Phishing detection and trackback mechanism

A Hamid, lsredza Rahmi (2015) Phishing detection and trackback mechanism. PhD thesis, Deakin University.

[img]
Preview
PDF
3177Kb

Abstract

Phishing attacks are one of the most prevalent forms of cybercrime worldwide. Cybercriminals use phishing for various illicit activities such as identity theft and fraud as well as installing malware on unsuspecting end user systems to gain access to the victims' systems. Phishing attacks have also been responsible for many sophisticated attacks perpetrated against financial institutions, government agencies, healthcare providers and businesses. In particular, email-born phishing attacks in which the phishers send fake emails pretending to be from a legitimate organization to extract sensitive information such as account numbers, passwords, or other personal information from victims or trick them into downloading malicious software embedded in documents or links have turned out to be a challenging problem. Although there exist many phishing email filtering approaches, email-born attacks continue unabated to plague Internet users and causing considerable economic losses worldwide. This calls for the development of effective countermeasures against email-born phishing attacks in order to safeguard critical infrastructures such as financial institutions. This is especially paramount as email is a critical communication medium for most organizations. Furthermore, with the widespread use of new technologies such as smart phones for emails and various Internet-based activities as well as social networks, phishing emails are more active than ever before and putting the average Internet users and organizations at risk of significant data, brand and financial losses. This thesis addresses phishing attacks problem with emphases on email-born phishing attack detection and prevention. Firstly, a hybrid feature selection approach for use in the detection of emailborn phishing attack is developed. The proposed method is based on the combination of content-based and behaviour-based approaches. The hybrid feature selection approach includes various attribute are extracted fi-om structural and behavioural components of the emails. Secondly, a new email-born phishing detection approach that is based on profiling and clustering techniques is developed. The phishing profiling algorithm takes into account various features present in the phishing emails as feature vectors and generate profiles based on clustering predictions. Following, we apply clustering techniques based on modified Two-Step clustering algorithm to generate the optimal number of clusters. Thirdly, a phishing trackback framework in order to find the origin of an attack either it is coming from the single or the collaborative attack is developed. First, the proposed phishing trackback framework grouped the phisher by using a clustering algorithm in email analyser phase. Then, similarity measurement is used in forensic backend to group the phisher into single or collaborative attack. Generally, the phisher may work alone or in groups. Typically, single attacker is hard to detect because they always changing their modus operandi. The proposed trackback Eramework is a simple solution to trace phisher and easy to implement where it allows automated detection of phishing email. Finally, we carried out extensive experimental analysis of the proposed approaches in order to evaluate their effectiveness in detection of emailborn phishing attacks on large datasets. Next, the sensitivity of the proposed approaches to various factors such as the type of features, number of split and misclassification issues are studied. The results of the experiments show that the proposed approaches are highly effective in the detection of email-born phishing attacks as well as in the identification of a group and origin of phisher.

Item Type:Thesis (PhD)
Subjects:Q Science > QA Mathematics > QA75 Calculating machines > QA75.5 Electronic computers. Computer science
ID Code:7882
Deposited By:En. Sharul Ahmad
Deposited On:12 Apr 2016 11:55
Last Modified:12 Apr 2016 11:55

Repository Staff Only: item control page