132 research outputs found
PhishSim: Aiding Phishing Website Detection with a Feature-Free Tool
In this paper, we propose a feature-free method for detecting phishing
websites using the Normalized Compression Distance (NCD), a parameter-free
similarity measure which computes the similarity of two websites by compressing
them, thus eliminating the need to perform any feature extraction. It also
removes any dependence on a specific set of website features. This method
examines the HTML of webpages and computes their similarity with known phishing
websites, in order to classify them. We use the Furthest Point First algorithm
to perform phishing prototype extractions, in order to select instances that
are representative of a cluster of phishing webpages. We also introduce the use
of an incremental learning algorithm as a framework for continuous and adaptive
detection without extracting new features when concept drift occurs. On a large
dataset, our proposed method significantly outperforms previous methods in
detecting phishing websites, with an AUC score of 98.68%, a high true positive
rate (TPR) of around 90%, while maintaining a low false positive rate (FPR) of
0.58%. Our approach uses prototypes, eliminating the need to retain long term
data in the future, and is feasible to deploy in real systems with a processing
time of roughly 0.3 seconds.Comment: 34 pages, 20 figure
Monitoring web applications for vulnerability discovery and removal under attack
Tese de mestrado, Engenharia Informática (Arquitetura, Sistemas e Redes de Computadores) Universidade de Lisboa, Faculdade de Ciências, 2018Web applications are ubiquitous in our everyday lives, as they are deployed in the most diverse contexts and support a variety of services. The correctness of these applications, however, can be compromised by vulnerabilities left in their source code, often incurring in nefarious consequences, such as the theft of private data and the adulteration of information. This dissertation proposes a solution for the automatic detection and removal of vulnerabilities in web applications programmed in the PHP language. By monitoring the user interactions with the web applications with traditional attack discovery tools, it is possible to identify malicious inputs that are eventually provided by attackers. These in- puts are then explored by a directed static analysis approach, allowing for the discovery of potential security issues and the correction of bugs in the program. The solution was implemented and validated with a set of vulnerable web applications. The experimental results demonstrate that the tool is capable of detecting and correcting SQL Injection and XSS vulnerabilities. In total 174 vulnerabilities were found in 5 web applications, where 2 of these were previously unknown by the research community(i.e., they were ”zero-day” vulnerabilities)
- …