latent phishing topics. On average, human evaluators agreed with the composition of a topic 74% of the time in one of the phishing topic evaluation tasks, showing an accordance of human judgment to the topics produced by the LDA model. Each topic was turned into a timeseries by creating a frequency count over the dataset’s two-year timespan. This time-series was changed into an intensity count to highlight the days of increased phishing activity. All phishing topics were analyzed and reviewed for influencing events. After the review, ten topics were identified to have external events that could have possibly influenced their respective intensities. After performing the intervention analysis, none of the selected topics were found to correlate with the identified external event. The analysis stopped here, and no predictive classifiers were pursued. With this dataset, temporal patterns coupled with external events were not able to predict the likelihood of a phishing attack

Learning from safety science : a way forward for studying cybersecurity incidents in organizations

In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents

A study of preventing email (spear) phishing by enabling human intelligence

Cyber criminals use phishing emails in high-volume and spear phishing emails in low volume to achieve their malicious objectives. Hereby they inflict financial, reputational, and emotional damages on individuals and organizations. These (spear) phishing attacks get steadily more sophisticated as cyber criminals use social engineering tricks that combine psychological and technical deceptions to make malicious emails as trustworthy as possible. Such sophisticated (spear) phishing emails are hard for email protection systems to detect. Security researchers have studied users' ability to perceive, identify and react upon email (spear) phishing attacks. In this study we have surveyed recent works on understanding how to prevent end-users from falling for email (spear) phishing attacks. Based on the survey we design and propose a novice method that combines interaction methods of reporting, blocking, warning, and embedded education to harness the intelligence of expert and novice users in a corporate environment in detecting email (spear) phishing attacks. We evaluate the design based on a qualitative study, in three experimental steps, by using a mockup prototype, and with 24 participants. We report on the insights gained, indicating that the proposed combination of the interaction methods is promising, and on future research directions

Don’t click : towards an effective anti-phishing training. A comparative literature review

Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many organizations have begun to provide anti-phishing training programs to their employees. A central question in the development of such programs is how they can be designed sustainably and effectively to minimize the vulnerability of employees to phishing attacks. In this paper, we survey and categorize works that consider different elements of such programs via a clearly laid-out methodology, and identify key findings in the technical literature. Overall, we find that researchers agree on the answers to many relevant questions regarding the utility and effectiveness of anti-phishing training. However, we identified influencing factors, such as the impact of age on the success of anti-phishing training programs, for which mixed findings are available. Finally, based on our comprehensive analysis, we describe how a well-founded anti-phishing training program should be designed and parameterized with a set of proposed research directions