Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

The rise in phishing attacks via e-mail and short message service (SMS) has not slowed down at all. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine, demonstrating that CrowdCanary is superior to existing systems in both accuracy and volume of threat extraction. We also analyzed users who shared phishing threats by utilizing the extracted phishing URLs and categorized them into two distinct groups - namely, experts and non-experts. As a result, we found that CrowdCanary could collect information that is specifically included in non-expert reports, such as information shared only by the company brand name in the tweet, information about phishing attacks that we find only in the image of the tweet, and information about the landing page before the redirect

Analysis of commands of Telnet logs illegally connected to IoT devices

Mirai is an active malware that targets and poses constant threats to IoT devices. IoT malware penetrates IoT devices illegally, makes them download other malware such as bots, and infects them. Therefore, to improve the security of IoT devices, it is important to analyze the behaviors of IoT malware and take countermeasures. In this study, to analyze the behaviors of IoT malware after entering IoT devices and propose new security functions for operating systems to prevent activities such as IoT malware infection, we analyze Telnet logs collected by a honeypot of IoT devices. Thereafter, we report the analysis results regarding IoT malware input commands. The results show that many commands related to shell execution, file download, changing file permissions, and file transfer, are often executed by IoT malware

Acknowledgements

I would like to express my gratitude to my advisor Professor Tsutomu Matsumoto for leading my research. In addition, I am grateful to Associate professor Junji Shikata for beneficial advices. Also, I want to thank all the professors Seiichiro Kagei, Tomoharu Nagao and Tatsunori Mori for their useful comments. I would like to thank Mr. Naohiko Noguchi and other members of secure mobile development group of Panasonic Mobile Communications Co., Ltd. I would like to thank Mr. Noritake Okada and Mr. Satoshi Terasaki because they give me a wonderful opportunity to study as a doctorial cours

Pay the Piper: DDoS mitigation technique to deter financially-motivated attackers

Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.</p