Performance Assessment of some Phishing predictive models based on Minimal Feature corpus

Phishing is currently one of the severest cybersecurity challenges facing the emerging online community. With damages running into millions of dollars in financial and brand losses, the sad tale of phishing activities continues unabated. This led to an arms race between the con artists and online security community which demand a constant investigation to win the cyberwar. In this paper, a new approach to phishing is investigated based on the concept of minimal feature set on some selected remarkable machine learning algorithms. The goal of this is to select and determine the most efficient machine learning methodology without undue high computational requirement usually occasioned by non-minimal feature corpus. Using the frequency analysis approach, a 13-dimensional feature set consisting of 85% URL-based feature category and 15% non-URL-based feature category was generated. This is because the URL-based features are observed to be more regularly exploited by phishers in most zero-day attacks. The proposed minimal feature set is then trained on a number of classifiers consisting of Random Tree, Decision Tree, Artificial Neural Network, Support Vector Machine and Naïve Bayes. Using 10 fold-cross validation, the approach was experimented and evaluated with a dataset consisting of 10000 phishing instances. The results indicate that Random Tree outperforms other classifiers with significant accuracy of 96.1% and a Receiver’s Operating Curve (ROC) value of 98.7%. Thus, the approach provides the performance metrics of various state of art machine learning approaches popular with phishing detection which can stimulate further deeper research work in the evaluation of other ML techniques with the minimal feature set approach

Adaptive neuro-fuzzy system for malware detection

Malware, which are computer programs designed to infiltrate and disrupt computing operations, is one of the security challenges faced by Internet users. Most malware detection techniques such as signature-based, specification-based and  static-based are faced with high false positive, low accuracy and inability to detect both zero day and polymorphic malware. In this research work, an Adaptive Neuro Fuzzy System for Malware Detection (ANFSMD) was proposed to address these problems. ANFSMD utilizes both the Application Programming Interface (API) calls and operation codes to study the behaviour of Portable Executable (PE) files. The PE files were disassembled into low-level codes and the identified features were grouped for efficient detection. Five features, selected using weighted average, were used for the fuzzification. Using a bell membership function, 243 rules were generated for predicting the behaviours of the PE files. A normalization technique was used to combine the various fuzzy sets into one. Back propagation algorithm was used for the training and the resulting errors from outputs were used to dynamically modify inputs for improved outcomes. The implementation of ANFSMD was carried out using Java Programming Language, Interactive Disassembler and Matlab because of their supports for implementation of micro-programs. A total of 20,750 malware programs from VX Heaven public dataset and 15,000 clean files from Filehippo were used for the evaluation. The result showed that Adaptive Neuro-Fuzzy Inference System (ANFIS) has a detection rate of 97.96%, Naïve Bayes has detection rate of 93.88%, Random Forest has 84.78% and Support Vector Machine has 92.87. The proposed method was also compared with a Control Flow Graph (CFG), which is one of the best existing techniques that adopted the use of API calls. The evaluation showed that the detection rate, false positive rate and overall accuracy for CFG were 93.9%, 9.3% and 92.4%, while the proposed method achieved 98%, 3.9% and 97% respectively. These results showed that ANFSMD can be deployed for efficient detection of all categories of malware.Keywords: Malware, API, N-grams, ANFIS, Features extraction

A partition enhanced mining algorithm for distributed association rule mining systems

The extraction of patterns and rules from large distributed databases through existing Distributed Association Rule Mining (DARM) systems is still faced with enormous challenges such as high response times, high communication costs and inability to adapt to the constantly changing databases. In this work, a Partition Enhanced Mining Algorithm (PEMA) is presented to address these problems. In PEMA, the Association Rule Mining Coordinating Agent receives a request and decides the appropriate data sites, partitioning strategy and mining agents to use. The mining process is divided into two stages. In the first stage, the data agents horizontally segment the databases with small average transaction length into relatively smaller partitions based on the number of available sites and the available memory. On the other hand, databases with relatively large average transaction length were vertically partitioned. After this, Mobile Agent-Based Association Rule Mining-Agents, which are the mining agents, carry out the discovery of the local frequent itemsets. At the second stage, the local frequent itemsets were incrementally integrated by the from one data site to another to get the global frequent itemsets. This reduced the response time and communication cost in the system. Results from experiments conducted on real datasets showed that the average response time of PEMA showed an improvement over existing algorithms. Similarly, PEMA incurred lower communication costs with average size of messages exchanged lower when compared with benchmark DARM systems. This result showed that PEMA could be efficiently deployed for efficient discovery of valuable knowledge in distributed databases

An ontology-based intrusion patterns classification system

Studies have shown that computer intrusions have been on the increase in recent times. Many techniques and patterns are being used by intruders to gain access to data on host computer networks. In this work, intrusion patterns were identified and classified and inherent knowledge were represented using an ontology of intrusion patterns. Pattern classification was based on the categories of known intrusions (attacks). Four basic intrusion patterns classification were identified; Input  Validation, Force browsing, Buffer Overflow and Parameter tampering intrusion patterns. An ontology-based intrusion pattern classifications system (OPC) was proposed and developed to classify, represent and model the inherent knowledge in the identified intrusion patterns using semantic web technologies. The OPC was integrated into an IDS and deployed in a campus network to monitor, classify and detects intrusion patterns in 2,419,200 seconds computer time. A total of 57465 packets were observed to have made attempt to use the network, of these numbers, 2770 (4.8%) packets were observed to be intrusions and therefore were dropped by the OPC via different protocols (TCP & UDP). A change in network protocols affects the rate of dropped packets and helps in patterns classification. Results show that ontology helps in knowledge representation and classification of intrusion patterns compare to other methods of intrusion patterns recognitions.Keywords: IDS, Onto-intrusion classifier, OWL, Pattern recognition, Semantic We

Phishing the cyberspace: a taxonomic review of a decade-long cyber-pandemic

Phishing attacks is one of the severest cyber-attacks in which both experienced and naYve online users experienced every time It is one attack that open doors for other attacks such as ransomware where critical online assets can come under serious threats. To mitigate the adverse effects of phishing, various countermeasures have been provided by security communities and research institutions. How-ever, the situation has led to an arms race between the phishers and the security solutions thereby necessitating a constant review of existing solutions in the face of newer attack. In this paper, a review of different anti-phishing solutions is dis-cussed from different taxonomy of anti-phishing solutions. The review also provides for open issues that need attention from security communities to reduce the vulnerable gap available for phishers to exploit in current solutions

A proposed distributed anti-phishing framework for mitigating cyber-attacks in smart environments

Smart environments are currently gaining adoption worldwide for driving most indoor and outdoor services. From smart devices such as TV to smart homes, da-ta are generated from digital-based activities and communication in the environment. However, the incidence of phishing is gradually becoming a key concern in such an environment where sensitive data from such smart spaces are being fraudulently obtained for malicious purpose. This concern is huge as most users are still naive of this smart technology. The proposed approach in this paper provides a lightweight minimal URL-based anti-phishing scheme. The proposed framework is executed as a distributed module within a typical IoT architectural model to prevent single point of a failure. Besides, the scheme uses elliptic curve digital signature for privacy-preserving attributes of the entities in the communication chain. Hence, the approach meets the basic requirements for efficient se-cure framework in smart environment where consideration for core functionality must be preserved within the constrained communication channel and energy consumption

Towards detecting credit card frauds using Hidden Markov Model

E-commerce systems have become increasingly popular due to the widespread of internet shopping and banking. Credit card is one of the mostly used forms of payment on e-commerce platforms. However, there has been a tremendous rise in fraudulent credit card transactions, resulting to huge financial losses. In this work, a Hidden Markov Model (HMM) is proposed to design a credit card fraud detection system. Each HMM specifies the likelihood of a transaction given its sequence of previous transactions. This model is driven by a combination of K-Means and Baum Welch algorithms. A clustering process, obtained by the K-Means algorithm groups each transaction based on users’ spending profiles, where each cluster is used for different hidden states of the model. Subsequently, the Baum Welch algorithm generates a trained set of observations and calculates the probability of acceptance, which is used to detect if a current transaction is fraudulent or legitimate. This approach was implemented using PHP and was tested with a simulated dataset. Four performance metrics were used on the model which includes a Fraud Detection Rate (FDR), False Alarm Rate (FAR), Accuracy (A) and Sensitivity (S). The experimental results gave a high level of FDR and a low level of FAR, indicating that the proposed Hidden Markov Model is an effective approach for detecting credit card frauds.Keywords: Credit card, Fraud, E-commerce, Hidden Markov Model, K-Means algorithm, Baum Welch algorith

An empirical evaluation of security tips in phishing prevention: A case study of nigerian banks

To shield users from phishing scams, various online brands send security tips as email, SMS and online posts to their customers. This paper presents the first empirical evidence about the effectiveness of the security tips in phishing prevention from customers' perspective in Nigerian financial sector. We developed anti-phishing questionnaire which captured the basic essence of most security tips messages and formulate two hypotheses. We then test our hypotheses using an experimental method with 247 participants. The experimental method was divided into a Pretest which evaluates our first hypothesis and a Posttest which evaluates our second hypothesis. The results illustrate that most customers do not understand the security tips at statistical confidence interval of 95% using the Mann Whitney Test