In Partial Fulfillment of the Requirements for the Degree of
Master of Science
Will defend his thesis
The social engineering strategy, used by cyber criminals, to get confidential information from Internet users is called Digital Identity Theft. It continues to trick Internet users into losing time and money each year, besides the loss of productivity. A common way to steal digital identity is through phishing. The trends and patterns in such attacks keep on changing over time and hence the detection algorithm needs to be robust and adaptive. Although, many attacks work by luring Internet users to a webs site designed to trick them into revealing sensitive information, recently some attacks have been found that work by either installing malware on a computer or by hijacking a good web site.
The work in the thesis presents effective and comprehensive classifiers for both kinds of attacks, classical or hijack-based, with a focus on the latter kind. According to the literature study, this seems to be the first to consider hijack-based phishing attacks. Some of the techniques are equally effective for zero-hour phishing web site detection. This thesis focuses on the fundamental characteristics of target websites, attacked websites and introduces new features and techniques for detection. It presents results of these classifiers and combination schemes on datasets extracted from several sources. It is shown that the content-based classifier achieves good performance despite the difficulty of the problem and the small size of white list. One of the combination schemes achieved detection of phishing web sites over 92% with false positive rate of less than 0.7% (without Internet search) and 0% false positive rate is also possible with reasonable detection rate of over 74% (with Internet search). Moreover, the classifiers presented are also language independent.
Date: Monday, July 21, 2014
Time: 10:00 AM
Place: PGH 550
Faculty, students, and the general public are invited.
Advisor: Prof. Rakesh Verma