Phishing (IEEE) (2014 Year in Review), Part 1

	Phishing (IEEE) (2014 Year in Review)  Part 1

This set of bibliographical references is about phishing.  All works cited here appeared in the IEEE library during 2014.  They are presented in two parts.

Gupta, S.; Kumaraguru, P., "Emerging Phishing Trends And Effectiveness Of The Anti-Phishing Landing Page," Electronic Crime Research (eCrime), 2014 APWG Symposium on, pp.36,47, 23-25 Sept. 2014. doi: 10.1109/ECRIME.2014.6963163 Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity which compels them to share their personal, financial information. Acquired sensitive information is then used for personal benefits, like, gain access to money of the individuals from whom the information was taken. Phishing costs Internet users billions of dollars every year. A recent report highlighted phishing loss of around $448 million to organizations in April 2014. Researchers at Carnegie Mellon University (CMU) created an anti-phishing landing page supported by Anti-Phishing Working Group (APWG) with the aim to train users on how to prevent themselves from phishing attacks. It is used by financial institutions, phish site take down vendors, government organizations, and online merchants. When a potential victim clicks on a phishing link that has been taken down, he / she is redirected to the landing page. In this paper, we present the comparative analysis on two datasets that we obtained from APWG's landing page log files; one, from September 7, 2008 - November 11, 2009, and other from January 1, 2014 - April 30, 2014. We found that the landing page has been successful in training users against phishing. Forty six percent users clicked lesser number of phishing URLs from January 2014 to April 2014 which shows that training from the landing page helped users not to fall for phishing attacks. Our analysis shows that phishers have started to modify their techniques by creating more legitimate looking URLs and buying large number of domains to increase their activity. We observed that phishers are exploiting Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrars to launch their attacks even after strict surveillance. We saw that phishers are trying to exploit free subdomain registration services to carry out attacks. In this paper, we also compared the phishing e-mails used by phishers to lure victims in 2- 08 and 2014. We found that the phishing e-mails have changed considerably over time. Phishers have adopted new techniques like sending promotional e-mails and emotionally targeting users in clicking phishing URLs.
Keywords: Internet; computer crime; trusted computing; unsolicited e-mail; ICANN accredited registrars; Internet; URLs; antiphishing landing page; free subdomain registration services; internet corporation for assigned names and numbers accredited registrars; phishing e-mails; phishing trends; trusted entity; Browsers; Electronic mail; IP networks; Internet; Organizations; Training; Uniform resource locators (ID#: 15-4489)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963163&isnumber=6963155

Husak, Martin; Cegan, Jakub, "PhiGARo: Automatic Phishing Detection and Incident Response Framework," Availability, Reliability and Security (ARES), 2014 Ninth International Conference on,  pp.295, 302, 8-12 Sept. 2014. doi: 10.1109/ARES.2014.46 We present a comprehensive framework for automatic phishing incident processing and work in progress concerning automatic phishing detection and reporting. Our work is based upon the automatic phishing incident processing tool PhiGARo which locates users responding to phishing attack attempts and prevents access to phishing sites from the protected network. Although PhiGARo processes the phishing incidents automatically, it depends on reports of phishing incidents from users. We propose a framework which introduces honey pots into the process in order to eliminate the reliance on user input. The honey pots are used to capture e-mails, automatically detect messages containing phishing and immediately transfer them to PhiGARo. There is a need to propagate e-mail addresses of a honey pot to attract phishers. We discuss approaches to the honey pot e-mail propagation and propose a further enhancement to using honey pots in response to phishing incidents. We propose providing phishers with false credentials, accounts and documents that will grant them access to other honey pot services. Tracing these honey tokens may lead us to the originators of the phishing attacks and help investigations into phishing incidents.
Keywords: Educational institutions; Electronic mail; IP networks; Monitoring; Security; Servers; Uniform resource locators; CSIRT; IPFIX; PhiGARo; honeypot; phishing (ID#: 15-4490)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980295&isnumber=6980232

Dewan, P.; Kashyap, A.; Kumaraguru, P., "Analyzing Social And Stylometric Features To Identify Spear Phishing Emails," Electronic Crime Research (eCrime), 2014 APWG Symposium on, pp.1,13, 23-25 Sept. 2014. doi: 10.1109/ECRIME.2014.6963160 Targeted social engineering attacks in the form of spear phishing emails, are often the main gimmick used by attackers to infiltrate organizational networks and implant state-of-the-art Advanced Persistent Threats (APTs). Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.
Keywords: computer crime; learning (artificial intelligence); organisational aspects; social networking (online);unsolicited e-mail; APT; LinkedIn profiles; Symantec enterprise e-mail scanning service; advanced persistent threats; attack emails; complex targeted attack; confidential information; contextual information; e-mail attachments; e-mail bodies; e-mail subjects; information gathering; international organization employees; labeled data; machine learning algorithms; normal phishing emails; online social media services; organizational network infiltration; overall maximum accuracy; publicly available information; social engineering attacks; social feature analysis; social feature extraction; spams; spear phishing e-mail identification; stylometric feature analysis; stylometric feature extraction; Accuracy; Feature extraction; LinkedIn; Media; Organizations; Unsolicited electronic mail (ID#: 15-4491)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6963160&isnumber=6963155

Longfei Wu; Xiaojiang Du; Jie Wu, "MobiFish: A Lightweight Anti-Phishing Scheme For Mobile Phones," Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, pp.1,8, 4-7 Aug. 2014. doi: 10.1109/ICCCN.2014.6911743 Recent years have witnessed the increasing threat of phishing attacks on mobile platforms. In fact, mobile phishing is more dangerous due to the limitations of mobile phones and mobile user habits. Existing schemes designed for phishing attacks on computers/laptops cannot effectively address phishing attacks on mobile devices. This paper presents MobiFish, a novel automated lightweight anti-phishing scheme for mobile platforms. MobiFish verifies the validity of web pages and applications (Apps) by comparing the actual identity to the identity claimed by the web pages and Apps. MobiFish has been implemented on the Nexus 4 smartphone running the Android 4.2 operating system. We experimentally evaluate the performance of MobiFish with 100 phishing URLs and corresponding legitimate URLs, as well as fake Facebook Apps. The result shows that MobiFish is very effective in detecting phishing attacks on mobile phones.
Keywords: Android (operating system);smart phones; Android 4.2 operating system; MobiFish; Nexus 4 smartphone; Web pages; automated lightweight antiphishing scheme; fake Facebook Apps; mobile devices; mobile phishing;mobile phones;mobile platforms; mobile user habits; phishing URL; phishing attacks; Browsers; HTML; Mobile communication; Mobile handsets; Optical character recognition software; Superluminescent diodes; Web pages; Android; Mobile phones; phishing attack; security (ID#: 15-4492)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911743&isnumber=6911704

Marchal, S.; Francois, J.; State, R.; Engel, T., "PhishStorm: Detecting Phishing with Streaming Analytics," Network and Service Management, IEEE Transactions on, vol. 11, no.4, pp.458,471, Dec. 2014. doi: 10.1109/TNSM.2014.2377295 Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due to the short lifetime of phishing Web sites, making recent approaches relying on real-time or proactive phishing URLs detection techniques more appropriate. In this paper we introduce PhishStorm, an automated phishing detection system that can analyse in real-time any URL in order to identify potential phishing sites. PhishStorm can interface with any email server or HTTP proxy. We argue that phishing URLs usually have few relationships between the part of the URL that must be registered (low level domain) and the remaining part of the URL (upper level domain, path, query). We show in this paper that experimental evidence supports this observation and can be used to detect phishing sites. For this purpose, we define the new concept of intra-URL relatedness and evaluate it using features extracted from words that compose a URL based on query data from Google and Yahoo search engines. These features are then used in machine learning based classification to detect phishing URLs from a real dataset. Our technique is assessed on 96,018 phishing and legitimate URLs that results in a correct classification rate of 94.91% with only 1.44% false positives. An extension for a URL phishingness rating system exhibiting high confidence rate (> 99%) is proposed. We discuss in the paper efficient implementation patterns that allow real time analytics using Big Data architectures like STORM and advanced data structures based on Bloom filter.
Keywords: Feature extraction; Google; Internet; Market research; Search engines; Uniform resource locators; Big Data; Machine Learning; Mining and Statistical Methods; Phishing Detection; STORM; Search Engine Query Data; Security Management; URL Rating; Word Relatedness (ID#: 15-4493)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6975177&isnumber=5699970

Luong Anh Tuan Nguyen; Ba Lam To; Huu Khuong Nguyen; Minh Hoang Nguyen, "A Novel Approach For Phishing Detection Using URL-Based Heuristic," Computing, Management and Telecommunications (ComManTel), 2014 International Conference on, pp.298, 303, 27-29 April 2014. doi: 10.1109/ComManTel.2014.6825621 Together with the growth of e-commerce transaction, Phishing - the act of stealing personal information - rises in quantity and quality. The phishers try to make fake-sites look similar to legitimate sites in terms of interface and uniform resource locator (URL) address. Therefore, the numbers of victim have been increasing due to inefficient methods using blacklist to detect phishing. This paper proposes a new phishing detection approach based on the features of URL. Specifically, the proposed method focuses on the similarity of phishing site's URL and legitimate site's URL. In addition, the ranking of site is also considered as an important factor to decide whether the site is a phishing site. The proposed technique is evaluated with a dataset of 11,660 phishing sites and 5,000 legitimate sites. The results show that the technique can detect over 97% phishing sites.
Keywords: Web sites; computer crime; electronic commerce; unsolicited e-mail; URL address; URL-based heuristic; e-commerce transaction; fake-sites; legitimate site URL; personal information stealing; phishing detection approach; phishing site URL; uniform resource locator address; Accuracy; Feature extraction; Google; Heuristic algorithms; Search engines; Testing; Training; Heuristic; Phishing; URL-Based (ID#: 15-4494)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825621&isnumber=6825559

Al-Daeef, M.M.; Basir, N.; Saudi, M.M., "A Method to Measure the Efficiency of Phishing Emails Detection Features," Information Science and Applications (ICISA), 2014 International Conference on, pp.1,5, 6-9 May 2014. doi: 10.1109/ICISA.2014.6847332 Phishing is a threat in which users are sent fake emails that urge them to click a link (URL) which takes to a phisher's website. At that site, users' accounts information could be lost. Many technical and non-technical solutions have been proposed to fight phishing attacks. To stop such attacks, it is important to select the correct feature(s) to detect phishing emails. Thus, the current work presents a new method to selecting more efficient feature in detecting phishing emails. Best features can be extracted from email's body (content) part. Keywords and URLs are known features that can be extracted from email's body part. These two features are very relevant to the three general aspects of email, these aspects are, email's sender, email's content, and email's receiver. In this work, three effectiveness criteria were derived based on these aspects of email. Such criteria were used to evaluate the efficiency of Keywords and URLs features in detecting phishing emails by measuring their Effectiveness Metric (EM) values. The experimental results obtained from analyzing more than 8000 ham (legitimate) and phishing emails from two different datasets show that, relying upon the URLs feature in detecting phishing emails will predominantly give more precise results than relying upon the keywords feature in a such task.
Keywords: Web sites; feature extraction; security of data; unsolicited e-mail; EM value; URL feature; effectiveness metric value; fake emails; feature extraction; phisher Web site; phishing attack; phishing emails detection feature; Data mining; Electronic mail; Feature extraction; Internet; Measurement; Receivers; Security (ID#: 15-4495)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6847332&isnumber=6847317

Mohammad, R.M.; Thabtah, F.; McCluskey, L., "Intelligent Rule-Based Phishing Websites classification," Information Security, IET , vol.8, no.3, pp.153,160, May 2014. doi: 10.1049/iet-ifs.2013.0202 Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the `induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.
Keywords: Web sites; data mining; data privacy; pattern classification; security of data; unsolicited e-mail; Web site echoing; Website class; antiphishing solutions; browser-based security indicators; creditable firm; intelligent rule-based phishing Web site classification; phishing attack prediction; rule-based data mining classification techniques; social security number; user private information (ID#: 15-4496)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6786863&isnumber=6786849

Holm, Hannes; Flores, Waldo Rocha; Nohlberg, Marcus; Ekstedt, Mathias, "An Empirical Investigation of the Effect of Target-Related Information in Phishing Attacks," Enterprise Distributed Object Computing Conference Workshops and Demonstrations (EDOCW), 2014 IEEE 18th International, pp.357,363, 1-2 Sept. 2014. doi: 10.1109/EDOCW.2014.59 Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.
Keywords: Context; Educational institutions; Electronic mail; Organizations; Security; Servers; Software; Social engineering; direct observations; experiments; phishing; security behavior (ID#: 15-4497)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6975383&isnumber=6975303

Ba Lam To; Luong Anh Tuan Nguyen; Huu Khuong Nguyen; Minh Hoang Nguyen, "A Novel Fuzzy Approach For Phishing Detection," Communications and Electronics (ICCE), 2014 IEEE Fifth International Conference on, pp.530,535, July 30 2014-Aug. 1 2014. doi: 10.1109/CCE.2014.6916759 Phishing is one of the luring techniques used by phishers in the intention of exploiting the personal information. Phishing website is a fake website that looks similar to legitimate site in terms of interface and uniform resource locator (URL) address. Therefore, the numbers of victim have been increasing due to inefficient methods using blacklist to detect phishing. This paper proposed a new technique that apply fuzzy logic based on the features of URL to detect phishing sites. The proposed technique was evaluated with the dataset of 11,660 phishing sites and 5,000 legitimate sites. The results show that the technique can detect over 98% phishing sites.
Keywords: Web sites; computer crime; fuzzy logic; fuzzy set theory; unsolicited e-mail; URL address; blacklist; dataset; fuzzy approach; fuzzy logic; interface address; legitimate site; luring techniques; personal information; phishing Web site; uniform resource locator address; Educational institutions; Pragmatics (ID#: 15-4498)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916759&isnumber=6916663

Roopak, S.; Thomas, T., "A Novel Phishing Page Detection Mechanism Using HTML Source Code Comparison and Cosine Similarity," Advances in Computing and Communications (ICACC), 2014 Fourth International Conference on, pp.167,170, 27-29 Aug. 2014. doi: 10.1109/ICACC.2014.47 Phishing is a social engineering technique used by hackers to steal information and sometimes money from online users. Phishing web sites are imitating sites of other legitimate web sites. Our aim is to detect the phishing pages and block it. In this paper, we propose a novel method for detecting phishing pages by searching the similar web pages through mining the web and compares them by matching the HTML source codes as well as computing the cosine similarity of their textual contents. We then developed a browser capable of detecting phishing pages. The browser is tested with more than 20 phishing sites from Phishtank.com with different tag match percentage and cosine similarity values. The results indicate that the detection rate of the proposed mechanism is high compared to the other existing methods.
Keywords: Web sites; computer crime; hypermedia markup languages; source code (software); HTML source code comparison;Phishtank.com; Web pages; Web sites; cosine similarity; hackers; information stealing; phishing page detection mechanism; social engineering technique; Browsers; Electronic mail; Google; HTML; IP networks; Web pages; cosine similarity; social engineering; web mining (ID#: 15-4499)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6906016&isnumber=6905967

Frauenstein, E.D.; von Solms, R., "Combatting Phishing: A Holistic Human Approach," Information Security for South Africa (ISSA), 2014, pp.1, 10, 13-14 Aug. 2014. doi: 10.1109/ISSA.2014.6950508 Phishing continues to remain a lucrative market for cyber criminals, mostly because of the vulnerable human element. Through emails and spoofed-websites, phishers exploit almost any opportunity using major events, considerable financial awards, fake warnings and the trusted reputation of established organizations, as a basis to gain their victims' trust. For many years, humans have often been referred to as the `weakest link' towards protecting information. To gain their victims' trust, phishers continue to use sophisticated looking emails and spoofed websites to trick them, and rely on their victims' lack of knowledge, lax security behavior and organizations' inadequate security measures towards protecting itself and their clients. As such, phishing security controls and vulnerabilities can arguably be classified into three main elements namely human factors (H), organizational aspects (O) and technological controls (T). All three of these elements have the common feature of human involvement and as such, security gaps are inevitable. Each element also functions as both security control and security vulnerability. A holistic framework towards combatting phishing is required whereby the human feature in all three of these elements is enhanced by means of a security education, training and awareness programme. This paper discusses the educational factors required to form part of a holistic framework, addressing the HOT elements as well as the relationships between these elements towards combatting phishing. The development of this framework uses the principles of design science to ensure that it is developed with rigor. Furthermore, this paper reports on the verification of the framework.
Keywords: computer crime; computer science education; human factors; organisational aspects; unsolicited e-mail; HOT elements; ails; awareness programme; cyber criminals; design science principles; educational factors; fake warnings; financial awards; holistic human approach; human factors ;lax security behavior; organizational aspects; phishing security controls; security education; security gaps; security training; security vulnerability; spoofed-Web sites; technological controls; trusted reputation; ISO; Lead; Security; Training; COBIT; agency theory; human factors; organizational aspects; phishing; security education training and awareness; social engineering; technological controls; technology acceptance model (ID#: 15-4450)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6950508&isnumber=6950479

Abraham, Dona; Raj, Nisha S, "Approximate String Matching Algorithm For Phishing Detection," Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, pp.2285,2290, 24-27 Sept. 2014. doi: 10.1109/ICACCI.2014.6968578 Phishing is an act of stealing personal and sensitive user information through internet and using it for financial transactions. The goal of phishers is to carry out fraudulent transactions on behalf of the victims by using the information stealed from them. Availing the services of internet has become a dangerous task to the common people with these kinds of attacks. Many methods have been developed to fight against phishing attacks. But, as the attacker uses more sophisticated techniques each method fails to perform well in detecting the attacks. Here we propose a string matching method for detecting phishing attacks, which determines the degree of similarity a URL is having with the blacklisted URLs. Thus based on the textual properties of a URL it can be classified as phishing or non-phishing. Two string matching algorithms i.e. Longest Common Subsequence (LCS) and Edit Distance are used in the hostname comparison. The accuracy rate obtained for LCS is 99.1% and for Edit Distance it is 99.5%.
Keywords: Accuracy; Electronic mail ;Feature extraction; IP networks; Internet; Training; Uniform resource locators; Approximate String matching; Blacklist; Edit Distance; Longest Common Subsequence(LCS); Phishing Attacks (ID#: 15-4451)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6968578&isnumber=6968191

Park, Gilchan; Stuart, Lauren M.; Taylor, Julia M.; Raskin, Victor, "Comparing Machine And Human Ability To Detect Phishing Emails," Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on, pp.2322,2327, 5-8 Oct. 2014. doi: 10.1109/SMC.2014.6974273 This paper compares the results of computer and human efforts to determine whether an email is legitimate or a phishing attempt. For this purpose, we have run two series of experiments, one for the computer and the other for human subjects. Both experiments addressed the same corpora, one of phishing emails, and the other of legitimate ones. Both the computer and human subjects were asked to detect which emails were phishing and which were legitimate. The results are interesting, both separately and in comparison. Even at this limited, non-semantic state of computation, they indicate that human and computer competences should complement each other, and that, of course, will lead to the integration of human-accessible semantics into computation.
Keywords: Conferences; Cybernetics; computer phishing detection; human phishing detection; human-computer collaboration; maximization of human and computer cognitive capacities in collaboration; semanticalization (ID#: 15-4452)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6974273&isnumber=6973862

Fatt, Jeffrey Choo Soon; Leng, Chiew Kang; Nah, Sze San, "Phishdentity: Leverage Website Favicon to Offset Polymorphic Phishing Website," Availability, Reliability and Security (ARES), 2014 Ninth International Conference onpp.114,119, 8-12 Sept. 2014. doi: 10.1109/ARES.2014.21 Phishing attacks involve the use of fuzzy techniques to create polymorphic phishing web pages to give the impression of legitimate websites. Many websites are subject to the threat of phishing, including financial, social networks, tourism, e-commerce etc. For example, phishers are particularly fond of travel-related services by imitating as trip consultant, airline reservation, hotel booking etc. However, the targeted legitimate websites still maintain the webpage appearance visually similar to the original. In this paper, we propose an approach which is based on the website favicon to find the identity of a website and use it to evaluate the genuineness of a website. This approach utilizes Google search-by-image API to return the search results pages. Then, we perform latent semantic analysis based on the search results pages. We collected 1,000 webpages to verify the effectiveness of this approach. The results show that our proposed method achieved 97.2% true positive with only 5.4% false positive.
Keywords: Browsers; Feature extraction; Google; Search engines; Superluminescent diodes; Uniform resource locators; Visualization; Google search; favicon; latent semantic analysis; phishing detection; phishing website identity (ID#: 15-4453)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6980270&isnumber=6980232

Biedermann, S.; Ruppenthal, T.; Katzenbeisser, S., "Data-centric Phishing Detection Based On Transparent Virtualization Technologies," Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on, pp.215,223, 23-24 July 2014. doi: 10.1109/PST.2014.6890942 We propose a novel phishing detection architecture based on transparent virtualization technologies and isolation of the own components. The architecture can be deployed as a security extension for virtual machines (VMs) running in the cloud. It uses fine-grained VM introspection (VMI) to extract, filter and scale a color-based fingerprint of web pages which are processed by a browser from the VM's memory. By analyzing the human perceptual similarity between the fingerprints, the architecture can reveal and mitigate phishing attacks which are based on redirection to spoofed web pages and it can also detect “Man-in-the-Browser” (MitB) attacks. To the best of our knowledge, the architecture is the first anti-phishing solution leveraging virtualization technologies. We explain details about the design and the implementation and we show results of an evaluation with real-world data.
Keywords: Web sites; cloud computing; computer crime; online front-ends; virtual machines; virtualisation; MitB attack; VM introspection; VMI; antiphishing solution; cloud; color-based fingerprint extraction; color-based fingerprint filtering; color-based fingerprint scaling; component isolation; data-centric phishing detection; human perceptual similarity; man-in-the-browser attack; phishing attacks; spoofed Web pages; transparent virtualization technologies; virtual machines; Browsers; Computer architecture; Data mining; Detectors; Image color analysis; Malware; Web pages (ID#: 15-4454)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6890942&isnumber=6890911

Barraclough, P.A.; Sexton, G.; Hossain, M.A.; Aslam, N., "Intelligent Phishing Detection Parameter Framework For E-Banking Transactions Based on Neuro-fuzzy," Science and Information Conference (SAI), 2014, pp.545,555, 27-29 Aug. 2014. doi: 10.1109/SAI.2014.6918240 Phishing attacks have become more sophisticated in web-based transactions. As a result, various solutions have been developed to tackle the problem. Such solutions including feature-based and blacklist-based approaches applying machine learning algorithms. However there is still a lack of accuracy and real-time solution. Most machine learning algorithms are parameter driven, but the parameters are difficult to tune to a desirable output. In line with Jiang and Ma's findings, this study presents a parameter tuning framework, using Neuron-fuzzy system with comprehensive features in order to maximize systems performance. The neuron-fuzzy system was chosen because it has ability to generate fuzzy rules by given features and to learn new features. Extensive experiments were conducted, using different feature-sets, two cross-validation methods, a hybrid method and different parameters and achieved 98.4% accuracy. Our results demonstrated a high performance compared to other results in the field. As a contribution, we introduced a novel parameter tuning framework based on a neuron-fuzzy with six feature-sets and identified different numbers of membership functions different number of epochs, different sizes of feature-sets on a single platform. Parameter tuning based on neuron-fuzzy system with comprehensive features can enhance system performance in realtime. The outcome will provide guidance to the researchers who are using similar techniques in the field. It will decrease difficulties and increase confidence in the process of tuning parameters on a given problem.
Keywords: Internet; banking; fuzzy neural nets; learning (artificial intelligence);security of data; Web-based transactions; blacklist-based approach; e-banking transactions; feature-based approach; intelligent phishing detection parameter framework; machine learning algorithms; membership functions; neuron-fuzzy system; novel parameter tuning framework; Accuracy; Error analysis; Feature extraction; Fuzzy logic; Training; Tuning; FIS; Intelligent phishing detection; fuzzy inference system; neuro-fuzzy (ID#: 15-4455)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6918240&isnumber=6918164

Kearney, W.D.; Kruger, H.A., "Considering the Influence Of Human Trust In Practical Social Engineering Exercises," Information Security for South Africa (ISSA), 2014, pp.1, 6, 13-14 Aug. 2014. doi: 10.1109/ISSA.2014.6950509 There are numerous technical advances in the field of information security. However, the application of information security technologies alone is often not sufficient to address security issues. Human factors play an increasing role in securing computer assets and are often detrimental to the security of an organisation. One of the salient aspects of security, which is linked to humans, is trust. It is safe to assume that trust will play an important role in any information security environment and may influence security behaviour significantly. In this paper the results of a practical phishing exercise and a trust survey are considered. The research project is part of a larger project and the phishing exercise is a follow-up to an earlier first practical phishing test. Results of the phishing test are compared with the first exercise. In addition, the newly obtained trust information from the survey is also incorporated into the report in order to try and explain security behaviour. The research was performed at a large organisation. Results indicate that although there is a general high level of trust in the organisation's ability to provide safe and secure information systems, a large number of staff was still victim to a simple phishing exercise. A possible explanation, which opens up further avenues for research, is offered.
Keywords: computer crime; human factors; human factors; human trust; information security technologies; phishing; secure information systems; social engineering; Information security; Online banking; Reliability; Information security; Phishing; Social engineering; Trust (ID#: 15-4456)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6950509&isnumber=6950479

Podins, K.; Skujina, I.; Teivans, V., "Low-cost Active Cyber Defence," Cyber Conflict (CyCon 2014), 2014 6th International Conference On, pp.1,16, 3-6 June 2014. doi: 10.1109/CYCON.2014.6916412 The authors of this paper investigated relatively simple active strategies against selected popular cyber threat vectors. When cyber attacks are analysed for their severity and occurrence, many incidents are usually classified as minor, e.g. span or phishing. We are interested in the various types of low-end cyber incidents (as opposed to high-end states-ponsored incidents and advanced persistent threats) for two reasons: (1) being the least complicated incidents, we expect to find simple active response strategies; (2) being the most common incidents, fighting them will most effectively make cyberspace more secure. We present a literature review encompassing results from academia and practitioners, and describe a previously unpublished hands-on effort to actively hinder phishing incidents. Before that, we take a look at several published definitions of active cyber defence, and identify some contradictions between them. So far we have identified active strategies for the following cyber threats: (1) Nigerian letters - keep up conversation by an artificial intelligence (Al) text analyser and generator; (2) spar - traffic generation for advertised domains; (3) phishing - upload of fake credentials and/or special monitored sandboxed accounts; (4) information collection botnets - fake data (credit card, credentials etc.) upload. The authors analysed the proposed strategies from the security economics point of view to determine why and how these strategies might be effective. We also discuss the legal aspects of the proposed strategies.
Keywords: economics; law; security of data; Nigerian letters; active response strategy; cyber attacks; cyber threat vectors; cyberspace; information collection botnets; legal aspects; low-cost active cyber defence; low-end cyber incidents; phishing; phishing incidents; security economics point-of-view; spar; Artificial intelligence; Cyberspace; Economics; Electronic mail; Employment; Security; US Department of Defense; Nigerian letters; active cyber defence;botnet;cyber crime; phishing; security economics; spam (ID#: 15-4457)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6916412&isnumber=6916383

Zawoad, Shams; Hasan, Ragib; Haque, Md Munirul; Warner, Gary, "CURLA: Cloud-Based Spam URL Analyzer for Very Large Datasets," Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, pp.729, 736, June 27 2014-July 2 2014. doi: 10.1109/CLOUD.2014.102 URL blacklisting is a widely used technique for blocking phishing websites. To prepare an effective blacklist, it is necessary to analyze possible threats and include the identified malicious sites in the blacklist. Spam emails are good source for acquiring suspected phishing websites. However, the number of URLs gathered from spam emails is quite large. Fetching and analyzing the content of this large number of websites are very expensive tasks given limited computing and storage resources. Moreover, a high percentage of URLs extracted from spam emails refer to the same website. Hence, preserving the contents of all the websites causes significant storage waste. To solve the problem of massive computing and storage resource requirements, we propose and develop CURLA - a Cloud-based spam URL Analyzer, built on top of Amazon Elastic Computer Cloud (EC2) and Amazon Simple Queue Service (SQS). CURLA allows processing large number of spam-based URLs in parallel, which reduces the cost of establishing equally capable local infrastructure. Our system builds a database of unique spam-based URLs and accumulates the content of these unique websites in a central repository, which can be later used for phishing or other counterfeit websites detection. We show the effectiveness of our proposed architecture using real-life spam-based URL data.
Keywords: Cloud computing; Databases; Electronic mail; Parallel processing; Queueing analysis; Uniform resource locators; Cloud; Parallel Architecture; Phishing; Spam URL (ID#: 15-4458)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6973808&isnumber=6973706

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.