Phishing is a semantic attack that takes advantage of weaknesses caused by the human factor, which are exploited through electronic communication channels. Through social engineering, an attacker may craft a message that lures the victim into performing certain actions for attacker's benefit. The phishing problem is broad and enhancing the mitigation process often requires multiple solutions, such as: user education, user interface enhancements, and automated classification of phishing messages. The contributions of this thesis can be summarized in the following points: * A review of the phishing literature and state of the art phishing mitigation techniques. This incorporates both: the user training approaches as well as software enhancement techniques. * The construction of a highly accurate anti-phishing email classifier via the use of Machine Learning algorithms. This phishing email classifier is the outcome of an empirical evaluation of a number of feature selection methods, which resulted in finding a highly effective features subset. To the best of our knowledge, this is the most accurate publicly known anti-phishing email classifier that uses a single classification algorithm. * A novel URL tokenization technique that, by analyzing the URLs lexically following a training phase, achieves a classification accuracy of 97%. To the best of our knowledge, this is the most accurate publicly known website classification technique that is solely based on lexical URL analysis.
| Date of Award | 2012 |
|---|
| Original language | American English |
|---|
| Supervisor | Andrew Jones (Supervisor) |
|---|
- Social Engineering
- Phishing E-Mail Classification
- Machine Learning
- Feature Subset Selection
- Phishing Website Classification
- Lexical URL Analysis.
Mitigation of Phishing Attacks
Khonji, M. (Author). 2012
Student thesis: Master's Thesis