Detección de phishing en etapa de detección temprana utilizando características relacionadas a la marca afectada

Vista sencilla de ítem
dc.contributor.advisorCamargo Mendoza, Jorge Eliecer
dc.contributor.authorBarreiro Herrera, Daniel Alejandro
dc.contributor.researchgroupUnsecurelab Cybersecurity Research Groupspa
dc.date.accessioned2023-07-25T14:12:02Z
dc.date.available2023-07-25T14:12:02Z
dc.date.issued2023
dc.description.abstractEl phishing es uno de los ataques cibernéticos sufridos por los usuarios de servicios transaccionales a través de Internet, si bien existe investigación enfocada en detectar ataques de phishing y la literatura muestra resultados con alta efectividad en detección, estos estudios no permiten enfatizar en qué etapa de detección se actúa. Teniendo en cuenta la revisión sistemática de literatura realizada previamente en Barreiro2022, se presenta una descripción general actualizada de la detección de phishing, en este estudio se identificó que el 83% de literatura consultada se centró en la fase de mitigación, donde la metodología funciona de manera reactiva utilizando características estáticas que brindan alta precisión pero fallan en el modelo con el tiempo. Es así como en el presente documento se detallará la implementación de un modelo computacional de detección de phishing basado en la extracción de características de la marca afectada, el cual permita actuar en la etapa de prevención del ataque. Se realiza un análisis exploratorio de datasets de phishing para tres marcas, posteriormente se seleccionan las características de marca y se detallará los detalles de diseño e implementación de los modelos para las tres marcas seleccionadas, probando diferentes modelos de aprendizaje de maquina y analizando el comportamiento de sus características. Finalmente, se analizarán resultados y se presentarán conclusiones para enfatizar la importancia de usar información de marca y mezclar diferentes enfoques para mejorar la detección de etapas tempranas. La contribución de este trabajo se centra en establecer una aproximación diferente que permite construir el modelo adecuado para cada marca, incentivando futuras investigaciones y futuros trabajos relacionados para considerar sus modelos más allá de la alta precisión, y plantear cómo estos pueden proporcionar soluciones eficientes que se pueden integrar en entornos de producción reales para proteger a los usuarios. (Texto tomado de la fuente)spa
dc.description.abstractPhishing is one of the cyber attacks suffered by users of transactional services over the Internet, although there is research focused on detecting phishing attacks and the literature shows highly effective results in detection, these studies do not allow emphasize at what stage of detection is acted on. Taking into account the systematic review of literature previously carried out in Barreiro2022, an updated general description of phishing detection is presented, in this study, it was identified that 83% of the selected literature focused on the mitigation phase, where the methodology works reactively using static features that provide high accuracy but fail in the model over time. This is how this document will detail the implementation of a phishing detection computational model based on the extraction of characteristics of the affected brand and that also allows acting in the attack prevention stage. An exploratory analysis of phishing datasets for three brands is carried out, then the brand characteristics are selected and the details of the design and implementation of the models for the three selected brands will be detailed, testing different machine learning models and analyzing the feature's performance. Finally, results will be analyzed and conclusions will be presented to emphasize the importance of using brand information and mixing different approaches to improve early-stage detection. The contribution of this work is focused on establishing another approach for building the best solution for each brand, encouraging future research and future related work to consider their models beyond high precision, and proposing how these models can provide efficient solutions that can be integrated into production environments to protect the users.eng
dc.description.degreelevelMaestríaspa
dc.description.degreenameMagíster en Ingeniería - Ingeniería de Sistemas y Computaciónspa
dc.description.methodsEl presente trabajo tiene como tipo de estudio descriptivo, en donde se cuenta con una amplia gama de antecedentes en detección de phishing y se enfocan esfuerzos en la primera etapa de posible detección, que es en la etapa de registro del dominio, alterando el enfoque tradicional de la mayoría de investigaciones de una de detección phishing a partir de una URL genérica a un enfoque especifico de proteger a una marca especifica para ello se utilizará una tipo de diseño experimental en donde se considerarán características ligadas a la marca a la cual se requiere proteger. Se mantendrá una estrategia de tipo cuantitativo acorde con las métricas comunes en el estado del arte y adicionando métricas que evalúen los tiempos y la eficiencia de él modelo en detección de phishing, que permiten evaluar la detección en etapas tempranas y evaluar el modelo computacional con base a el objetivo general del trabajo.spa
dc.description.notesEste trabajo explora otros enfoques distintos a los encontrados en el estado del arte en detección de phishing, identificando los puntos clave donde la investigación puede proporcionar soluciones efectivas e integrables en entornos reales. Los hallazgos permiten reflejar las características identificadas y ajustar las recomendaciones del modelo para la identificación de phishing en etapas tempranas de detección teniendo en cuenta características relacionadas a la marca.spa
dc.description.researchareaCiberseguridadspa
dc.description.technicalinfoEn el transcurso de esta investigación se realizaron contribuciones como lo es un artículo de revisión de literatura en el que se expuso la problemática y la necesidad de realizar el estudio de marca en detección de phishing, para el cual se realizó una ponencia. Adicionalmente se participó en la tercera jornada de ciberseguridad de la universidad Nacional, donde el artículo fue aceptado y se realizó una ponencia con poster durante la jornada y finalmente se realizó un artículo de resultados a presentarse en el journal de inteligencia artificial de Iberamia. A continuación se exponen las contribuciones: -Barreiro, D. A. and Camargo, J. E. (2022). A systematic review on phishing detection: A perspective beyond a high accuracy in phishing detection. pages 173–188 fue publicado en Communications in Computer and Information Science book series (CCIS,volume 1643) y presentado en 5th International Conference on Applied Informatics en Arequipa , Perú. -Barreiro, D. A. and Camargo, J. E. (2022). Detección de phishing en etapas tempranas utilizando características de marca. Poster presentado en 3ra Jornada de Ciberseguridad Universidad Nacional JCUN2022.spa
dc.format.extentxiv, 64 páginasspa
dc.format.mimetypeapplication/pdfspa
dc.identifier.instnameUniversidad Nacional de Colombiaspa
dc.identifier.reponameRepositorio Institucional Universidad Nacional de Colombiaspa
dc.identifier.repourlhttps://repositorio.unal.edu.co/spa
dc.identifier.urihttps://repositorio.unal.edu.co/handle/unal/84259
dc.language.isospaspa
dc.publisherUniversidad Nacional de Colombiaspa
dc.publisher.branchUniversidad Nacional de Colombia - Sede Bogotáspa
dc.publisher.facultyFacultad de Ingenieríaspa
dc.publisher.placeBogotá, Colombiaspa
dc.publisher.programBogotá - Ingeniería - Maestría en Ingeniería - Ingeniería de Sistemas y Computaciónspa
dc.relation.references[A, 2020] A, A. A. (2020). Towards the Detection of Phishing Attacks Praveen K TIFAC- CORE in Cyber Security Amrita Vishwa Vidyapeethamspa
dc.relation.references[Adil et al., 2020] Adil, M., Khan, R., and Ghani, M. A. N. U. (2020). Preventive Techniques of Phishing Attacks in Networks. In 2020 3rd International Conference on Advancements in Computational Sciences (ICACS), pages 1–8.spa
dc.relation.references[Ali and Ahmed, 2019] Ali, W. and Ahmed, A. A. (2019). Hybrid intelligent phishing website prediction using deep neural networks with genetic algorithm-based feature selection and weighting. IET Information Security, 13(6):659–669.spa
dc.relation.references[Anand et al., 2018] Anand, A., Gorde, K., Moniz, J. R. A., Park, N., Chakraborty, T., and Chu, B. (2018). Phishing URL Detection with Oversampling based on Text Generative Adversarial Networks. In 2018 IEEE International Conference on Big Data (Big Data), pages 1168–1177.spa
dc.relation.references[apwg, 2022] apwg (2022). PHISHING ACTIVITY TRENDS REPORT Q4 2021.spa
dc.relation.references[Aung and Yamana, 2019] Aung, E. S. and Yamana, H. (2019). URL-Based Phishing Detec- tion Using the Entropy of Non-Alphanumeric Characters. In Proceedings of the 21st Inter- national Conference on Information Integration and Web-Based Applications & Services, iiWAS2019, page 385–392, New York, NY, USA. Association for Computing Machinery.spa
dc.relation.references[Baig et al., 2021] Baig, M. S., Ahmed, F., and Memon, A. M. (2021). Spear-phishing campaigns: Link vulnerability leads to phishing attacks, spear-phishing electronic/uav communication-scam targeted. In 2021 4th International Conference on Computing In- formation Sciences (ICCIS), pages 1–6.spa
dc.relation.references[Balim and Gunal, 2019] Balim, C. and Gunal, E. S. (2019). Automatic Detection of Smishing Attacks by Machine Learning Methods. In 2019 1st International Informatics and Software Engineering Conference (UBMYK), pages 1–3.spa
dc.relation.references[Barreiro and Camargo, 2022] Barreiro, D. A. and Camargo, J. E. (2022). A systematic review on phishing detection: A perspective beyond a high accuracy in phishing detection. pages 173–188.spa
dc.relation.references[Baykara and G ̈urel, 2018] Baykara, M. and G ̈urel, Z. Z. (2018). Detection of phishing at- tacks. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pages 1–5.spa
dc.relation.references[Buber et al., 2017] Buber, E., Demir, , and Sahingoz, O. K. (2017). Feature selections for the machine learning based detection of phishing websites. In 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–5.spa
dc.relation.referencesConcone et al., 2019] Concone, F., Re, G. L., Morana, M., and Ruocco, C. (2019). Assisted Labeling for Spam Account Detection on Twitter. In 2019 IEEE International Conference on Smart Computing (SMARTCOMP), pages 359–366.spa
dc.relation.references[Dalgic et al., 2018] Dalgic, F. C., Bozkir, A. S., and Aydos, M. (2018). Phish-IRIS: A New Approach for Vision Based Brand Prediction of Phishing Web Pages via Compact Visual Descriptors. In 2018 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), pages 1–8.spa
dc.relation.references[Das et al., 2020] Das, A., Baki, S., Aassal, A. E., Verma, R., and Dunbar, A. (2020). SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective. IEEE Communications Surveys & Tutorials, 22(1):671–708.spa
dc.relation.references[DomainWatch, ] DomainWatch. DomainWatch - Domain WHOIS Search, Website Infor- mation.spa
dc.relation.references[Eshmawi and Nair, 2019] Eshmawi, A. and Nair, S. (2019). The Roving Proxy Framewrok for SMS Spam and Phishing Detection. In 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), pages 1–6.spa
dc.relation.references[Ginsberg and Yu, 2018] Ginsberg, A. and Yu, C. (2018). Rapid Homoglyph Prediction and Detection. In 2018 1st International Conference on Data Intelligence and Security (ICDIS), pages 17–23spa
dc.relation.references[Huang et al., 2019] Huang, Y., Qin, J., and Wen, W. (2019). Phishing URL Detection Via Capsule-Based Neural Network. In 2019 IEEE 13th International Conference on Anti- counterfeiting, Security, and Identification (ASID), pages 22–26.spa
dc.relation.references[JAMES, 2005] JAMES, L. (2005). Phishing Exposed.spa
dc.relation.references[Li and Wang, 2017] Li, J. and Wang, S. (2017). PhishBox: An Approach for Phishing Va- lidation and Detection. In 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Con- gress(DASC/PiCom/DataCom/CyberSciTech), pages 557–564.spa
dc.relation.references[Li et al., 2020] Li, Q., Cheng, M., Wang, J., and Sun, B. (2020). LSTM based Phishing Detection for Big Email Data. IEEE Transactions on Big Data, page 1spa
dc.relation.references[Li et al., 2016] Li, X., Geng, G., Yan, Z., Chen, Y., and Lee, X. (2016). Phishing detection based on newly registered domains. In 2016 IEEE International Conference on Big Data (Big Data), pages 3685–3692spa
dc.relation.references[Lingam et al., 2018] Lingam, G., Rout, R. R., and Somayajulu, D. V. L. N. (2018). Detec- tion of Social Botnet using a Trust Model based on Spam Content in Twitter Network. In 2018 IEEE 13th International Conference on Industrial and Information Systems (ICIIS), pages 280–285.spa
dc.relation.references[Lingam et al., 2019] Lingam, G., Rout, R. R., and Somayajulu, D. V. L. N. (2019). Deep Q- Learning and Particle Swarm Optimization for Bot Detection in Online Social Networks. In 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pages 1–6.spa
dc.relation.referencesMcGahagan et al., 2019] McGahagan, J., Bhansali, D., Gratian, M., and Cukier, M. (2019). A Comprehensive Evaluation of HTTP Header Features for Detecting Malicious Websites. In 2019 15th European Dependable Computing Conference (EDCC), pages 75–82spa
dc.relation.references[Megha et al., 2019] Megha, N., Babu, K. R. R., and Sherly, E. (2019). An Intelligent Sys- tem for Phishing Attack Detection and Prevention. In 2019 International Conference on Communication and Electronics Systems (ICCES), pages 1577–1582.spa
dc.relation.references[Mondal et al., 2019] Mondal, S., Maheshwari, D., Pai, N., and Biwalkar, A. (2019). A Review on Detecting Phishing URLs using Clustering Algorithms. In 2019 International Conference on Advances in Computing, Communication and Control (ICAC3), pages 1–6spa
dc.relation.references[Nakamura and Dobashi, 2019] Nakamura, A. and Dobashi, F. (2019). Proactive Phishing Sites Detection. In IEEE/WIC/ACM International Conference on Web Intelligence, WI ’19, page 443–448, New York, NY, USA. Association for Computing Machinery.spa
dc.relation.references[Nathezhtha et al., 2019] Nathezhtha, T., Sangeetha, D., and Vaidehi, V. (2019). WC-PAD: Web Crawling based Phishing Attack Detection. In 2019 International Carnahan Confe- rence on Security Technology (ICCST), pages 1–6spa
dc.relation.references[Pande and Voditel, 2017] Pande, D. N. and Voditel, P. S. (2017). Spear phishing: Diag- nosing attack paradigm. In 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pages 2720–2724spa
dc.relation.references[Patil et al., 2018] Patil, V., Thakkar, P., Shah, C., Bhat, T., and Godse, S. P. (2018). De- tection and Prevention of Phishing Websites Using Machine Learning Approach. In 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), pages 1–5.spa
dc.relation.references[Sahoo, 2018] Sahoo, P. K. (2018). Data mining a way to solve Phishing Attacks. In 2018 International Conference on Current Trends towards Converging Technologies (ICCTCT), pages 1–5.spa
dc.relation.references[Sharma et al., 2017] Sharma, H., Meenakshi, E., and Bhatia, S. K. (2017). A comparative analysis and awareness survey of phishing detection tools. In 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pages 1437–1442spa
dc.relation.references[Spaulding et al., 2016] Spaulding, J., Upadhyaya, S., and Mohaisen, A. (2016). The Lands- cape of Domain Name Typosquatting: Techniques and Countermeasures. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 284–289.spa
dc.relation.references[Starov et al., 2019] Starov, O., Zhou, Y., and Wang, J. (2019). Detecting Malicious Cam- paigns in Obfuscated JavaScript with Scalable Behavioral Analysis. In 2019 IEEE Security and Privacy Workshops (SPW), pages 218–223.spa
dc.relation.references[urlscan, ] urlscan. URL and website scanner.spa
dc.relation.references[Xiang et al., 2011] Xiang, G., Hong, J., Rose, C. P., and Cranor, L. (2011). CANTINA+: A Feature-rich Machine Learning Framework for Detecting Phishing Web Sitesspa
dc.relation.references[Ya et al., 2019] Ya, J., Liu, T., Zhang, P., Shi, J., Guo, L., and Gu, Z. (2019). NeuralAS: Deep Word-Based Spoofed URLs Detection Against Strong Similar Samples. In 2019 International Joint Conference on Neural Networks (IJCNN), pages 1–7spa
dc.relation.references[Yan et al., 2020] Yan, X., Xu, Y., Xing, X., Cui, B., Guo, Z., and Guo, T. (2020). Trust- worthy Network Anomaly Detection Based on an Adaptive Learning Rate and Momentum in IIoT. IEEE Transactions on Industrial Informatics, page 1spa
dc.relation.references[Yang et al., 2019] Yang, P., Zhao, G., and Zeng, P. (2019). Phishing Website Detection Based on Multidimensional Features Driven by Deep Learning. IEEE Access, 7:15196– 15209.spa
dc.relation.references[Yao et al., 2018] Yao, W., Ding, Y., and Li, X. (2018). LogoPhish: A New Two-Dimensional Code Phishing Attack Detection Method. In 2018 IEEE Intl Conf on Parallel & Distribu- ted Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communi- cations (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pages 231–236spa
dc.relation.references[Yazhmozhi and Janet, 2019] Yazhmozhi, V. M. and Janet, B. (2019). Natural language processing and Machine learning based phishing website detection system. In 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I- SMAC), pages 336–340.spa
dc.relation.references[Yuan et al., 2018] Yuan, H., Chen, X., Li, Y., Yang, Z., and Liu, W. (2018). Detecting Phishing Websites and Targets Based on URLs and Webpage Links. In 2018 24th Inter- national Conference on Pattern Recognition (ICPR), pages 3669–3674.spa
dc.relation.references[Zhu et al., 2018] Zhu, E., Ye, C., Liu, D., Liu, F., Wang, F., and Li, X. (2018). An Effective Neural Network Phishing Detection Model Based on Optimal Featu- re Selection. In 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Compu- ting, Social Computing & Networking, Sustainable Computing & Communications (IS- PA/IUCC/BDCloud/SocialCom/SustainCom), pages 781–787.spa
dc.relation.references[Zuraiq and Alkasassbeh, 2019] Zuraiq, A. A. and Alkasassbeh, M. (2019). Review: Phishing Detection Approaches. In 2019 2nd International Conference on new Trends in Computing Sciences (ICTCS), pages 1–6.spa
dc.rights.accessrightsinfo:eu-repo/semantics/openAccessspa
dc.rights.licenseAtribución-NoComercial 4.0 Internacionalspa
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/spa
dc.subject.ddc000 - Ciencias de la computación, información y obras generalesspa
dc.subject.proposalPhishingeng
dc.subject.proposalDetecciónspa
dc.subject.proposalMarcaspa
dc.subject.proposalProactividadspa
dc.subject.proposalEtapa tempranaspa
dc.subject.proposalPhishingspa
dc.subject.proposalDetectioneng
dc.subject.proposalBrandeng
dc.subject.proposalEarly stageeng
dc.subject.proposalProactivityeng
dc.subject.wikidataPhishingeng
dc.titleDetección de phishing en etapa de detección temprana utilizando características relacionadas a la marca afectadaspa
dc.title.translatedPhishing detection in early detection stage using features related to the affected brandeng
dc.typeTrabajo de grado - Maestríaspa
dc.type.coarhttp://purl.org/coar/resource_type/c_bdccspa
dc.type.coarversionhttp://purl.org/coar/version/c_ab4af688f83e57aaspa
dc.type.contentTextspa
dc.type.driverinfo:eu-repo/semantics/masterThesisspa
dc.type.redcolhttp://purl.org/redcol/resource_type/TMspa
dc.type.versioninfo:eu-repo/semantics/acceptedVersionspa
dcterms.audience.professionaldevelopmentInvestigadoresspa
oaire.accessrightshttp://purl.org/coar/access_right/c_abf2spa

Archivos

Bloque original

Mostrando 1 - 1 de 1
Miniatura
Nombre:
1016055910.2023.pdf
Tamaño:
3.83 MB
Formato:
Adobe Portable Document Format
Descripción:
Tesis de Maestría en Ingeniería de Sistemas y Computación
Descargar

Bloque de licencias

Mostrando 1 - 1 de 1
No hay miniatura disponible
Nombre:
license.txt
Tamaño:
5.74 KB
Formato:
Item-specific license agreed upon to submission
Descripción:
Descargar

Colecciones

Maestría en Ingeniería - Sistemas y Computación