Uploaded bybutest
PPTX, PDF848 views

Learning to Detect Phishing Emails

The document discusses a machine learning approach to detecting phishing emails. It presents the authors who developed a method called PILFER that uses email and webpage classification features to train a random forest classifier to detect phishing emails. The method is empirically evaluated on two datasets and achieves high accuracy in detecting phishing emails while minimizing false positives and negatives. The challenges of evolving phishing techniques and unavailable web domains are also discussed.

Related topics:
Pattern Recognition

Embed presentation

Downloaded 40 times
Learning to Detect Phishing EmailsIan Fette
Norman Sadeh
Anthony Tomasic
Presented by – BhavinMadhaniAuthorsBhavinMadhani - UC Irvine - 2009Ian Fette: - Masters degree from Carnegie Mellon University. - Product Manager at Google - works on the Google Chrome team . - Product manager for the anti-phishing and anti-malware teams at Google. Norman M. Sadeh: - Professor in the School of Computer Science at Carnegie Mellon University. - Director, Mobile Commerce Lab. - Director, e-Supply Chain Management Lab.  - Co-Director, COS PhD Program.Anthony Tomasic: - Director of the Carnegie Mellon University. - Masters of science in Information Technology, Very Large Information Systems (MSIT-VLIS) Program..
IntroductionPHISHING ?
Phishing through Emails
Phishing Problem – Hard.
An Machine Learning approach to tackle this online identity theft. BhavinMadhani - UC Irvine - 2009Image courtesy: http://images.google.com - 2005 HowStuffWorks
Popular Targets : March 2009Table courtesy: http://www.phishtank.com/stats/2009/03/BhavinMadhani - UC Irvine - 2009
BackgroundToolbars
SpoofGuard
NetCraft
Email Filtering
SpamAssassin
SpamatoBhavinMadhani - UC Irvine - 2009Image courtesy: http://images.google.com - www.glasbergen.com
Method PILFER – A Machine Learning based approach to classification.
phishing emails / ham (good) emails
Feature Set
Features as used in email classification
Features as used in webpage classificationBhavinMadhani - UC Irvine - 2009
Features as used in email classificationIP-based URLs: http://192.168.0.1/paypal.cgi?fix_account
Phishing attacks are hosted off of compromised PCs. This feature is binary. BhavinMadhani - UC Irvine - 2009
Age of linked-to domain names:
‘playpal.com’ or ‘paypal-update.com’
These domains often have a limited life
WHOIS query
date is within 60 days of the date the email was sent – “fresh” domain. This is a binary featureBhavinMadhani - UC Irvine - 2009
Nonmatching URLs

More Related Content

PPTX
Don’t Get Caught by Phishing Emails!
byAventis Systems, Inc.
 
PPTX
PCI Password Policy Compliance
bynFront Security
 
PDF
10 Steps to Creating a Corporate Phishing Awareness Program
byWiley
 
PDF
Impostor Detection presentation to ISC2 NH
byastraid
 
PPTX
Improving circuit miniaturization and its efficiency using Rough Set Theory( ...
bySarvesh Singh
 
PDF
A survey on detection of website phishing using mcac technique
bybhas_ani
 
PPT
Improving Your Interview Skills for Residency 2007
byVictor Castilla
 
PPTX
Phishing
byMaheshwar Singh
 
Don’t Get Caught by Phishing Emails!
byAventis Systems, Inc.
 
PCI Password Policy Compliance
bynFront Security
 
10 Steps to Creating a Corporate Phishing Awareness Program
byWiley
 
Impostor Detection presentation to ISC2 NH
byastraid
 
Improving circuit miniaturization and its efficiency using Rough Set Theory( ...
bySarvesh Singh
 
A survey on detection of website phishing using mcac technique
bybhas_ani
 
Improving Your Interview Skills for Residency 2007
byVictor Castilla
 
Phishing
byMaheshwar Singh
 

Similar to Learning to Detect Phishing Emails

PDF
Web phish detection (an evolutionary approach)
byeSAT Journals
 
PDF
Web phish detection (an evolutionary approach)
byeSAT Publishing House
 
PDF
The International Journal of Engineering and Science (The IJES)
bytheijes
 
PDF
Detecting Phishing using Machine Learning
byijtsrd
 
PPTX
Classification with R
byNajima Begum
 
DOCX
Phishing
byProgrammer
 
PDF
IRJET- Analysis and Detection of E-Mail Phishing using Pyspark
byIRJET Journal
 
PDF
Detecting Phishing Websites Using Machine Learning
byIRJET Journal
 
PDF
ChongLiu-MaliciousURLDetection
byDaniel Liu
 
PPTX
Detection of Phishing Websites
byNikhil Soni
 
PPTX
Phishing Website Detection by Machine Learning Techniques Presentation.pptx
byLeelalatha
 
PPTX
Phishing Website Detection by Machine Learning Techniques Presentation.pptx
byLeelalatha
 
PDF
Url filtration
byronpoul
 
PPTX
PHISHING DETECTION PPT using fspam detection
byperumal22
 
PDF
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
byVaralakshmiKC
 
PPTX
detection of malicious URLs.pptx
bymanash40
 
DOC
Comparing Naive Bayesian and k-NN algorithms for automatic ...
bybutest
 
PDF
A multi classifier prediction model for phishing detection
byeSAT Publishing House
 
PDF
A multi classifier prediction model for phishing detection
byeSAT Publishing House
 
PDF
A multi classifier prediction model for phishing detection
byeSAT Journals
 
Web phish detection (an evolutionary approach)
byeSAT Journals
 
Web phish detection (an evolutionary approach)
byeSAT Publishing House
 
The International Journal of Engineering and Science (The IJES)
bytheijes
 
Detecting Phishing using Machine Learning
byijtsrd
 
Classification with R
byNajima Begum
 
Phishing
byProgrammer
 
IRJET- Analysis and Detection of E-Mail Phishing using Pyspark
byIRJET Journal
 
Detecting Phishing Websites Using Machine Learning
byIRJET Journal
 
ChongLiu-MaliciousURLDetection
byDaniel Liu
 
Detection of Phishing Websites
byNikhil Soni
 
Phishing Website Detection by Machine Learning Techniques Presentation.pptx
byLeelalatha
 
Phishing Website Detection by Machine Learning Techniques Presentation.pptx
byLeelalatha
 
Url filtration
byronpoul
 
PHISHING DETECTION PPT using fspam detection
byperumal22
 
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
byVaralakshmiKC
 
detection of malicious URLs.pptx
bymanash40
 
Comparing Naive Bayesian and k-NN algorithms for automatic ...
bybutest
 
A multi classifier prediction model for phishing detection
byeSAT Publishing House
 
A multi classifier prediction model for phishing detection
byeSAT Publishing House
 
A multi classifier prediction model for phishing detection
byeSAT Journals
 

More from butest

PDF
EL MODELO DE NEGOCIO DE YOUTUBE
bybutest
 
DOC
1. MPEG I.B.P frame之不同
bybutest
 
PDF
LESSONS FROM THE MICHAEL JACKSON TRIAL
bybutest
 
PPT
Timeline: The Life of Michael Jackson
bybutest
 
DOCX
Popular Reading Last Updated April 1, 2010 Adams, Lorraine The ...
bybutest
 
PDF
LESSONS FROM THE MICHAEL JACKSON TRIAL
bybutest
 
PPTX
Com 380, Summer II
bybutest
 
PPT
PPT
bybutest
 
DOCX
The MYnstrel Free Press Volume 2: Economic Struggles, Meet Jazz
bybutest
 
DOC
MICHAEL JACKSON.doc
bybutest
 
PPTX
Social Networks: Twitter Facebook SL - Slide 1
bybutest
 
PPT
Facebook
bybutest
 
DOCX
Executive Summary Hare Chevrolet is a General Motors dealership ...
bybutest
 
DOC
Welcome to the Dougherty County Public Library's Facebook and ...
bybutest
 
DOC
NEWS ANNOUNCEMENT
bybutest
 
DOC
C-2100 Ultra Zoom.doc
bybutest
 
DOC
MAC Printing on ITS Printers.doc.doc
bybutest
 
DOC
Mac OS X Guide.doc
bybutest
 
DOC
hier
bybutest
 
DOC
WEB DESIGN!
bybutest
 
EL MODELO DE NEGOCIO DE YOUTUBE
bybutest
 
1. MPEG I.B.P frame之不同
bybutest
 
LESSONS FROM THE MICHAEL JACKSON TRIAL
bybutest
 
Timeline: The Life of Michael Jackson
bybutest
 
Popular Reading Last Updated April 1, 2010 Adams, Lorraine The ...
bybutest
 
LESSONS FROM THE MICHAEL JACKSON TRIAL
bybutest
 
Com 380, Summer II
bybutest
 
PPT
bybutest
 
The MYnstrel Free Press Volume 2: Economic Struggles, Meet Jazz
bybutest
 
MICHAEL JACKSON.doc
bybutest
 
Social Networks: Twitter Facebook SL - Slide 1
bybutest
 
Facebook
bybutest
 
Executive Summary Hare Chevrolet is a General Motors dealership ...
bybutest
 
Welcome to the Dougherty County Public Library's Facebook and ...
bybutest
 
NEWS ANNOUNCEMENT
bybutest
 
C-2100 Ultra Zoom.doc
bybutest
 
MAC Printing on ITS Printers.doc.doc
bybutest
 
Mac OS X Guide.doc
bybutest
 
hier
bybutest
 
WEB DESIGN!
bybutest
 

Learning to Detect Phishing Emails

Editor's Notes

  • #3 Ian FetteIan Fette is a Product Manager at Google, where he works on the Google Chrome team focusing on security and the browser infrastructure. He is also the product manager for the anti-phishing and anti-malware teams at Google, focused on discovering harmful sites online and making that data available for use, such as in Google Chrome and Mozilla Firefox. Ian holds a Masters degree from Carnegie Mellon University's School of Computer Science, as well a bachelor's degree in Computer Science Engineering from the University of Michigan. Norman M. Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). He is director of CMU’s e-Supply Chain Management Laboratory, director of its Mobile Commerce Laboratory, and co-Director of the School’s PhD Program in Computation, Organizations and Society. Dr. Sadeh has been on the faculty at CMU since 1991. Norman received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California. Over the past six years, Norman has conducted pioneering research in pervasive computing and semantic web technologies for privacy and context awareness and is currently extending these techniques to inter-enterprise collaboration scenarios.Anthony Tomasic (tomasic@cs.cmu.edutomasic@cs.cmu.edu) is the Director of the Carnegie Mellon University Masters of Science in Information Technology, Very Large Information Systems (MSIT-VLIS) program.VIO The Virtual Information Officer is an intelligent assistant for processing natural language task requests for users. WbE The Workflow By Example is an intelligent assistant for user constructed workflows.
  • #4 This message and others like it are examples of phishing, a method of online identity theft. Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity for the purpose of stealing account information, logon credentials, and identity information in general. This attack method, commonly known as ``phishing,'' is most commonly initiated by sending out emails with links to spoofed websites that harvest information.
  • #6 The first disadvantage toolbars face when compared to email filtering is a decreased amount of contextual information. The email provides the context under which the attack is delivered to the user. An email filter can see what words are used to entice the user to take action, which is currently not knowable to a filter operating in a browser separate from the user's e-mail client.The second disadvantage of toolbars is the inability to completely shield the user from the decision making process. Toolbars usually prompt users with a dialog box, which many users will simply dismiss or misinterpret, or worse yet these warning dialogs can be intercepted by user-space malware [2]. By filtering out phishing emails before they are ever seen by users, we avoid the risk of these warnings being dismissed by or hidden from the user.