Phishing detection and trackback mechanism
Phishing attacks are one of the most prevalent forms of cybercrime worldwide. Cybercriminals use phishing for various illicit activities such as identity theft and fraud as well as installing malware on unsuspecting end user systems to gain access to the victims' systems. Phishing attacks have...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/7882/ http://eprints.uthm.edu.my/7882/1/isredza_rahmi_a_hamid.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Phishing attacks are one of the most prevalent forms of cybercrime worldwide.
Cybercriminals use phishing for various illicit activities such as identity theft and fraud
as well as installing malware on unsuspecting end user systems to gain access to the
victims' systems. Phishing attacks have also been responsible for many sophisticated
attacks perpetrated against financial institutions, government agencies, healthcare
providers and businesses. In particular, email-born phishing attacks in which the
phishers send fake emails pretending to be from a legitimate organization to extract
sensitive information such as account numbers, passwords, or other personal
information from victims or trick them into downloading malicious software embedded
in documents or links have turned out to be a challenging problem. Although there exist
many phishing email filtering approaches, email-born attacks continue unabated to
plague Internet users and causing considerable economic losses worldwide. This calls
for the development of effective countermeasures against email-born phishing attacks in
order to safeguard critical infrastructures such as financial institutions. This is especially
paramount as email is a critical communication medium for most organizations.
Furthermore, with the widespread use of new technologies such as smart phones for
emails and various Internet-based activities as well as social networks, phishing emails
are more active than ever before and putting the average Internet users and
organizations at risk of significant data, brand and financial losses. This thesis addresses
phishing attacks problem with emphases on email-born phishing attack detection and
prevention. Firstly, a hybrid feature selection approach for use in the detection of emailborn
phishing attack is developed. The proposed method is based on the combination of
content-based and behaviour-based approaches. The hybrid feature selection approach
includes various attribute are extracted fi-om structural and behavioural components of
the emails. Secondly, a new email-born phishing detection approach that is based on
profiling and clustering techniques is developed. The phishing profiling algorithm takes
into account various features present in the phishing emails as feature vectors and
generate profiles based on clustering predictions. Following, we apply clustering
techniques based on modified Two-Step clustering algorithm to generate the optimal
number of clusters. Thirdly, a phishing trackback framework in order to find the origin
of an attack either it is coming from the single or the collaborative attack is developed.
First, the proposed phishing trackback framework grouped the phisher by using a
clustering algorithm in email analyser phase. Then, similarity measurement is used in
forensic backend to group the phisher into single or collaborative attack. Generally, the
phisher may work alone or in groups. Typically, single attacker is hard to detect because
they always changing their modus operandi. The proposed trackback Eramework is a
simple solution to trace phisher and easy to implement where it allows automated
detection of phishing email. Finally, we carried out extensive experimental analysis of
the proposed approaches in order to evaluate their effectiveness in detection of emailborn
phishing attacks on large datasets. Next, the sensitivity of the proposed approaches
to various factors such as the type of features, number of split and misclassification
issues are studied. The results of the experiments show that the proposed approaches are
highly effective in the detection of email-born phishing attacks as well as in the
identification of a group and origin of phisher. |
|---|