Towards a Multi-Layered Phishing Detection.

Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art

Leverage Website Favicon to Detect Phishing Websites

Phishing attack is a cybercrime that can lead to severe financial losses for Internet users and entrepreneurs. Typically, phishers are fond of using fuzzy techniques during the creation of a website. They confuse the victim by imitating the appearance and content of a legitimate website. In addition, many websites are vulnerable to phishing attacks, including financial institutions, social networks, e-commerce, and airline websites. This paper is an extension of our previous work that leverages the favicon with Google image search to reveal the identity of a website. Our identity retrieval technique involves an effective mathematical model that can be used to assist in retrieving the right identity from the many entries of the search results. In this paper, we introduced an enhanced version of the favicon-based phishing attack detection with the introduction of the Domain Name Amplification feature and incorporation of addition features. Additional features are very useful when the website being examined does not have a favicon. We have collected a total of 5,000 phishing websites from PhishTank and 5,000 legitimate websites from Alexa to verify the effectiveness of the proposed method. From the experimental results, we achieved a 96.93% true positive rate with only a 4.13% false positive rate

Emerging and Unconventional: New Attacks and Innovative Detection Techniques

Nowadays, security must face new and challenging scenarios, for instance, those exploiting cloud and fog computing, the Internet of Things (IoT), or complex frameworks for orchestrating botnets. Therefore, new attacks and innovative countermeasures should be investigated and this special issue focuses on how advancements provided by information and communication technologies influence modern cyberinfrastructures. We received several high-quality submissions containing novel original research results. After a thorough review process, we accepted six articles that can be grouped into three different areas, each one offering insights on emerging and unconventional threats and detection techniques. The first area deals with information hiding and covert channels, which are important aspects as many modern threats exploit a variety of methods to increase their stealthiness for remaining unnoticed for long periods or for limiting the efficiency of digital forensics techniques and detection tools. In this perspective, the article entitled “Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment” focuses on securing a virtualization environment by introducing a novel approach to detect covert communication attempts. Besides, the article entitled “Detecting Web-Based Botnets Using Bot Communication Traffic Features” introduces two metrics for the detection of command and control servers orchestrating botnets by means of HTTP commands and Webpages. Detection is the second area. Novel forms of detection are mandatory to counteract sophisticated malware or to perform traffic analysis in emerging and complex scenarios. In this case, the article entitled “Leverage Website Favicon to Detect Phishing Websites” proposes a way to exploit favicon to reveal the identity of a Website and mitigate phishing attacks. Moreover, the article “Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders” discusses how to approach the problem of automatically and efficiently extracting features from large amounts of unlabeled raw network traffic data using deep learning approaches. The last area covered by this special issue deals with IoT and modern, interconnected, and smart systems. The article entitled “Remotely Exploiting AT Command Attacks on ZigBee Networks” addresses an IoT scenario and showcases how to remotely exploit AT commands to attack sensors. Lastly, the article entitled “Predictive Abuse Detection for a PLC Smart Lighting Network Based on Automatically Created Models of Exponential Smoothing” investigates statistical models to detect attacks targeting smart lighting infrastructures. Summing up, we think that this special issue will improve the understanding of how modern communication and computing frameworks can be exploited and how they can be secured