1,022 research outputs found
Scalable Detection and Isolation of Phishing
This paper presents a proposal for scalable detection and isolation of phishing. The main ideas are to move the protection from end users towards the network provider and to employ the novel bad neighborhood concept, in order to detect and isolate both phishing e-mail senders and phishing web servers. In addition, we propose to develop a self-management architecture that enables ISPs to protect their users against phishing attacks, and explain how this architecture could be evaluated. This proposal is the result of half a year of research work at the University of Twente (UT), and it is aimed at a Ph.D. thesis in 2012
Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection
In this paper, we introduce and evaluate PROPEDEUTICA, a novel methodology
and framework for efficient and effective real-time malware detection,
leveraging the best of conventional machine learning (ML) and deep learning
(DL) algorithms. In PROPEDEUTICA, all software processes in the system start
execution subjected to a conventional ML detector for fast classification. If a
piece of software receives a borderline classification, it is subjected to
further analysis via more performance expensive and more accurate DL methods,
via our newly proposed DL algorithm DEEPMALWARE. Further, we introduce delays
to the execution of software subjected to deep learning analysis as a way to
"buy time" for DL analysis and to rate-limit the impact of possible malware in
the system. We evaluated PROPEDEUTICA with a set of 9,115 malware samples and
877 commonly used benign software samples from various categories for the
Windows OS. Our results show that the false positive rate for conventional ML
methods can reach 20%, and for modern DL methods it is usually below 6%.
However, the classification time for DL can be 100X longer than conventional ML
methods. PROPEDEUTICA improved the detection F1-score from 77.54% (conventional
ML method) to 90.25%, and reduced the detection time by 54.86%. Further, the
percentage of software subjected to DL analysis was approximately 40% on
average. Further, the application of delays in software subjected to ML reduced
the detection time by approximately 10%. Finally, we found and discussed a
discrepancy between the detection accuracy offline (analysis after all traces
are collected) and on-the-fly (analysis in tandem with trace collection). Our
insights show that conventional ML and modern DL-based malware detectors in
isolation cannot meet the needs of efficient and effective malware detection:
high accuracy, low false positive rate, and short classification time.Comment: 17 pages, 7 figure
Recommended from our members
Security challenges and solutions for e-business
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated
Explainable Artificial Intelligence and Causal Inference based ATM Fraud Detection
Gaining the trust of customers and providing them empathy are very critical
in the financial domain. Frequent occurrence of fraudulent activities affects
these two factors. Hence, financial organizations and banks must take utmost
care to mitigate them. Among them, ATM fraudulent transaction is a common
problem faced by banks. There following are the critical challenges involved in
fraud datasets: the dataset is highly imbalanced, the fraud pattern is
changing, etc. Owing to the rarity of fraudulent activities, Fraud detection
can be formulated as either a binary classification problem or One class
classification (OCC). In this study, we handled these techniques on an ATM
transactions dataset collected from India. In binary classification, we
investigated the effectiveness of various over-sampling techniques, such as the
Synthetic Minority Oversampling Technique (SMOTE) and its variants, Generative
Adversarial Networks (GAN), to achieve oversampling. Further, we employed
various machine learning techniques viz., Naive Bayes (NB), Logistic Regression
(LR), Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF),
Gradient Boosting Tree (GBT), Multi-layer perceptron (MLP). GBT outperformed
the rest of the models by achieving 0.963 AUC, and DT stands second with 0.958
AUC. DT is the winner if the complexity and interpretability aspects are
considered. Among all the oversampling approaches, SMOTE and its variants were
observed to perform better. In OCC, IForest attained 0.959 CR, and OCSVM
secured second place with 0.947 CR. Further, we incorporated explainable
artificial intelligence (XAI) and causal inference (CI) in the fraud detection
framework and studied it through various analyses.Comment: 34 pages; 21 Figures; 8 Table
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
- ā¦