In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
will defend his proposal
End to End Analysis and Detection of Phishing Attacks
AbstractWith the increasing dependence on Internet usage, social engineering attacks such as phishing and spear-phishing have become a grave impending threat to the security of individuals and organizations. Despite the considerable research on phishing detection at the email, website and URL levels, the trend of these attacks is still moving upward. An end-to-end study of the phishing attacks can give a better insight into how these attacks work, and help defenders to come up with more effective solutions. We can split the phishing attack into three main steps 1) generating the attack (email, text message, etc.); 2) deliver the attack to potential victims; and 3) waiting for victims to expose their sensitive information. In this work, we do the analysis of each of these steps and propose some improvements as well as suggestions for developing more effective solutions. First, we study the process of generating phishing emails and show that a natural language generation technique can be used for email generation. At first look, email generation looks like a tool in favor of attackers, but it can also be used by defenders to train their model with new forms of attacks generated by our technique. It helps defenders to increase the size of their training dataset and also include probable future attacks in their training. Then, we study the human decision-making process to have a better understanding of why some people fall for phishing and some do not. Since humans are known as the weakest link in security, the output of this work can be used to improve the existing training systems/content to emphasize more on the clues to which people pay less attention. In the last part, we will propose a method for detecting phishing by keeping humans in the loop. Attackers are constantly improving their technique to avoid getting caught by the spam filters and also to look more authentic. Recently, there has been an increasing interest in sending job scams which look very similar to legitimate emails in the initial step since they usually do not ask for any sensitive information. So, it makes the detection hard for a general purpose filter, and it is up to the end user to make the decision to trust an email. Due to this constant evolvement of attacks, a specially-designed filter with a focus on helping end-users to make a better decision is required. Our filter will provide some important clues to the user instead of just making the final decision (phishing or legitimate). By highlighting the clues, we hope that users will perform better than they do right now.
Date: Thursday, April 25, 2019
Time: 02:30 - 4:00 PM
Place: PGH 501D
Advisor: Dr. Rakesh Verma
Faculty, students, and the general public are invited.