Detecting Phishing Websites Using Associative Classification

Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learnin

Detecting Phishing Websites Using Associative Classification

Phishing is a criminal technique employing both social engineering and technical subterfuge to steal consumer's personal identity data and financial account credential. The aim of the phishing website is to steal the victims’ personal information by visiting and surfing a fake webpage that looks like a true one of a legitimate bank or company and asks the victim to enter personal information such as their username, account number, password, credit card number, …,etc. This paper main goal is to investigate the potential use of automated data mining techniques in detecting the complex problem of phishing Websites in order to help all users from being deceived or hacked by stealing their personal information and passwords leading to catastrophic consequences. Experimentations against phishing data sets and using different common associative classification algorithms (MCAR and CBA) and traditional learning approaches have been conducted with reference to classification accuracy. The results show that the MCAR and CBA algorithms outperformed SVM and algorithms. Keywords: Phishing Websites, Data Mining, Associative Classification, Machine Learning

Intelligent phishing website detection system using fuzzy techniques.

Phishing websites are forged web pages that are created by malicious people to mimic web pages of real websites and it attempts to defraud people of their personal information. Detecting and identifying Phishing websites is really a complex and dynamic problem involving many factors and criteria, and because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Logic model can be an effective tool in assessing and identifying phishing websites than any other traditional tool since it offers a more natural way of dealing with quality factors rather than exact values. In this paper, we present novel approach to overcome the `fuzziness¿ in traditional website phishing risk assessment and propose an intelligent resilient and effective model for detecting phishing websites. The proposed model is based on FL operators which is used to characterize the website phishing factors and indicators as fuzzy variables and produces six measures and criteria¿s of website phishing attack dimensions with a layer structure. Our experimental results showed the significance and importance of the phishing website criteria (URL & Domain Identity) represented by layer one, and the variety influence of the phishing characteristic layers on the final phishing website rate

KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42% less bandwidth per email than RSA2048

Transações de email seguras com descoberta automática de chaves critográficas públicas

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2016Nesta era posterior às revelações de Edward Snowden, existe uma crescente preocupação com questões de segurança e privacidade não apenas em relação a criminosos bem como a sistemas de vigilância a nível governamental. A forma mais óbvia de contrariar este tipo de invasão passa pela utilização de sistemas criptográficos que sejam resistentes a ataques do tipo “Man-in-the-Middle” (MitM) evitando assim quer a visualização, quer a alteração dos conteúdos. No entanto este tipo de tecnologia tem tido grande dificuldade de adoção devido, essencialmente, à sua natureza que implica a troca e manutenção de certificados e chaves públicas. Há mais de 30 anos que o protocolo SMTP é responsável pela comunicação entre servidores de email. Quando foi desenhado, não havia preocupação com questões de segurança, e como tal, mecanismos dessa natureza não foram incorporados no protocolo. Entretanto, foram criados mecanismos adicionais para colmatar essa necessidade (STARTTLS, DKIM), mas por serem extensões opcionais, não há garantia que estas sejam utilizadas em todas as transações de email. Portanto, estas extensões melhoraram a segurança na comunicação entre servidores, mas não necessariamente entre utilizadores. Para tal foram criados mecanismos ponto-a-ponto, como o PGP e S/MIME, que dão controlo ao utilizador das propriedades de segurança na comunicação, no entanto a sua utilização é complexa. O objetivo deste trabalho, passa pela criação de uma solução que permita adicionar automatismo e transparência a protocolos seguros ponto-a-ponto retirando ao utilizador o ónus da gestão da manutenção de chaves e de processos criptográficos.In an era subsequent to the revelations of Edward Snowden, concern has been growing with security and privacy issues not only related with criminals, but also with monitoring systems from governments. The most obvious way to counter this type of invasion involves the use of cryptographic systems that are resistant to attacks such as "Man-in-the-Middle" (MitM) avoiding either viewing or changing the contents. However, this type of technology has not been widely adopted, essentially due to the need of exchanging and maintaining certificates and public keys. For over 30 years, the SMTP protocol is responsible for communication between mail servers. When it was designed, there were no concerns about security, and as such, the protocol had no mechanisms to provide security. In the meantime, with the rise of security issues, additional mechanisms have been created to fill this need (STARTTLS, DKIM). But, because these mechanisms are optional extensions, there is no guarantee that they are used in all e-mail transactions. Therefore, these extensions have improved security in communication between servers, but not necessarily between users. For such, were created mechanisms point-to-point like PGP and S/MIME, giving to the user, control of security properties in communication, but their use is complicated. The objective of this work is the creation of a solution to add automation and transparency to secure protocols point-to-point, pulling out to the user the burden of maintenance management of keys and cryptographic processes

SECURE E-MAIL SYSTEM USING S/MIME AND IB-PKC

Although e-mail security solutions have been introduced for more than two decades, most of the e-mail messages are sent nowadays without being secured by any of these techniques. This is due to the complexity of using these secure e-mail systems and protocols. The complexity mainly arises from the difficulty associated with managing certificates and public keys. The main objective of this study was to find a solution that can make secure e-mail systems easier to use while maintaining the same level of security. This paper proposes a secure e-mail system that is based on the S/MIME standard where the public key and signature algorithms have been replaced by their Identity-Based Cryptography analogue algorithms. Using Identity-Based Cryptography has eliminated the need for digital certificates, and provided a solution to the usability problem present in the existing secure e-mail systems. Users can determine the public key of the recipient without having to contact any trusted third party, and can start encrypting or verifying messages as long as they have the public system parameters that can be publicly available. Users need to contact the Private Key Generator (PKG) only once in order to retrieve their private key before being able to decrypt or sign messages

Securing email through online social networks

Despite being one of the most basic and popular Internet applications, email still largely lacks user-to-user cryptographic protections. From a research perspective, designing privacy preserving techniques for email services is complicated by the requirement of balancing security and ease-of-use needs of everyday users. For example, users cannot be expected to manage long-term keys (e.g., PGP keypair), or understand crypto primitives. To enable intuitive email protections for a large number of users, we design FriendlyMail by leveraging existing pre-authenticated relationships between a sender and receiver on an Online Social Networking (OSN) site, so that users can send secure emails without requiring direct key exchange with the receiver in advance. FriendlyMail can provide integrity, authentication and confidentiality guarantees for user-selected messages among OSN friends. FriendlyMail is mainly based on splitting the trust without introducing new trusted third parties. A confidentiality-protected email is encrypted by a randomly-generated key and sent through email service providers, while the key and hash of the encrypted content are privately shared with the receiver via the OSN site as a second secure channel. Our implementation consists of a Firefox addon and a Facebook application, and can secure the web-based Gmail service using Facebook as the OSN site. However, the design can be implemented for preferred email/OSN services as long as the email and OSN providers are non-colluding parties. FriendlyMail is a client-end solution and does not require changes to email or OSN servers

Improved techniques for phishing email detection based on random forest and firefly-based support vector machine learning algorithms.

Master of Science in Computer Science. University of KwaZulu-Natal, Durban, 2014.Electronic fraud is one of the major challenges faced by the vast majority of online internet users today. Curbing this menace is not an easy task, primarily because of the rapid rate at which fraudsters change their mode of attack. Many techniques have been proposed in the academic literature to handle e-fraud. Some of them include: blacklist, whitelist, and machine learning (ML) based techniques. Among all these techniques, ML-based techniques have proven to be the most efficient, because of their ability to detect new fraudulent attacks as they appear.There are three commonly perpetrated electronic frauds, namely: email spam, phishing and network intrusion. Among these three, more financial loss has been incurred owing to phishing attacks. This research investigates and reports the use of MLand Nature Inspired technique in the domain of phishing detection, with the foremost objective of developing a dynamic and robust phishing email classifier with improved classification accuracy and reduced processing time.Two approaches to phishing email detection are proposed, and two email classifiers are developed based on the proposed approaches. In the first approach, a random forest algorithm is used to construct decision trees,which are,in turn,used for email classification. The second approach introduced a novel MLmethod that hybridizes firefly algorithm (FFA) and support vector machine (SVM). The hybridized method consists of three major stages: feature extraction phase, hyper-parameter selection phase and email classification phase. In the feature extraction phase, the feature vectors of all the features described in Section 3.6 are extracted and saved in a file for easy access.In the second stage, a novel hyper-parameter search algorithm, developed in this research, is used to generate exponentially growing sequence of paired C and Gamma (γ) values. FFA is then used to optimize the generated SVM hyper-parameters and to also find the best hyper-parameter pair. Finally, in the third phase, SVM is used to carry out the classification. This new approach addresses the problem of hyper-parameter optimization in SVM, and in turn, improves the classification speed and accuracy of SVM. Using two publicly available email datasets, some experiments are performed to evaluate the performance of the two proposed phishing email detection techniques. During the evaluation of each approach, a set of features (well suited for phishing detection) are extracted from the training dataset and used to constructthe classifiers. Thereafter, the trained classifiers are evaluated on the test dataset. The evaluations produced very good results. The RF-based classifier yielded a classification accuracy of 99.70%, a FP rate of 0.06% and a FN rate of 2.50%. Also, the hybridized classifier (known as FFA_SVM) produced a classification accuracy of 99.99%, a FP rate of 0.01% and a FN rate of 0.00%

Phishing website detection using intelligent data mining techniques. Design and development of an intelligent association classification mining fuzzy based scheme for phishing website detection with an emphasis on E-banking.

Phishing techniques have not only grown in number, but also in sophistication. Phishers might have a lot of approaches and tactics to conduct a well-designed phishing attack. The targets of the phishing attacks, which are mainly on-line banking consumers and payment service providers, are facing substantial financial loss and lack of trust in Internet-based services. In order to overcome these, there is an urgent need to find solutions to combat phishing attacks. Detecting phishing website is a complex task which requires significant expert knowledge and experience. So far, various solutions have been proposed and developed to address these problems. Most of these approaches are not able to make a decision dynamically on whether the site is in fact phished, giving rise to a large number of false positives. This is mainly due to limitation of the previously proposed approaches, for example depending only on fixed black and white listing database, missing of human intelligence and experts, poor scalability and their timeliness. In this research we investigated and developed the application of an intelligent fuzzy-based classification system for e-banking phishing website detection. The main aim of the proposed system is to provide protection to users from phishers deception tricks, giving them the ability to detect the legitimacy of the websites. The proposed intelligent phishing detection system employed Fuzzy Logic (FL) model with association classification mining algorithms. The approach combined the capabilities of fuzzy reasoning in measuring imprecise and dynamic phishing features, with the capability to classify the phishing fuzzy rules. Different phishing experiments which cover all phishing attacks, motivations and deception behaviour techniques have been conducted to cover all phishing concerns. A layered fuzzy structure has been constructed for all gathered and extracted phishing website features and patterns. These have been divided into 6 criteria and distributed to 3 layers, based on their attack type. To reduce human knowledge intervention, Different classification and association algorithms have been implemented to generate fuzzy phishing rules automatically, to be integrated inside the fuzzy inference engine for the final phishing detection. Experimental results demonstrated that the ability of the learning approach to identify all relevant fuzzy rules from the training data set. A comparative study and analysis showed that the proposed learning approach has a higher degree of predictive and detective capability than existing models. Experiments also showed significance of some important phishing criteria like URL & Domain Identity, Security & Encryption to the final phishing detection rate. Finally, our proposed intelligent phishing website detection system was developed, tested and validated by incorporating the scheme as a web based plug-ins phishing toolbar. The results obtained are promising and showed that our intelligent fuzzy based classification detection system can provide an effective help for real-time phishing website detection. The toolbar successfully recognized and detected approximately 92% of the phishing websites selected from our test data set, avoiding many miss-classified websites and false phishing alarms