In Partial Fulfillment of the Requirements for the Degree of Master of Science
will defend her thesis
A Multi-Pronged Approach to Phishing Email Detection
Phishing emails are a nuisance and a growing threat for the world causing loss of time, effort and money. In this era of online communication and electronic data exchange, every individual connected to the internet has to face the danger of phishing attacks. Typically, benign looking emails are used as the attack vectors, which trick users into revealing sensitive information like login credentials, credit card details, etc. Since every email contains important information in its header, this thesis describes ways of capturing it for successful classification of phishing emails. Moreover, the phisher has total control over the email body and subject, but little control over the header after the email leaves the sender's domain, unless the phisher is sophisticated and spends a lot of time crafting the attack, which reduces the payoff or may even backfire or yield mixed results.
This thesis is a consolidated account of various systems designed to combat phishing emails from different dimensions. The main areas of focus are email header and email body text. Techniques like n-gram analysis, machine learning and network port scanning are used to extract useful features from the emails. This thesis shows that the classes of features used in these systems are very effective in distinguishing the phishing emails from the legitimate ones. Using different real datasets from varied domains, it highlights the robustness of its methods. Some methods obtain high detection rates of 99.9% and low false positive rates of 0.1%. These approaches have the advantage and flexibility of being combined with other existing methods, besides being used as a standalone system.
Date: Monday, November 30, 2015
Time: 10:00 AM
Place: PGH 501D
Advisor: Prof. Rakesh Verma
Faculty, students, and the general public are invited.