Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,...Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,virtual similarity detection,black and white lists,and machine learning(ML).However,phishing attempts remain a problem,and establishing an effective anti-phishing strategy is a work in progress.Furthermore,while most antiphishing solutions achieve the highest levels of accuracy on a given dataset,their methods suffer from an increased number of false positives.These methods are ineffective against zero-hour attacks.Phishing sites with a high False Positive Rate(FPR)are considered genuine because they can cause people to lose a lot ofmoney by visiting them.Feature selection is critical when developing phishing detection strategies.Good feature selection helps improve accuracy;however,duplicate features can also increase noise in the dataset and reduce the accuracy of the algorithm.Therefore,a combination of filter-based feature selection methods is proposed to detect phishing attacks,including constant feature removal,duplicate feature removal,quasi-feature removal,correlated feature removal,mutual information extraction,and Analysis of Variance(ANOVA)testing.The technique has been tested with differentMachine Learning classifiers:Random Forest,Artificial Neural Network(ANN),Ada-Boost,Extreme Gradient Boosting(XGBoost),Logistic Regression,Decision Trees,Gradient Boosting Classifiers,Support Vector Machine(SVM),and two types of ensemble models,stacking and majority voting to gain A low false positive rate is achieved.Stacked ensemble classifiers(gradient boosting,randomforest,support vector machine)achieve 1.31%FPR and 98.17%accuracy on Dataset 1,2.81%FPR and Dataset 3 shows 2.81%FPR and 97.61%accuracy,while Dataset 2 shows 3.47%FPR and 96.47%accuracy.展开更多
Cyber Attacks are critical and destructive to all industry sectors.They affect social engineering by allowing unapproved access to a Personal Computer(PC)that breaks the corrupted system and threatens humans.The defen...Cyber Attacks are critical and destructive to all industry sectors.They affect social engineering by allowing unapproved access to a Personal Computer(PC)that breaks the corrupted system and threatens humans.The defense of security requires understanding the nature of Cyber Attacks,so prevention becomes easy and accurate by acquiring sufficient knowledge about various features of Cyber Attacks.Cyber-Security proposes appropriate actions that can handle and block attacks.A phishing attack is one of the cybercrimes in which users follow a link to illegal websites that will persuade them to divulge their private information.One of the online security challenges is the enormous number of daily transactions done via phishing sites.As Cyber-Security have a priority for all organizations,Cyber-Security risks are considered part of an organization’s risk management process.This paper presents a survey of different modern machine-learning approaches that handle phishing problems and detect with high-quality accuracy different phishing attacks.A dataset consisting of more than 11000 websites from the Kaggle dataset was utilized and studying the effect of 30 website features and the resulting class label indicating whether or not it is a phishing website(1 or−1).Furthermore,we determined the confusion matrices of Machine Learning models:Neural Networks(NN),Na飗e Bayes,and Adaboost,and the results indicated that the accuracies achieved were 90.23%,92.97%,and 95.43%,respectively.展开更多
The data in the cloud is protected by various mechanisms to ensure security aspects and user’s privacy.But,deceptive attacks like phishing might obtain the user’s data and use it for malicious purposes.In Spite of m...The data in the cloud is protected by various mechanisms to ensure security aspects and user’s privacy.But,deceptive attacks like phishing might obtain the user’s data and use it for malicious purposes.In Spite of much techno-logical advancement,phishing acts as thefirst step in a series of attacks.With technological advancements,availability and access to the phishing kits has improved drastically,thus making it an ideal tool for the hackers to execute the attacks.The phishing cases indicate use of foreign characters to disguise the ori-ginal Uniform Resource Locator(URL),typosquatting the popular domain names,using reserved characters for re directions and multi-chain phishing.Such phishing URLs can be stored as a part of the document and uploaded in the cloud,providing a nudge to hackers in cloud storage.The cloud servers are becoming the trusted tool for executing these attacks.The prevailing software for blacklisting phishing URLs lacks the security for multi-level phishing and expects security from the client’s end(browser).At the same time,the avalanche effect and immut-ability of block-chain proves to be a strong source of security.Considering these trends in technology,a block-chain basedfiltering implementation for preserving the integrity of user data stored in the cloud is proposed.The proposed Phish Block detects the homographic phishing URLs with accuracy of 91%which assures the security in cloud storage.展开更多
基金financially supported by the Deanship of Scientific Research and Graduate Studies at King Khalid University under research grant number(R.G.P.2/21/46)in part by the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia,under Grant KFU253116.
文摘Today,phishing is an online attack designed to obtain sensitive information such as credit card and bank account numbers,passwords,and usernames.We can find several anti-phishing solutions,such as heuristic detection,virtual similarity detection,black and white lists,and machine learning(ML).However,phishing attempts remain a problem,and establishing an effective anti-phishing strategy is a work in progress.Furthermore,while most antiphishing solutions achieve the highest levels of accuracy on a given dataset,their methods suffer from an increased number of false positives.These methods are ineffective against zero-hour attacks.Phishing sites with a high False Positive Rate(FPR)are considered genuine because they can cause people to lose a lot ofmoney by visiting them.Feature selection is critical when developing phishing detection strategies.Good feature selection helps improve accuracy;however,duplicate features can also increase noise in the dataset and reduce the accuracy of the algorithm.Therefore,a combination of filter-based feature selection methods is proposed to detect phishing attacks,including constant feature removal,duplicate feature removal,quasi-feature removal,correlated feature removal,mutual information extraction,and Analysis of Variance(ANOVA)testing.The technique has been tested with differentMachine Learning classifiers:Random Forest,Artificial Neural Network(ANN),Ada-Boost,Extreme Gradient Boosting(XGBoost),Logistic Regression,Decision Trees,Gradient Boosting Classifiers,Support Vector Machine(SVM),and two types of ensemble models,stacking and majority voting to gain A low false positive rate is achieved.Stacked ensemble classifiers(gradient boosting,randomforest,support vector machine)achieve 1.31%FPR and 98.17%accuracy on Dataset 1,2.81%FPR and Dataset 3 shows 2.81%FPR and 97.61%accuracy,while Dataset 2 shows 3.47%FPR and 96.47%accuracy.
文摘Cyber Attacks are critical and destructive to all industry sectors.They affect social engineering by allowing unapproved access to a Personal Computer(PC)that breaks the corrupted system and threatens humans.The defense of security requires understanding the nature of Cyber Attacks,so prevention becomes easy and accurate by acquiring sufficient knowledge about various features of Cyber Attacks.Cyber-Security proposes appropriate actions that can handle and block attacks.A phishing attack is one of the cybercrimes in which users follow a link to illegal websites that will persuade them to divulge their private information.One of the online security challenges is the enormous number of daily transactions done via phishing sites.As Cyber-Security have a priority for all organizations,Cyber-Security risks are considered part of an organization’s risk management process.This paper presents a survey of different modern machine-learning approaches that handle phishing problems and detect with high-quality accuracy different phishing attacks.A dataset consisting of more than 11000 websites from the Kaggle dataset was utilized and studying the effect of 30 website features and the resulting class label indicating whether or not it is a phishing website(1 or−1).Furthermore,we determined the confusion matrices of Machine Learning models:Neural Networks(NN),Na飗e Bayes,and Adaboost,and the results indicated that the accuracies achieved were 90.23%,92.97%,and 95.43%,respectively.
文摘The data in the cloud is protected by various mechanisms to ensure security aspects and user’s privacy.But,deceptive attacks like phishing might obtain the user’s data and use it for malicious purposes.In Spite of much techno-logical advancement,phishing acts as thefirst step in a series of attacks.With technological advancements,availability and access to the phishing kits has improved drastically,thus making it an ideal tool for the hackers to execute the attacks.The phishing cases indicate use of foreign characters to disguise the ori-ginal Uniform Resource Locator(URL),typosquatting the popular domain names,using reserved characters for re directions and multi-chain phishing.Such phishing URLs can be stored as a part of the document and uploaded in the cloud,providing a nudge to hackers in cloud storage.The cloud servers are becoming the trusted tool for executing these attacks.The prevailing software for blacklisting phishing URLs lacks the security for multi-level phishing and expects security from the client’s end(browser).At the same time,the avalanche effect and immut-ability of block-chain proves to be a strong source of security.Considering these trends in technology,a block-chain basedfiltering implementation for preserving the integrity of user data stored in the cloud is proposed.The proposed Phish Block detects the homographic phishing URLs with accuracy of 91%which assures the security in cloud storage.
