• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >An introspective behavior based methodology to mitigate e-mail based threats.
【24h】

An introspective behavior based methodology to mitigate e-mail based threats.

机译:一种基于自省行为的方法,可减轻基于电子邮件的威胁。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The first part of this dissertation attempts to tackle the problem of detecting phishing e-mails before they reach users' inboxes. To begin with, shortcomings of existing spam filters toward classifying phishing e-mails are highlighted. To overcome them, a customizable and usable spam filter (CUSP) that detects phishing e-mails from the absence of personalized user information contained in them is proposed. However, as solely relying on the presence of personalized information as the criteria to detect phishing e-mails is not entirely foolproof, a novel machine learning based classifier that separates phishing e-mails based on their underlying semantic behavior is proposed. Experimentation on real word phishing and financial e-mail datasets demonstrates that the proposed methodology can detect phishing e-mails with over 90% accuracy while keeping false positive rate minimum. Also, feasibility of generating context-sensitive warnings that better educate the users about the ill-effects of phishing attacks is explored.;Classification techniques that operate on features confined to the phishing e-mails' body can be thwarted by using simple obfuscation techniques, which substitute spurious content appearing in them with seemingly innocuous characters or images. To address such scenarios, the second part of this dissertation takes the classification process a step further to analyze the behavior and structural characteristics of Websites referred by URLs contained in e-mails. Specifically, a challenge-response based technique called PHONEY is proposed to detect phishing Websites based on their inability to distinguish fake and genuine inputs apart. Experimental results based on evaluation on both "live" and "synthesized" phishing Websites reveal that PHONEY can detect almost of all the e-mails that link to live phishing Websites with zero false positives and minimal computation overhead. In a similar vein, this dissertation proposes a novel technique to identify spam e-mails by analyzing the content of the linked-to Websites. A combination of textual and structural features extracted from the linked-to Websites is supplied as input to five machine learning algorithms employed for the purpose of classification. Testing on live spam feeds reveal that the proposed technique can detect spam e-mails with over 95% detection rate, thereby exhibiting better performance than two popular open source anti-spam filters.;Information leaks pose significant risk to users' privacy. An information leak could reveal users' browsing characteristics or sensitive material contained in their e-mail inboxes to attackers allowing them to launch more targeted social engineering attacks (e.g., spear phishing attacks). The third part of this dissertation focuses on addressing these two facets of information leaks, i.e., information leak triggered by spyware and user by detailing out the limitations with the state-of-the-art detection techniques. In order to bring out the deficiencies in existing anti-spyware techniques, first, a new class of intelligent spyware that efficiently blends in with user activities to evade detection is proposed. As a defensive countermeasure, this dissertation proposes a novel randomized honeytoken based methodology that can separate normal and spyware activities with near perfect accuracy. Similarly, to detect inadvertent informational leaks caused by users sending misdirected e-mails to unintended recipient(s), this dissertation advances the existing bag-of-words based outlier detection techniques by using a set of stylometric and linguistic features that better encapsulate the previously exchanged e-mails between the sender and the recipient. Experimentation on real world e-mail corpus shows that the proposed technique detects over 78% of synthesized information leak outperforming other existing techniques.;Another important point to be considered while devising specialized filters to address each of the e-mail based threat is the need to make them interoperable. For example, an e-mail supposedly sent from a financial domain, but having an URL referring to a domain blacklisted for spam is very likely a phishing e-mail. Identifying sources of attacks helps in developing attack agnostic solutions that block all sensitive communication from and to misbehaving nodes. From this perspective, this dissertation explores the feasibility of building a holistic framework that not only operates in conjunction with intrusion detection systems (IDS) to block incoming and outgoing traffic from and to misbehaving nodes, but also safeguard the underlying e-mail infrastructure from zero-day attacks. (Abstract shortened by UMI.)
机译:本文的第一部分试图解决在网络钓鱼电子邮件到达用户收件箱之前对其进行检测的问题。首先,突出显示了现有垃圾邮件过滤器在对网络钓鱼电子邮件进行分类方面的缺点。为了克服它们,提出了一种可自定义和可用的垃圾邮件过滤器(CUSP),该过滤器可根据其中不包含个性化用户信息来检测网络钓鱼电子邮件。然而,由于仅依靠个性化信息的存在作为检测网络钓鱼电子邮件的标准并不完全安全,因此提出了一种新颖的基于机器学习的分类器,该分类器基于网络钓鱼电子邮件的潜在语义行为对其进行分离。对真实单词网络钓鱼和金融电子邮件数据集的实验表明,所提出的方法可以检测到网络钓鱼电子邮件,其准确率超过90%,同时保持最低的误报率。此外,还探索了生成上下文相关警告的可行性,以更好地向用户宣传网络钓鱼攻击的不良影响。;可以通过使用简单的混淆技术来阻止基于网络钓鱼电子邮件正文功能的分类技术;用看起来无害的字符或图像代替出现在其中的虚假内容。为了解决这种情况,本文的第二部分将分类过程进一步分析了电子邮件中包含的URL所指向的网站的行为和结构特征。具体来说,提出了一种基于质询-响应的技术,称为PHONEY,用于基于无法区分假冒和真实输入的网络钓鱼网站进行检测。根据对“实时”和“综合”网络钓鱼网站的评估得出的实验结果表明,PHONEY可以检测到几乎所有链接到实时网络钓鱼网站的电子邮件,其误报率为零,计算开销最小。同样,本论文提出了一种通过分析链接到网站的内容来识别垃圾邮件的新颖技术。从链接到的网站中提取的文本和结构特征的组合作为输入提供给用于分类目的的五种机器学习算法。对实时垃圾邮件源的测试表明,所提出的技术可以检测出95%以上的垃圾邮件,从而比两个流行的开源反垃圾邮件过滤器具有更好的性能。信息泄漏给用户的隐私带来了极大的风险。信息泄漏可能会向攻击者泄露用户的浏览特征或电子邮件收件箱中包含的敏感材料,从而使他们能够发起更有针对性的社会工程攻击(例如,鱼叉式网络钓鱼攻击)。本文的第三部分着眼于解决信息泄漏的这两个方面,即通过详细介绍最新检测技术的局限性来解决由间谍软件和用户触发的信息泄漏。为了发现现有反间谍软件技术的不足,首先,提出了一种新型的智能间谍软件,该软件可以有效地与用户活动融合以规避检测​​。作为一种防御对策,本文提出了一种新的基于随机honeytoken的方法,该方法可以将正常活动与间谍软件活动以近乎完美的精度分开。同样,为了检测由于用户将误导的电子邮件发送给意外收件人而导致的疏忽性信息泄漏,本论文通过使用一组可以更好地封装以前的样式和语言功能,改进了基于现有词袋的离群值检测技术。发件人和收件人之间交换的电子邮件。在现实世界中的电子邮件语料库上的实验表明,所提出的技术可以检测到超过78%的综合信息泄漏,其性能胜过其他现有技术。在设计专门的过滤器来解决每种基于电子邮件的威胁时要考虑的另一个重要点是需要使它们可以互操作。例如,假设电子邮件是从金融域发送的,但具有指向被列入垃圾邮件黑名单的域的URL很有可能是网络钓鱼电子邮件。识别攻击源有助于开发与攻击无关的解决方案,该解决方案阻止与节点之间发生所有敏感通信并向其提供错误信息。从这个角度出发,本文探讨了构建一个整体框架的可行性,该框架不仅可以与入侵检测系统(IDS)结合使用,以阻止来往于错误行为节点的传入和传出流量,而且还可以保护基础电子邮件基础架构免受零天袭击。 (摘要由UMI缩短。)

著录项

  • 作者

    Chandrasekaran, Madhusudhanan.;

  • 作者单位

    State University of New York at Buffalo.;

  • 授予单位 State University of New York at Buffalo.;
  • 学科 Computer Science.
  • 学位 Ph.D.
  • 年度 2009
  • 页码 184 p.
  • 总页数 184
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 自动化技术、计算机技术;
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号