Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware. We demonstrate the practicality of our system with a prototype implementation.

Phoolproof Phishing Prevention

As a crime of employing technical means to steal sensitive information of users, phishing is currently a critical threat facing the Internet, and losses due to phishing are growing steadily. Feature engineering is important in phishing website detection solutions, but the accuracy of detection critically depends on prior knowledge of features. Moreover, although features extracted from different dimensions are more comprehensive, a drawback is that extracting these features requires a large amount of time. To address these limitations, we propose a multidimensional feature phishing detection approach based on a fast detection method by using deep learning. In the first step, character sequence features of the given URL are extracted and used for quick classification by deep learning, and this step does not require third-party assistance or any prior knowledge about phishing. In the second step, we combine URL statistical features, webpage code features, webpage text features, and the quick classification result of deep learning into multidimensional features. The approach can reduce the detection time for setting a threshold. Testing on a dataset containing millions of phishing URLs and legitimate URLs, the accuracy reaches 98.99%, and the false positive rate is only 0.59%. By reasonably adjusting the threshold, the experimental results show that the detection efficiency can be improved.

Phishing Website Detection Based on Multidimensional Features Driven by Deep Learning

Detecting Internet of Things attacks using distributed deep learning

In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client's sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.

/pdf/a-comprehensive-survey-of-ai-enabled-phishing-attacks-5aqyiuid5u.pdf

A comprehensive survey of AI-enabled phishing attacks detection techniques.

Front-line remote sensing tools, coupled with machine learning (ML), have a significant role in crop monitoring and disease surveillance. Crop type classification and a disease early warning system are some of these remote sensing applications that provide precise, timely, and cost-effective information at different spatial, temporal, and spectral resolutions. To our knowledge, most disease surveillance systems focus on a single-sensor based solutions and lagging the integration of multiple information sources. Moreover, monitoring larger landscapes using unmanned aerial vehicles (UAV) are challenging, and, therefore combining high resolution satellite imagery data with advanced machine learning (ML) models through the use of mobile apps could help detect and classify banana plants and provide more information on its overall health status. In this study, we classified banana under mixed-complex African landscapes through pixel-based classifications and ML models derived from multi-level satellite images (Sentinel 2, PlanetScope and WorldView-2) and UAV (MicaSense RedEdge) platforms. Our pixel-based classification from random forest (RF) model using combined features of vegetation indices (VIs) and principal component analysis (PCA) showed up to 97% overall accuracy (OA) with less than 10% omission and commission errors (OE and CE) and Kappa coefficient of 0.96 in high resolution multispectral images. We used UAV-RGB aerial images from DR Congo and Republic of Benin fields to develop a mixed-model system combining object detection model (RetinaNet) and a custom classifier for simultaneous banana localization and disease classification. Their accuracies were tested using different performance metrics. Our UAV-RGB mixed-model revealed that the developed object detection and classification model successfully classified healthy and diseased plants with 99.4%, 92.8%, 93.3% and 90.8% accuracy for the four classes: banana bunchy top disease (BBTD), Xanthomonas Wilt of Banana (BXW), healthy banana cluster and individual banana plants, respectively. These approaches of aerial image-based ML models have high potential to provide a decision support system for major banana diseases in Africa.

Detection of banana plants and their major diseases through aerial images and machine learning methods: A case study in DR Congo and Republic of Benin

Social networks have become one of the most popular platforms for users to interact with each other. Given the huge amount of sensitive data available in social network platforms, user privacy protection on social networks has become one of the most urgent research issues. As a traditional information stealing technique, phishing attacks still work in their way to cause a lot of privacy violation incidents. In a Web-based phishing attack, an attacker sets up scam Web pages (pretending to be an important Website such as a social network portal) to lure users to input their private information, such as passwords, social security numbers, credit card numbers, and so on. In fact, the appearance of Web pages is among the most important factors in deceiving users, and thus, the similarity among Web pages is a critical metric for detecting phishing Websites. In this paper, we present a new solution, called Phishing-Alarm, to detect phishing attacks using features that are hard to evade by attackers. In particular, we present an algorithm to quantify the suspiciousness ratings of Web pages based on the similarity of visual appearance between the Web pages. Since cascading style sheet (CSS) is the technique to specify page layout across browser implementations, our approach uses CSS as the basis to accurately quantify the visual similarity of each page element. As page elements do not have the same influence to pages, we base our rating method on weighted page-component similarity. We prototyped our approach in the Google Chrome browser. Our large-scale evaluation using real-world websites shows the effectiveness of our approach. The proof of concept implementation verifies the correctness and accuracy of our approach with a relatively low performance overhead.

Phishing-Alarm: Robust and Efficient Phishing Detection via Page Component Similarity

The web technology has become the cornerstone of a wide range of platforms, such as mobile services and smart Internet-of-things (IoT) systems. In such platforms, users’ data are aggregated to a cloud-based platform, where web applications are used as a key interface to access and configure user data. Securing the web interface requires solutions to deal with threats from both technical vulnerabilities and social factors. Phishing attacks are one of the most commonly exploited vectors in social engineering attacks. The attackers use web pages visually mimicking legitimate web sites, such as banking and government services, to collect users’ sensitive information. Existing phishing defense mechanisms based on URLs or page contents are often evaded by attackers. Recent research has demonstrated that visual layout similarity can be used as a robust basis to detect phishing attacks. In particular, features extracted from CSS layout files can be used to measure page similarity. However, it needs human expertise in specifying how to measure page similarity based on such features. In this paper, we aim to enable automated page-layout-based phishing detection techniques using machine learning techniques. We propose a learning-based aggregation analysis mechanism to decide page layout similarity, which is used to detect phishing pages. We prototype our solution and evaluate four popular machine learning classifiers on their accuracy and the factors affecting their results.

/pdf/phishing-page-detection-via-learning-classifiers-from-page-is561ww4h6.pdf

Phishing page detection via learning classifiers from page layout feature

Detecting Phishing Websites via Aggregation Analysis of Page Layouts

Social network is a critical component in mobile multimedia systems, where users share their videos, photos, and other media. However, the information (e.g., posts, user profiles, etc.) shared on the social network platforms usually reflects many users' personal (private) information, which could be mined and abused for malicious purposes. To address privacy concerns, many social network service providers adopted privacy-preserving mechanisms, e.g., anonymizing user identity, hiding users' profiles, etc. As a result, the attributes in user profiles are usually set up to be accessed only by friends to prevent privacy leakage. Several attacks have been proposed to infer the hidden attributes to Several the efficiency of current privacy-protecting mechanisms. Most of these solutions are based on the social links among users or their behaviors. In this paper, we systematically analyze the social features related to user privacy inference and found that there are relevances among social attributes, which has a great impact on inferring users' hidden attributes. According to our findings, we propose an efficient social attribute inference scheme based on social links and attribute relevance properties. We develop a relevance attribute inference method (ReAI) using random walks with restart. We analyze attribute relevance on inference performance and use Kulczynski measure to quantify attribute relevance as edge weights of attribute nodes in an improved social-attribute network. We evaluate our method and compare it with the traditional attribute inference method. The results show that our method performs better than the traditional method. We also use Kulczynski measure and Information Gain Ratio to evaluate the improvements. The results show that the bigger relevance between attributes contributes to higher improvements.

An Efficient Social Attribute Inference Scheme Based on Social Links and Attribute Relevance

The rapid development of wellness smart devices and apps, such as Fitbit Coach and FitnessGenes, has triggered a wave of interaction on social networks. People communicate with and follow each other based on their wellness activities. Though such IoT devices and data provide a good motivation, they also expose users to threats due to the privacy leakage of social networks. Anonymization techniques are widely adopted to protect users’ privacy during social data publishing and sharing. However, de-anonymization techniques are actively studied to identify weaknesses in current social network data-publishing mechanisms. In this paper, we conduct a comprehensive analysis on the typical structure-based social network de-anonymization algorithms. We aim to understand the de-anonymization approaches and disclose the impacts on their application performance caused by different factors, e.g., topology properties and anonymization methods adopted to sanitize original data. We design the analysis framework and define three experiment environments to evaluate a few factors’ impacts on the target algorithms. Based on our analysis architecture, we simulate three typical de-anonymization algorithms and evaluate their performance under different pre-configured environments.

https://link.springer.com/content/pdf/10.1186/s13638-018-1291-2.pdf

Wenqian Tian

Papers

Phishing-Alarm: Robust and Efficient Phishing Detection via Page Component Similarity

Phishing page detection via learning classifiers from page layout feature

Detecting Phishing Websites via Aggregation Analysis of Page Layouts

An Efficient Social Attribute Inference Scheme Based on Social Links and Attribute Relevance

Understanding structure-based social network de-anonymization techniques via empirical analysis