13 research outputs found
Detecting Phishing Websites Using Associative Classification
Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learnin
Detecting Phishing Websites Using Associative Classification
Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learning
Intelligent phishing website detection system using fuzzy techniques.
Phishing websites are forged web pages that are created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information.
Detecting and identifying Phishing websites is really a complex and dynamic problem involving many factors and criteria, and
because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Logic model can be an effective
tool in assessing and identifying phishing websites than any other
traditional tool since it offers a more natural way of dealing with
quality factors rather than exact values. In this paper, we present
novel approach to overcome the `fuzziness¿ in traditional website phishing risk assessment and propose an intelligent resilient and effective model for detecting phishing websites. The proposed
model is based on FL operators which is used to characterize the
website phishing factors and indicators as fuzzy variables and
produces six measures and criteria¿s of website phishing attack
dimensions with a layer structure. Our experimental results
showed the significance and importance of the phishing website
criteria (URL & Domain Identity) represented by layer one, and
the variety influence of the phishing characteristic layers on the
final phishing website rate
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Email breaches are commonplace, and they expose a wealth of personal,
business, and political data that may have devastating consequences. The
current email system allows any attacker who gains access to your email to
prove the authenticity of the stolen messages to third parties -- a property
arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This
exacerbates the problem of email breaches by greatly increasing the potential
for attackers to damage the users' reputation, blackmail them, or sell the
stolen information to third parties.
In this paper, we introduce "non-attributable email", which guarantees that a
wide class of adversaries are unable to convince any third party of the
authenticity of stolen emails. We formally define non-attributability, and
present two practical system proposals -- KeyForge and TimeForge -- that
provably achieve non-attributability while maintaining the important protection
against spam and spoofing that is currently provided by DKIM. Moreover, we
implement KeyForge and demonstrate that that scheme is practical, achieving
competitive verification and signing speed while also requiring 42% less
bandwidth per email than RSA2048
Transações de email seguras com descoberta automática de chaves critográficas públicas
Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2016Nesta era posterior às revelações de Edward Snowden, existe uma crescente preocupação com questões de segurança e privacidade não apenas em relação a criminosos bem como a sistemas de vigilância a nível governamental. A forma mais óbvia de contrariar este tipo de invasão passa pela utilização de sistemas criptográficos que sejam resistentes a ataques do tipo “Man-in-the-Middle” (MitM) evitando assim quer a visualização, quer a alteração dos conteúdos. No entanto este tipo de tecnologia tem tido grande dificuldade de adoção devido, essencialmente, à sua natureza que implica a troca e manutenção de certificados e chaves públicas. Há mais de 30 anos que o protocolo SMTP é responsável pela comunicação entre servidores de email. Quando foi desenhado, não havia preocupação com questões de segurança, e como tal, mecanismos dessa natureza não foram incorporados no protocolo. Entretanto, foram criados mecanismos adicionais para colmatar essa necessidade (STARTTLS, DKIM), mas por serem extensões opcionais, não há garantia que estas sejam utilizadas em todas as transações de email. Portanto, estas extensões melhoraram a segurança na comunicação entre servidores, mas não necessariamente entre utilizadores. Para tal foram criados mecanismos ponto-a-ponto, como o PGP e S/MIME, que dão controlo ao utilizador das propriedades de segurança na comunicação, no entanto a sua utilização é complexa. O objetivo deste trabalho, passa pela criação de uma solução que permita adicionar automatismo e transparência a protocolos seguros ponto-a-ponto retirando ao utilizador o ónus da gestão da manutenção de chaves e de processos criptográficos.In an era subsequent to the revelations of Edward Snowden, concern has been growing with security and privacy issues not only related with criminals, but also with monitoring systems from governments. The most obvious way to counter this type of invasion involves the use of cryptographic systems that are resistant to attacks such as "Man-in-the-Middle" (MitM) avoiding either viewing or changing the contents. However, this type of technology has not been widely adopted, essentially due to the need of exchanging and maintaining certificates and public keys. For over 30 years, the SMTP protocol is responsible for communication between mail servers. When it was designed, there were no concerns about security, and as such, the protocol had no mechanisms to provide security. In the meantime, with the rise of security issues, additional mechanisms have been created to fill this need (STARTTLS, DKIM). But, because these mechanisms are optional extensions, there is no guarantee that they are used in all e-mail transactions. Therefore, these extensions have improved security in communication between servers, but not necessarily between users. For such, were created mechanisms point-to-point like PGP and S/MIME, giving to the user, control of security properties in communication, but their use is complicated. The objective of this work is the creation of a solution to add automation and transparency to secure protocols point-to-point, pulling out to the user the burden of maintenance management of keys and cryptographic processes
SECURE E-MAIL SYSTEM USING S/MIME AND IB-PKC
Although e-mail security solutions have been introduced for more than two decades, most of the e-mail messages are sent nowadays without being secured by any of these techniques. This is due to the complexity of using these secure e-mail systems and protocols. The complexity mainly arises from the difficulty associated with managing certificates and public keys. The main objective of this study was to find a solution that can make secure e-mail systems easier to use while maintaining the same level of security. This paper proposes a secure e-mail system that is based on the S/MIME standard where the public key and signature algorithms have been replaced by their Identity-Based Cryptography analogue algorithms. Using Identity-Based Cryptography has eliminated the need for digital certificates, and provided a solution to the usability problem present in the existing secure e-mail systems. Users can determine the public key of the recipient without having to contact any trusted third party, and can start encrypting or verifying messages as long as they have the public system parameters that can be publicly available. Users need to contact the Private Key Generator (PKG) only once in order to retrieve their private key before being able to decrypt or sign messages
Securing email through online social networks
Despite being one of the most basic and popular Internet applications, email still largely lacks user-to-user cryptographic protections. From a research perspective, designing privacy preserving techniques for email services is complicated by the requirement of balancing security and ease-of-use needs of everyday users. For example, users cannot be expected to manage long-term keys (e.g., PGP keypair), or understand crypto primitives.
To enable intuitive email protections for a large number of users, we design FriendlyMail by leveraging existing pre-authenticated relationships between a sender and receiver on an Online Social Networking (OSN) site, so that users can send secure emails without requiring direct key exchange with the receiver in advance. FriendlyMail can provide integrity, authentication and confidentiality guarantees for user-selected messages among OSN friends. FriendlyMail is mainly based on splitting the trust without introducing new trusted third parties. A confidentiality-protected email is encrypted by a randomly-generated key and sent through email service providers, while the key and hash of the encrypted content are privately shared with the receiver via the OSN site as a second secure channel. Our implementation consists of a Firefox addon and a Facebook application, and can secure the web-based Gmail service using Facebook as the OSN site. However, the design can be implemented for preferred email/OSN services as long as the email and OSN providers are non-colluding parties. FriendlyMail is a client-end solution and does not require changes to email or OSN servers
Improved techniques for phishing email detection based on random forest and firefly-based support vector machine learning algorithms.
Master of Science in Computer Science. University of KwaZulu-Natal, Durban, 2014.Electronic fraud is one of the major challenges faced by the vast majority of online internet users today. Curbing this menace is not an easy task, primarily because of the rapid rate at which fraudsters change their mode of attack. Many techniques have been proposed in the academic literature to handle e-fraud. Some of them include: blacklist, whitelist, and machine learning (ML) based techniques. Among all these techniques, ML-based techniques have proven to be the most efficient, because of their ability to detect new fraudulent attacks as they appear.There are three commonly perpetrated electronic frauds, namely: email spam, phishing and network intrusion. Among these three, more financial loss has been incurred owing to phishing attacks. This research investigates and reports the use of MLand Nature Inspired technique in the domain of phishing detection, with the foremost objective of developing a dynamic and robust phishing email classifier with improved classification accuracy and reduced processing time.Two approaches to phishing email detection are proposed, and two email classifiers are developed based on the proposed approaches. In the first approach, a random forest algorithm is used to construct decision trees,which are,in turn,used for email classification. The second approach introduced a novel MLmethod that hybridizes firefly algorithm (FFA) and support vector machine (SVM). The hybridized method consists of three major stages: feature extraction phase, hyper-parameter selection phase and email classification phase. In the feature extraction phase, the feature vectors of all the features described in Section 3.6 are extracted and saved in a file for easy access.In the second stage, a novel hyper-parameter search algorithm, developed in this research, is used to generate exponentially growing sequence of paired C and Gamma (γ) values. FFA is then used to optimize the generated SVM hyper-parameters and to also find the best hyper-parameter pair. Finally, in the third phase, SVM is used to carry out the classification. This new approach addresses the problem of hyper-parameter optimization in SVM, and in turn, improves the classification speed and accuracy of SVM. Using two publicly available email datasets, some experiments are performed to evaluate the performance of the two proposed phishing email detection techniques. During the evaluation of each approach, a set of features (well suited for phishing detection) are extracted from the training dataset and used to constructthe classifiers. Thereafter, the trained classifiers are evaluated on the test dataset. The evaluations produced very good results. The RF-based classifier yielded a classification accuracy of 99.70%, a FP rate of 0.06% and a FN rate of 2.50%. Also, the hybridized classifier (known as FFA_SVM) produced a classification accuracy of 99.99%, a FP rate of 0.01% and a FN rate of 0.00%
Recommended from our members
Phishing website detection using intelligent data mining techniques. Design and development of an intelligent association classification mining fuzzy based scheme for phishing website detection with an emphasis on E-banking.
Phishing techniques have not only grown in number, but also in sophistication. Phishers might
have a lot of approaches and tactics to conduct a well-designed phishing attack. The targets of
the phishing attacks, which are mainly on-line banking consumers and payment service
providers, are facing substantial financial loss and lack of trust in Internet-based services. In
order to overcome these, there is an urgent need to find solutions to combat phishing attacks.
Detecting phishing website is a complex task which requires significant expert knowledge and
experience. So far, various solutions have been proposed and developed to address these
problems. Most of these approaches are not able to make a decision dynamically on whether the
site is in fact phished, giving rise to a large number of false positives. This is mainly due to
limitation of the previously proposed approaches, for example depending only on fixed black
and white listing database, missing of human intelligence and experts, poor scalability and their
timeliness.
In this research we investigated and developed the application of an intelligent fuzzy-based
classification system for e-banking phishing website detection. The main aim of the proposed
system is to provide protection to users from phishers deception tricks, giving them the ability
to detect the legitimacy of the websites. The proposed intelligent phishing detection system
employed Fuzzy Logic (FL) model with association classification mining algorithms. The
approach combined the capabilities of fuzzy reasoning in measuring imprecise and dynamic
phishing features, with the capability to classify the phishing fuzzy rules. Different phishing experiments which cover all phishing attacks, motivations and deception
behaviour techniques have been conducted to cover all phishing concerns. A layered fuzzy
structure has been constructed for all gathered and extracted phishing website features and
patterns. These have been divided into 6 criteria and distributed to 3 layers, based on their attack
type. To reduce human knowledge intervention, Different classification and association
algorithms have been implemented to generate fuzzy phishing rules automatically, to be
integrated inside the fuzzy inference engine for the final phishing detection.
Experimental results demonstrated that the ability of the learning approach to identify all
relevant fuzzy rules from the training data set. A comparative study and analysis showed that
the proposed learning approach has a higher degree of predictive and detective capability than
existing models. Experiments also showed significance of some important phishing criteria like
URL & Domain Identity, Security & Encryption to the final phishing detection rate.
Finally, our proposed intelligent phishing website detection system was developed, tested and
validated by incorporating the scheme as a web based plug-ins phishing toolbar. The results
obtained are promising and showed that our intelligent fuzzy based classification detection
system can provide an effective help for real-time phishing website detection. The toolbar
successfully recognized and detected approximately 92% of the phishing websites selected from
our test data set, avoiding many miss-classified websites and false phishing alarms