Exhaustive study on Detection of phishing practices and tactics

Due to the rapid development in the technologies related to the Internet, users have changed their preferences from conventional shop based shopping to online shopping, from office work to work from home and from personal meetings to web meetings. Along with the rapidly increasing number of users, Internet has also attracted many attackers, such as fraudsters, hackers, spammers and phishers, looking for their victims on the huge cyber space. Phishing is one of the basic cybercrimes, which uses anonymous structure of Internet and social engineering approach, to deceive users with the use of malicious phishing links to gather their private information and credentials. Identifying whether a web link used by the attacker is a legitimate or phishing link is a very challenging problem because of the semantics-based structure of the attack, used by attackers to trick users in to entering their personal information. There are a diverse range of algorithms with different methodologies that can be used to prevent these attacks. The efficiency of such systems may be influenced by a lack of proper choice of classifiers along with the types of feature sets. The purpose of this analysis is to understand the forms of phishing threats and the existing approaches used to deter them

Artificial Intelligence Adoption in Criminal Incestigations: Challenges and Opportunities for Research

Artificial Intelligence (AI) offers the potential to transform organisational decision-making and knowledge-sharing processes that support criminal investigations. Yet, there is still limited evidence-based knowledge concerning the successful use of AI for criminal investigations in literature. This paper identifies the main areas and current dynamics of the adoption of AI in criminal investigations using bibliometric analysis. We synthesise existing research by identifying key themes researchers have delved into on AI in criminal investigations. The themes include crime prediction and human-centred issues relating to AI use in criminal investigations. Finally, the paper elaborates on the challenges that may influence AI adoption in criminal investigations by police professionals. These challenges include possible laggard effects with AI adoption, implementation challenges, lack of government oversight, and a skills gap

An Empirical Study Towards an Automatic Phishing Attack Detection Using Ensemble Stacking Model

Phishing attacks have become one of the most attacks facing internet users, especially after the COVID-19 pandemic, as most organizations have transferred part or most of their work and communication to become online using well-known tools, like email, Zoom, WebEx, etc. Therefore, cyber phishing attacks have become progressively recent, directly and frankly reflecting the designated website, allowing the attacker to observe everything while the victim is exploring Webpages. Hence, utilizing Artificial Intelligence (AI) techniques has become a necessary approach that could be used to detect such attacks automatically. In this paper, we introduce an empirical analysis for automatic phishing detection using several well-known machine learning classification algorithms compared with an ensemble learning model for detecting phishing sites based on the uniform resource locator (URL) using two preprocessed datasets. In this empirical study, we concluded that the ensemble model grants accuracy 97.49% for dataset 1 and 98.69% for dataset 2, which gives higher accuracy than using a single machine learning classification algorithm such as Naive Bayes (NB), Decision Trees (DTs), Random Forest (RF), K-Nearest Neighbors (KNN), Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA). We also compared the proposed ensemble model with one of the most recent similar model

A maximum entropy classification scheme for phishing detection using parsimonious features

Over the years, electronic mail (e-mail) has been the target of several malicious attacks. Phishing is one of the most recognizable forms of manipulation aimed at e-mail users and usually, employs social engineering to trick innocent users into supplying sensitive information into an imposter website. Attacks from phishing emails can result in the exposure of confidential information, financial loss, data misuse, and others. This paper presents the implementation of a maximum entropy (ME) classification method for an efficient approach to the identification of phishing emails. Our result showed that maximum entropy with parsimonious feature space gives a better classification precision than both the Naïve Bayes and support vector machine (SVM)

NoFish; Total Anti-Phishing Protection System

Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although software companies launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, 201C;No Fish201D; is a total anti-phishing protection system created especially for end-users as well as for organizations. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data

Design of Automated Website Phishing Detection using Sequential Mechanism of RCL Algorithm

The phishing outbreaks in internet has become a major problem in web safety in recent years. The phishers will be stealing crucial economic data regarding the web user to perform economic break-in. In order to predict phishing websites, many blacklist-based phishing website recognition methods are used in this study. Traditional methods of detecting phishing websites rely on static features and rule-based schemes, which can be evaded by attackers. Recently, Deep Learning (DL) and Machine Learning (ML) models are employed for automated website phishing detection. With this motivation, this study develops an automated website phishing detection using the sequential mechanism of RCL algorithm. The proposed model employs Long-Short-Term Memory (LSTM), Convolutional Neural Network (CNN), and Random Forest (RF) models for the detection of attacks in the URLs and webpages by the similarity measurement of the decoy contents. The proposed model involves three major components namely, RF for URL phishing detection, CNN based phishing webpage detection, and LSTM based website classification (i.e., legitimate and phishing). The experimental result analysis of the RCL technique is tested on the benchmark dataset of Alexa and PhishTank. A comprehensive comparison study highlighted that the RCL algorithm accomplishes enhanced phishing detection performance over other existing techniques in terms of distinct evaluation metrics

Optimizing cybersecurity incident response decisions using deep reinforcement learning

The main purpose of this paper is to explore and investigate the role of deep reinforcement learning (DRL) in optimizing the post-alert incident response process in security incident and event management (SIEM) systems. Although machine learning is used at multiple levels of SIEM systems, the last mile decision process is often ignored. Few papers reported efforts regarding the use of DRL to improve the post-alert decision and incident response processes. All the reported efforts applied only shallow (traditional) machine learning approaches to solve the problem. This paper explores the possibility of solving the problem using DRL approaches. The main attraction of DRL models is their ability to make accurate decisions based on live streams of data without the need for prior training, and they proved to be very successful in other fields of applications. Using standard datasets, a number of experiments have been conducted using different DRL configurations The results showed that DRL models can provide highly accurate decisions without the need for prior training