Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2011/3/17 1 Data Mining and Machine Learning Lab.

Published byHester Lambert Modified over 9 years ago

Similar presentations

Presentation on theme: "Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2011/3/17 1 Data Mining and Machine Learning Lab."— Presentation transcript:

1 Reporter: Jing Chiu Advisor: Yuh-Jye Lee Email: D9815013@mail.ntust.edu.tw 2011/3/17 1 Data Mining and Machine Learning Lab.

2  Authors:  Anh Le, Athina Markopoulou (University of California, Irvine)  Michalis Faloutsos (University of California, Riverside)  Source:  to appear in IEEE INFOCOM 2011 Mini Conference, Shanghai, China, April 10-15, 2011. (poster, tech report) 2011/3/17 2 Data Mining and Machine Learning Lab.

3  Introduction  Dataset and Feature Extraction  Classification Algorithms  Evaluation Results  System Deployment  Conclusion 2011/3/17 3 Data Mining and Machine Learning Lab.

4  “How well can one detect phishing URLs using only lexical features compared to using full features?”  PhishDef Properties:  High accuracy: 96%-97%  Light-weight: Low latency Imposes a modest overhead  Proactive approach As opposed to reactively relying on blacklist  Resilience to noise 95%-86% accuracy when there is 5%-45% noise 2011/3/17 4 Data Mining and Machine Learning Lab.

5  Dataset  Malicious URLs PhishTank MalwarePatrol  Legitimate URLs Yahoo Directory Open Directory (DMOZ)  External Feature Collection  WHOIS  Team Cymru 2011/3/17 5 Data Mining and Machine Learning Lab.

6  Feature Extraction  Automatically selected features Delimiters: ‘/’, ’?’, ‘.’, ‘=‘, ‘_’, ‘&’ and ‘-’. Four parts: Domain Name Directory File Name Argument  Obfuscation-resistant lexical features Four different URL obfuscation techniques Five categories of hand-selected lexical features 2011/3/17 6 Data Mining and Machine Learning Lab.

7  (I) Obfuscating the host with an IP address  (II) Obfuscating the host with another domain  (III) Obfuscating with large host names  (IV) Domain unknown or misspelled 2011/3/17 7 Data Mining and Machine Learning Lab.

8  Features related to the full URL  Length of the URL (Type II)  Number of dots in the URL (Type II)  Blacklisted words (Type IV) confirm, account, banking, secure, ebayisapi, webscr, login and signin Paypal, free, lucky and bonus  Features related to the domain name  Length of the domain name (Type III)  IP or port number is used in the domain name (Type I)  Number of tokens of the domain name (Type III)  Number of hyphens used in the domain name (Type III)  The length of the longest token (Type III)  Features related to the directory  Length of the directory (Type II)  Number of sub-directory tokens (Type II)  Length of the longest sub-directory token (Type II)  Maximum number of dots and other delimiters used in a sub-directory token (Type II) 2011/3/17 Data Mining and Machine Learning Lab. 8

9  Features related to the file name  Length of the file name (Type II)  Number of dots and other delimiters used in the file name (Type II)  Features related to the argument part  Length of the argument part  Number of variables  Length of the longest variable value  The maximum number of delimiters used in a value  Summary of dataset Summary of dataset 2011/3/17 Data Mining and Machine Learning Lab. 9

10  Batch Learning  Support Vector Machine (SVM)  Online Learning  Online Perception (OP)  Confidence Weighted (CW)  Adaptive Regularization of Weights (AROW) 2011/3/17 Data Mining and Machine Learning Lab. 10

11  Batch-based vs. Online algorithms  SVM vs. AROW  Yahoo-Phish 2011/3/17 Data Mining and Machine Learning Lab. 11

12  Lexical Features vs. Full Features  OP, CW and AROW  Yahoo-Phish 2011/3/17 Data Mining and Machine Learning Lab. 12

13  Obfuscation-Resistant Lexical Features  Performance of AROW with/without OR features after the last URL 2011/3/17 Data Mining and Machine Learning Lab. 13

14  The resilience of AROW to noisy data  AROW and CW  Yahoo-Phish 2011/3/17 Data Mining and Machine Learning Lab. 14

15  Minimum/Maximum URL Similarity Distance distribution 2011/3/17 Data Mining and Machine Learning Lab. 15

16 2011/3/17 Data Mining and Machine Learning Lab. 16

17 2011/3/17 Data Mining and Machine Learning Lab. 17  Proposed PhishDef – a proactive defense scheme of phishing attacks  PhishDef detecting phishing URLs on-the-fly  PhishDef use only lexical features  High accuracy (97%)  Low overhead  Resilient to noisy training data  Firefox and Chrome add-ons implementation

18  Q&A? 2011/3/17 Data Mining and Machine Learning Lab. 18

19 2011/3/17 Data Mining and Machine Learning Lab. 19

Download ppt "Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2011/3/17 1 Data Mining and Machine Learning Lab."

Similar presentations

Dynamics of Online Scam Hosting Infrastructure

Dynamics of Online Scam Hosting Infrastructure
1 Network-Level Spam Detection Nick Feamster Georgia Tech.

1 Network-Level Spam Detection Nick Feamster Georgia Tech.
PhishDef: URL Names Say It All Anh Le, Athina Markopoulou University of California, Irvine USA Michalis Faloutsos University of California, Riverside USA.

PhishDef: URL Names Say It All Anh Le, Athina Markopoulou University of California, Irvine USA Michalis Faloutsos University of California, Riverside USA.
ECG Signal processing (2)

ECG Signal processing (2)
Computer Security Lab Concordia Institute for Information Systems Engineering Concordia University Montreal, Canada A Novel Approach of Mining Write-Prints.

Computer Security Lab Concordia Institute for Information Systems Engineering Concordia University Montreal, Canada A Novel Approach of Mining Write-Prints.
11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
FRAppE: Detecting Malicious Facebook Applications

FRAppE: Detecting Malicious Facebook Applications
Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing Emails I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing emails. In Proceedings.

Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing s I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing s. In Proceedings.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,

Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,
Locally Constraint Support Vector Clustering

Locally Constraint Support Vector Clustering
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.

Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,

Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray,
Automated malware classification based on network behavior

Automated malware classification based on network behavior
CS 5604 Spring 2015 Classification Xuewen Cui Rongrong Tao Ruide Zhang May 5th, 2015.

CS 5604 Spring 2015 Classification Xuewen Cui Rongrong Tao Ruide Zhang May 5th, 2015.
Mining the Peanut Gallery: Opinion Extraction and Semantic Classification of Product Reviews K. Dave et al, WWW 2003, 1480+ citations Presented by Sarah.

Mining the Peanut Gallery: Opinion Extraction and Semantic Classification of Product Reviews K. Dave et al, WWW 2003, citations Presented by Sarah.

Similar presentations

Ads by Google