Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.Comment: Detection of spear phishing using social media feature

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

A Framework for anonymous background data delivery and feedback

The current state of the industry’s methods of collecting background data reflecting diagnostic and usage information are often opaque and require users to place a lot of trust in the entity receiving the data. For vendors, having a centralized database of potentially sensitive data is a privacy protection headache and a potential liability should a breach of that database occur. Unfortunately, high profile privacy failures are not uncommon, so many individuals and companies are understandably skeptical and choose not to contribute any information. It is a shame, since the data could be used for improving reliability, or getting stronger security, or for valuable academic research into real-world usage patterns. We propose, implement and evaluate a framework for non-realtime anonymous data collection, aggregation for analysis, and feedback. Departing from the usual “trusted core” approach, we aim to maintain reporters’ anonymity even if the centralized part of the system is compromised. We design a peer-to-peer mix network and its protocol that are tuned to the properties of background diagnostic traffic. Our system delivers data to a centralized repository while maintaining (i) source anonymity, (ii) privacy in transit, and (iii) the ability to provide analysis feedback back to the source. By removing the core’s ability to identify the source of data and to track users over time, we drastically reduce its attractiveness as a potential attack target and allow vendors to make concrete and verifiable privacy and anonymity claims

The Dark Web Phenomenon: A Review and Research Agenda

The internet can be broadly divided into three parts: surface, deep and dark. The dark web has become notorious in the media for being a hidden part of the web where all manner of illegal activities take place. This review investigates how the dark web is being utilised with an emphasis on cybercrime, and how law enforcement plays the role of its adversary. The review describes these hidden spaces, sheds light on their history, the activities that they harbour – including cybercrime, the nature of attention they receive, and methodologies employed by law enforcement in an attempt to defeat their purpose. More importantly, it is argued that these spaces should be considered a phenomenon and not an isolated occurrence to be taken as merely a natural consequence of technology. This paper contributes to the area of dark web research by serving as a reference document and by proposing a research agenda

The Rise of iWar: Identity, Information, and the Individualization of Modern Warfare

During a decade of global counterterrorism operations and two extended counterinsurgency campaigns, the United States was confronted with a new kind of adversary. Without uniforms, flags, and formations, the task of identifying and targeting these combatants represented an unprecedented operational challenge for which Cold War era doctrinal methods were largely unsuited. This monograph examines the doctrinal, technical, and bureaucratic innovations that evolved in response to these new operational challenges. It discusses the transition from a conventionally focused, Cold War-era targeting process to one optimized for combating networks and conducting identity-based targeting. It analyzes the policy decisions and strategic choices that were the catalysts of this change and concludes with an in depth examination of emerging technologies that are likely to shape how this mode of warfare will be waged in the future.https://press.armywarcollege.edu/monographs/1436/thumbnail.jp

Practical privacy enhancing technologies for mobile systems

Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users. We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer. In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems

The role of social media in the collaboration, interaction, co-creation and co-delivery of a social venture in an uncertain conflict environment

This research case study examines the creation and development of a bottom-up social enterprise immediately after the outbreak of a civil war in an Arab country by a group of young patriots in the aftermath of the Arab Spring uprisings in the 2010s. Drawing on Linders’ (2012) model of social action lifecycle, our study examines how different actors become involved and co-created a socially entrepreneurial venture (SEV), how these actors contributed to the coproduction and co-delivery of the social actions (values) over time, and how social media play roles in these processes. Drawing from the empirical evidences of citizen co-production within the existing literature, we found that SEVs operate in very different ways in which the role of social media is critical, both from their equivalents operating in a penurious but stable environment, and those intending to pursue political action within a conflict situation. In our case study, social media was not intended for mass-mobilisation, but for selected mobilisation amongst those within the network. This is due to the insecure environment and the fear of infiltration from opposing parties. We also examine how new actors were, over time, being carefully screened and selected, and potential harmful existing players being excluded, which in turn contributed to the evolving nature of the social enterprises

Big data:Lessons for employers and employees

Purpose: The focus of the current article is to critically reflect on the pros and cons of using employee information in big data projects. Approach: The authors reviewed papers in the area of big data that have immediate repercussions for the experiences of employees and employers. Findings: The review of papers to date suggests that big data lessons based on employee data are still a relatively unknown area of employment literature. Particular attention is paid to discussion of employee rights, ethics, expectations, and the implications employer conduct has on employment relationships and prospective benefits of big data analytics at work for work. Originality/value: This viewpoint article highlights the need for more discussion between employees and employers about the collection, use, storage and ownership of data in the workplace. A number of recommendations are put forward to support future data collection efforts in organisations

Security and Privacy in Unified Communication

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The use of unified communication; video conferencing, audio conferencing, and instant messaging has skyrocketed during the COVID-19 pandemic. However, security and privacy considerations have often been neglected. This paper provides a comprehensive survey of security and privacy in Unified Communication (UC). We systematically analyze security and privacy threats and mitigations in a generic UC scenario. Based on this, we analyze security and privacy features of the major UC market leaders and we draw conclusions on the overall UC landscape. While confidentiality in communication channels is generally well protected through encryption, other privacy properties are mostly lacking on UC platforms

From catching up to forging ahead in advanced manufacturing—reflections on China’s future of jobs

For more about the East-West Center, see http://www.eastwestcenter.org/This paper explores what we know about possible employment effects of the 10-year plan, issued by the State Council on May 19, 2015, entitled Made in China 2025. MIC2025 was designed to address China’s emerging labor shortage challenge. To achieve this goal, the plan seeks to boost labor productivity through an increased use of robots and through network-based upgrading of the entire industrial value chain and related services. How might the projected increase in labor productivity affect the creation and quality of jobs in China? Will China’s push into advanced manufacturing now move the country’s manufacturing employment closer to the pattern of “employment de-industrialization” observed in the US and other industrialized countries? How China will cope with the advanced manufacturing challenge for employment will have major implications not only for the US and other industrialized countries, but also for emerging economies and, most importantly for the majority of developing countries that are still struggling as latecomers to labor-intensive industrial manufacturing. The paper lays out objectives of the MIC 2025 plan and highlights a failure of Chinese policy makers to take into account employment effects and other labor market issues when they design their grand visions of industrial policy. The paper finds that until 2014, manufacturing has acted as an employment absorber in China. However new data on unemployment, labor force participation and income inequality signal that China may now be moving towards an “employment de-industrialization” pattern, unless enough knowledge-intensive service jobs will be created in China’s growing information economy. The paper concludes with implications for policy and further research