当前位置:
X-MOL 学术
›
J. Netw. Comput. Appl.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Uncovering phishing attacks using principles of persuasion analysis
Journal of Network and Computer Applications ( IF 7.7 ) Pub Date : 2024-07-03 , DOI: 10.1016/j.jnca.2024.103964 Lázaro Bustio-Martínez , Vitali Herrera-Semenets , Juan Luis García-Mendoza , Miguel Ángel Álvarez-Carmona , Jorge Ángel González-Ordiano , Luis Zúñiga-Morales , J. Emilio Quiróz-Ibarra , Pedro Antonio Santander-Molina , Jan van den Berg
Journal of Network and Computer Applications ( IF 7.7 ) Pub Date : 2024-07-03 , DOI: 10.1016/j.jnca.2024.103964 Lázaro Bustio-Martínez , Vitali Herrera-Semenets , Juan Luis García-Mendoza , Miguel Ángel Álvarez-Carmona , Jorge Ángel González-Ordiano , Luis Zúñiga-Morales , J. Emilio Quiróz-Ibarra , Pedro Antonio Santander-Molina , Jan van den Berg
With the rising of Internet in early ’90s, many fraudulent activities have migrated from physical to digital: one of them is phishing. Phishing is a deceptive practice focused on exploiting the human factor, which is the most vulnerable aspect of any security process. In this scam, social engineering techniques are extensively utilized, specifically focusing on the principles of persuasion, to deceive individuals into disclosing sensitive information or engaging in malicious actions. This research explores the use of message subjectivity for detecting phishing attacks. It does so by assessing the impact of various data representations and classifiers on automatically identifying principles of persuasion. Furthermore, it investigates how these detected principles of persuasion can be leveraged for identifying phishing attacks. The experiments conducted revealed that there is no universal solution for data representation and classifier selection to effectively detect all principles of persuasion. Instead, a tailored combination of data representation and classifiers is required for detecting each principle. The Machine Learning models created automatically detect principles of persuasion with confidence levels ranging from 0.7306 to 0.8191 for AUC-ROC. Next, principles of persuasion detected are used for phishing detection. This study also emphasizes the need for user-friendly and comprehensible models. To validate the proposal presented, several families of classifiers were tested, but among all of them, tree-based models (and Random Forest in particular) stand out as preferred option. These models achieve similar level of effectiveness as alternative methods while offering improved clarity and user-friendliness, with an AUC-ROC of 0.859842.
中文翻译:
使用说服分析原理揭露网络钓鱼攻击
随着 90 年代初互联网的兴起,许多欺诈活动已从实体转移到数字:其中之一就是网络钓鱼。网络钓鱼是一种主要利用人为因素的欺骗行为,而人为因素是任何安全过程中最容易受到攻击的方面。在这个骗局中,社会工程技术被广泛利用,特别注重说服原理,欺骗个人泄露敏感信息或从事恶意行为。本研究探讨了如何利用消息主观性来检测网络钓鱼攻击。它通过评估各种数据表示和分类器对自动识别说服原则的影响来实现这一点。此外,它还研究了如何利用这些检测到的说服原则来识别网络钓鱼攻击。进行的实验表明,数据表示和分类器选择没有通用的解决方案来有效检测所有说服原则。相反,检测每个原理需要数据表示和分类器的定制组合。创建的机器学习模型自动检测说服原则,AUC-ROC 的置信水平范围为 0.7306 到 0.8191。接下来,利用说服检测原理进行网络钓鱼检测。这项研究还强调了对用户友好且易于理解的模型的需求。为了验证所提出的建议,测试了多个分类器系列,但在所有分类器中,基于树的模型(特别是随机森林)脱颖而出,成为首选。这些模型实现了与替代方法相似的有效性水平,同时提供了更高的清晰度和用户友好性,AUC-ROC 为 0.859842。
更新日期:2024-07-03
中文翻译:
使用说服分析原理揭露网络钓鱼攻击
随着 90 年代初互联网的兴起,许多欺诈活动已从实体转移到数字:其中之一就是网络钓鱼。网络钓鱼是一种主要利用人为因素的欺骗行为,而人为因素是任何安全过程中最容易受到攻击的方面。在这个骗局中,社会工程技术被广泛利用,特别注重说服原理,欺骗个人泄露敏感信息或从事恶意行为。本研究探讨了如何利用消息主观性来检测网络钓鱼攻击。它通过评估各种数据表示和分类器对自动识别说服原则的影响来实现这一点。此外,它还研究了如何利用这些检测到的说服原则来识别网络钓鱼攻击。进行的实验表明,数据表示和分类器选择没有通用的解决方案来有效检测所有说服原则。相反,检测每个原理需要数据表示和分类器的定制组合。创建的机器学习模型自动检测说服原则,AUC-ROC 的置信水平范围为 0.7306 到 0.8191。接下来,利用说服检测原理进行网络钓鱼检测。这项研究还强调了对用户友好且易于理解的模型的需求。为了验证所提出的建议,测试了多个分类器系列,但在所有分类器中,基于树的模型(特别是随机森林)脱颖而出,成为首选。这些模型实现了与替代方法相似的有效性水平,同时提供了更高的清晰度和用户友好性,AUC-ROC 为 0.859842。
京公网安备 11010802027423号