Pei Li,Jian Mao,Ruilong Wang,Lihua Zhang,Tao Wei

DOI: https://doi.org/10.1007/978-3-319-06320-1_9

2014-01-01

Abstract:The credibility of websites is an important factor to prevent malicious attacks such as phishing. These attacks cause huge economic losses, for example attacks to online transaction systems. Most of the existing page-rating solutions, such as PageRank and Alexa Rank, are not designed for detecting malicious websites. The main goal of these solutions is to reflect the popularity and relevance of the websites, which might be manipulated by attackers. Other security-oriented rating schemes, e.g., black/white listed based, voting-based and pagesimilarity- based mechanisms, are limited in the accuracy for new pages, bias in recommendation and low efficiency. To balance the user experience and detection accuracy, inspired by the basic idea of PageRank, we developed a website credibility assessment algorithm based on page association. We prototyped our algorithm and developed a website assessment extension for the Safari browser. The experiment results showed that our method is accurate and effective in assessing websites for threats from phishing with a low performance overhead.

Stephan Wiefling,Markus Dürmuth,Luigi Lo Iacono

DOI: https://doi.org/10.1007/978-3-662-64331-0_19

2021-01-26

Abstract:Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users. To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.

Cryptography and Security,Human-Computer Interaction

Ying Yuan,Qingying Hao,Giovanni Apruzzese,Mauro Conti,Gang Wang

DOI: https://doi.org/10.1145/3589334.3645502

2024-04-04

Abstract:Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing -- the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.

Cryptography and Security

Sruti Bhagavatula,Lujo Bauer,Apu Kapadia

DOI: https://doi.org/10.48550/arXiv.2010.09843

2021-05-28

Abstract:Awareness about security and privacy risks is important for developing good security habits. Learning about real-world security incidents and data breaches can alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action, e.g., by trying to read more about the incident, and 3) what influences the likelihood that they will read about an incident and take some action. We study this by quantitatively examining real-world internet-browsing data from 303 participants. Our findings present a bleak view of awareness of security incidents. Only 16% of participants visited any web pages related to six widely publicized large-scale security incidents; few read about one even when an incident was likely to have affected them (e.g., the Equifax breach almost universally affected people with Equifax credit reports). We further found that more severe incidents as well as articles that constructively spoke about the incident inspired more action. We conclude with recommendations for specific future research and for enabling useful security incident information to reach more people.

Cryptography and Security,Computers and Society

Nataliia Neshenko,Elias Bou‐Harb,Borko Furht,Ravi Behara

DOI: https://doi.org/10.1111/risa.14209

2023-08-29

Risk Analysis

Abstract:With the continuous modernization of water plants, the risk of cyberattacks on them potentially endangers public health and the economic efficiency of water treatment and distribution. This article signifies the importance of developing improved techniques to support cyber risk management for critical water infrastructure, given an evolving threat environment. In particular, we propose a method that uniquely combines machine learning, the theory of belief functions, operational performance metrics, and dynamic visualization to provide the required granularity for attack inference, localization, and impact estimation. We illustrate how the focus on visual domain‐aware anomaly exploration leads to performance improvement, more precise anomaly localization, and effective risk prioritization. Proposed elements of the method can be used independently, supporting the exploration of various anomaly detection methods. It thus can facilitate the effective management of operational risk by providing rich context information and bridging the interpretation gap.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Chen Doytshman,Satoru Momiyama,Inderjeet Singh,Yuval Elovici,Asaf Shabtai

2023-12-03

Abstract:In recent years, financial fraud detection systems have become very efficient at detecting fraud, which is a major threat faced by e-commerce platforms. Such systems often include machine learning-based algorithms aimed at detecting and reporting fraudulent activity. In this paper, we examine the application of adversarial learning based ranking techniques in the fraud detection domain and propose FRAUDability, a method for the estimation of a financial fraud detection system's performance for every user. We are motivated by the assumption that "not all users are created equal" -- while some users are well protected by fraud detection algorithms, others tend to pose a challenge to such systems. The proposed method produces scores, namely "fraudability scores," which are numerical estimations of a fraud detection system's ability to detect financial fraud for a specific user, given his/her unique activity in the financial system. Our fraudability scores enable those tasked with defending users in a financial platform to focus their attention and resources on users with high fraudability scores to better protect them. We validate our method using a real e-commerce platform's dataset and demonstrate the application of fraudability scores from the attacker's perspective, on the platform, and more specifically, on the fraud detection systems used by the e-commerce enterprise. We show that the scores can also help attackers increase their financial profit by 54%, by engaging solely with users with high fraudability scores, avoiding those users whose spending habits enable more accurate fraud detection.

Cryptography and Security

Lynsay A. Shepherd,Jacqueline Archibald

DOI: https://doi.org/10.48550/arXiv.1806.06905

IF: 6.4588

2018-06-18

Human-Computer Interaction

Abstract:A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness.

Mahmood Deypir,Toktam Zoughi

DOI: https://doi.org/10.1007/s40998-023-00690-x

2024-05-12

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Attackers perform malicious activities by sending URL s to victims via e-mail, SMS , social network messages, and other means. Recently, intruders have been generating malicious URL s algorithmically. They also use shortening or obfuscation services to bypass firewalls and other security barriers. Some machine learning methods have been presented in order to identify malicious URLs from normal ones, all of which are subject to classification errors. On the other hand, it is impractical to have a complete and up-to-date blacklist due to large number of daily generated malicious URL s. Therefore, calculating the URLs security risk would be more helpful than URLs classification. In this way a user can correctly decide whether to use an unfamiliar URL if they know its associated security risk. In this study, the problem of URLs security risk computation is introduced and two effective novel criteria for this problem are proposed. Based on these criteria, a security risk score can be estimated for each incoming URL . In the first criterion, based on previous malicious and non-malicious URL instances, the extracted features of a URL are divided into two categories, those increase the risk and those reduce the security risk. In the second criterion, security risk score of an unknown URL is estimated based on its distances to nearest known malicious and also safe URLs . For both criterion, corresponding formulations and algorithms are also designed and are described. Extensive empirical evaluations on various real datasets show the effectiveness of the proposed criteria in terms of malicious URL detection rate. Moreover, our experiments show that the proposed metrics significantly outperforms previously proposed risk score criteria.

engineering, electrical & electronic

Md Kamrul Hasan Chy,Obed Nana Buadi

2024-11-01

Abstract:This paper introduces a Machine Learning-Driven website Platform and Browser Extension designed to quickly enhance online security by providing real-time risk scoring and fraud detection for website legitimacy verification and consumer protection. The platform works seamlessly in the background to analyze website behavior, network traffic, and user interactions, offering immediate feedback and alerts when potential threats are detected. By integrating this system into a user-friendly browser extension, the platform empowers individuals to navigate the web safely, reducing the risk of engaging with fraudulent websites. Its real-time functionality is crucial in e-commerce and everyday browsing, where quick, actionable insights can prevent financial losses, identity theft, and exposure to malicious sites. This paper explores how this solution offers a practical, fast-acting tool for enhancing online consumer protection, underscoring its potential to play a critical role in safeguarding users and maintaining trust in digital transactions. The platform's focus on speed and efficiency makes it an essential asset for preventing fraud in today's increasingly digital world.

Cryptography and Security,Machine Learning

Casey Inez Canfield,Baruch Fischhoff

DOI: https://doi.org/10.1111/risa.12917

Abstract:Phishing risk is a growing area of concern for corporations, governments, and individuals. Given the evidence that users vary widely in their vulnerability to phishing attacks, we demonstrate an approach for assessing the benefits and costs of interventions that target the most vulnerable users. Our approach uses Monte Carlo simulation to (1) identify which users were most vulnerable, in signal detection theory terms; (2) assess the proportion of system-level risk attributable to the most vulnerable users; (3) estimate the monetary benefit and cost of behavioral interventions targeting different vulnerability levels; and (4) evaluate the sensitivity of these results to whether the attacks involve random or spear phishing. Using parameter estimates from previous research, we find that the most vulnerable users were less cautious and less able to distinguish between phishing and legitimate emails (positive response bias and low sensitivity, in signal detection theory terms). They also accounted for a large share of phishing risk for both random and spear phishing attacks. Under these conditions, our analysis estimates much greater net benefit for behavioral interventions that target these vulnerable users. Within the range of the model's assumptions, there was generally net benefit even for the least vulnerable users. However, the differences in the return on investment for interventions with users with different degrees of vulnerability indicate the importance of measuring that performance, and letting it guide interventions. This study suggests that interventions to reduce response bias, rather than to increase sensitivity, have greater net benefit.

Kevin Jasberg,Sergej Sizov

DOI: https://doi.org/10.48550/arXiv.1802.05892

2018-02-16

Abstract:In this paper we consider the neuroscientific theory of the Bayesian brain in the light of adaptive web systems and content personalisation. In particular, we elaborate on neural mechanisms of human decision-making and the origin of lacking reliability of user feedback, often denoted as noise or human uncertainty. To this end, we first introduce an adaptive model of cognitive agency in which populations of neurons provide an estimation for states of the world. Subsequently, we present various so-called decoder functions with which neuronal activity can be translated into quantitative decisions. The interplay of the underlying cognition model and the chosen decoder function leads to different model-based properties of decision processes. The goal of this paper is to promote novel user models and exploit them to naturally associate users to different clusters on the basis of their individual neural characteristics and thinking patterns. These user models might be able to turn the variability of user behaviour into additional information for improving web personalisation and its experience.

Human-Computer Interaction,Neural and Evolutionary Computing

Sourav Bhattacharya,Otto Huhta,N. Asokan

DOI: https://doi.org/10.48550/arXiv.1504.04730

2015-04-18

Abstract:Unsafe websites consist of malicious as well as inappropriate sites, such as those hosting questionable or offensive content. Website reputation systems are intended to help ordinary users steer away from these unsafe sites. However, the process of assigning safety ratings for websites typically involves humans. Consequently it is time consuming, costly and not scalable. This has resulted in two major problems: (i) a significant proportion of the web space remains unrated and (ii) there is an unacceptable time lag before new websites are rated. In this paper, we show that by leveraging structural and content-based properties of websites, it is possible to reliably and efficiently predict their safety ratings, thereby mitigating both problems. We demonstrate the effectiveness of our approach using four datasets of up to 90,000 websites. We use ratings from Web of Trust (WOT), a popular crowdsourced web reputation system, as ground truth. We propose a novel ensemble classification technique that makes opportunistic use of available structural and content properties of webpages to predict their eventual ratings in two dimensions used by WOT: trustworthiness and child safety. Ours is the first classification system to predict such subjective ratings and the same approach works equally well in identifying malicious websites. Across all datasets, our classification performs well with average F$_1$-score in the 74--90\% range.

Cryptography and Security,Information Retrieval

Kevin Jasberg,Sergej Sizov

DOI: https://doi.org/10.48550/arXiv.1802.05895

IF: 6.4588

2018-02-16

Human-Computer Interaction

Abstract:Latest research revealed a considerable lack of reliability within user feedback and discussed striking impacts for the assessment of adaptive web systems and content personalisation approaches, e.g. ranking errors, systematic biases to accuracy metrics as well as its natural offset (the magic barrier). In order to perform holistic assessments and to improve web systems, a variety of strategies have been proposed to deal with this so-called human uncertainty. In this contribution we discuss the most relevant strategies to handle uncertain feedback and demonstrate that these approaches are more or less ineffective to fulfil their objectives. In doing so, we consider human uncertainty within a purely probabilistic framework and utilise hypothesis testing as well as a generalisation of the magic barrier to compare the effects of recently proposed algorithms. On this basis we recommend a novel strategy of acceptance which turns away from mere filtering and discuss potential benefits for the community of the WWW.

Xueyao Yu,Filipe R. Cogo,Shane McIntosh,Michael W. Godfrey

DOI: https://doi.org/10.1007/s10664-024-10443-x

IF: 3.762

2024-02-18

Empirical Software Engineering

Abstract:While code review is a critical component of modern software quality assurance, defects can still slip through the review process undetected. Previous research suggests that the main reason for this is a lack of reviewer awareness about the likelihood of defects in proposed changes; even experienced developers may struggle to evaluate the potential risks. If a change's riskiness is underestimated, it may not receive adequate attention during review, potentially leading to defects being introduced into the codebase. In this paper, we investigate how risk assessment analytics can influence the level of awareness among developers regarding the potential risks associated with code changes; we also study how effective and efficient reviewers are at detecting defects during code review with the use of such analytics. We conduct a controlled experiment using Gherald , a risk assessment prototype tool that analyzes the riskiness of change sets based on historical data. Following a between-subjects experimental design, we assign participants to the treatment (i.e., with access to Gherald ) or control group. All participants are asked to perform risk assessment and code review tasks. Through our experiment with 48 participants, we find that the use of Gherald  is associated with statistically significant improvements (one-tailed, unpaired Mann-Whitney U test, = 0.05) in developer awareness of riskiness of code changes and code review effectiveness. Moreover, participants in the treatment group tend to identify the known defects more quickly than those in the control group; however, the difference between the two groups is not statistically significant. Our results lead us to conclude that the adoption of a risk assessment tool has a positive impact on code review practices, which provides valuable insights for practitioners seeking to enhance their code review process and highlights the importance for further research to explore more effective and practical risk assessment approaches.

computer science, software engineering

Nicolas E. Diaz Ferreyra,Rene Meis,Maritta Heisel

DOI: https://doi.org/10.48550/arXiv.2008.09391

IF: 6.4588

2020-08-21

Human-Computer Interaction

Abstract:Social Network Sites (SNSs) like Facebook or Instagram are spaces where people expose their lives to wide and diverse audiences. This practice can lead to unwanted incidents such as reputation damage, job loss or harassment when pieces of private information reach unintended recipients. As a consequence, users often regret to have posted private information in these platforms and proceed to delete such content after having a negative experience. Risk awareness is a strategy that can be used to persuade users towards safer privacy decisions. However, many risk awareness technologies for SNSs assume that information about risks is retrieved and measured by an expert in the field. Consequently, risk estimation is an activity that is often passed over despite its importance. In this work we introduce an approach that employs deleted posts as risk information vehicles to measure the frequency and consequence level of self-disclosure patterns in SNSs. In this method, consequence is reported by the users through an ordinal scale and used later on to compute a risk criticality index. We thereupon show how this index can serve in the design of adaptive privacy nudges for SNSs.

Stephan Wiefling,Paul René Jørgensen,Sigurd Thunem,Luigi Lo Iacono

DOI: https://doi.org/10.1145/3546069

2022-11-10

Abstract:Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from previously observed ones. It is recommended by various national security organizations, and users perceive it more usable and equally secure than equivalent two-factor authentication. Despite that, RBA is still only used by very few online services. Reasons for this include a lack of validated open resources on RBA properties, implementation, and configuration. This effectively hinders the RBA research, development, and adoption progress. To close this gap, we provide the first long-term RBA analysis on a real-world large-scale online service. We collected feature data of 3.3 million users and 31.3 million login attempts over more than one year. Based on the data, we provide (i) studies on RBA's real-world characteristics, and its configurations and enhancements to balance usability, security, and privacy, (ii) a machine learning based RBA parameter optimization method to support administrators finding an optimal configuration for their own use case scenario, (iii) an evaluation of the round-trip time feature's potential to replace the IP address for enhanced user privacy, and (iv) a synthesized RBA data set to reproduce this research and to foster future RBA research. Our results provide insights on selecting an optimized RBA configuration so that users profit from RBA after just a few logins. The open data set enables researchers to study, test, and improve RBA for widespread deployment in the wild.

Cryptography and Security,Human-Computer Interaction

Erick Galinkin,John Carter,Spiros Mancoridis

DOI: https://doi.org/10.48550/arXiv.2109.11592

2021-09-23

Cryptography and Security

Abstract:In cybersecurity, attackers range from brash, unsophisticated script kiddies and cybercriminals to stealthy, patient advanced persistent threats. When modeling these attackers, we can observe that they demonstrate different risk-seeking and risk-averse behaviors. This work explores how an attacker's risk seeking or risk averse behavior affects their operations against detection-optimizing defenders in an Internet of Things ecosystem. Using an evaluation framework which uses real, parametrizable malware, we develop a game that is played by a defender against attackers with a suite of malware that is parameterized to be more aggressive and more stealthy. These results are evaluated under a framework of exponential utility according to their willingness to accept risk. We find that against a defender who must choose a single strategy up front, risk-seeking attackers gain more actual utility than risk-averse attackers, particularly in cases where the defender is better equipped than the two attackers anticipate. Additionally, we empirically confirm that high-risk, high-reward scenarios are more beneficial to risk-seeking attackers like cybercriminals, while low-risk, low-reward scenarios are more beneficial to risk-averse attackers like advanced persistent threats.

Luka Jovanovic,Dijana Jovanovic,Milos Antonijevic,Bosko Nikolic,Nebojsa Bacanin,Miodrag Zivkovic,Ivana Strumberger

DOI: https://doi.org/10.13052/jwe1540-9589.2237

2023-07-03

Journal of Web Engineering

Abstract:In the last few decades, the World Wide Web has become a necessity that offers numerous services to end users. The number of online transactions increases daily, as well as that of malicious actors. Machine learning plays a vital role in the majority of modern solutions. To further improve Web security, this paper proposes a hybrid approach based on the eXtreme Gradient Boosting (XGBoost) machine learning model optimized by an improved version of the well-known metaheuristics algorithm. In this research, the improved firefly algorithm is employed in the two-tier framework, which was also developed as part of the research, to perform both the feature selection and adjustment of the XGBoost hyper-parameters. The performance of the introduced hybrid model is evaluated against three instances of well-known publicly available phishing website datasets. The performance of novel introduced algorithms is additionally compared against cutting-edge metaheuristics that are utilized in the same framework. The first two datasets were provided by Mendeley Data, while the third was acquired from the University of California, Irvine machine learning repository. Additionally, the best performing models have been subjected to SHapley Additive exPlanations (SHAP) analysis to determine the impact of each feature on model decisions. The obtained results suggest that the proposed hybrid solution achieves a superior performance level in comparison to other approaches, and that it represents a perspective solution in the domain of web security.

computer science, theory & methods, software engineering

Lenka Benova,Ladislav Hudec

DOI: https://doi.org/10.3390/s24030746

IF: 3.9

2024-01-24

Sensors

Abstract:In this study, we present a novel machine learning framework for web server anomaly detection that uniquely combines the Isolation Forest algorithm with expert evaluation, focusing on individual user activities within NGINX server logs. Our approach addresses the limitations of traditional methods by effectively isolating and analyzing subtle anomalies in vast datasets. Initially, the Isolation Forest algorithm was applied to extensive NGINX server logs, successfully identifying outlier user behaviors that conventional methods often overlook. We then employed DBSCAN for detailed clustering of these anomalies, categorizing them based on user request times and types. A key innovation of our methodology is the incorporation of post-clustering expert analysis. Cybersecurity professionals evaluated the identified clusters, adding a crucial layer of qualitative assessment. This enabled the accurate distinction between benign and potentially harmful activities, leading to targeted responses such as access restrictions or web server configuration adjustments. Our approach demonstrates a significant advancement in network security, offering a more refined understanding of user behavior. By integrating algorithmic precision with expert insights, we provide a comprehensive and nuanced strategy for enhancing cybersecurity measures. This study not only advances anomaly detection techniques but also emphasizes the critical need for a multifaceted approach in protecting web server infrastructures.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Tianlang Xiong,Zhishuo Ma,Zhuangzhuang Li,Jiangqianyi Dai

DOI: https://doi.org/10.1007/s13198-021-01181-0

2021-06-26

International Journal of System Assurance Engineering and Management

Abstract:The study is to explore the risks in the Internet finance and the factors affecting users' behavior under the background of big data. First, the risks of the Internet finance under the background of big data and the existing risk control modes are analyzed. Then, based on BP neural network (BPNN), an Internet financial fraud identification model is constructed, and corresponding touch rules are made. Its prediction performance is quantitatively compared with that of support vector machine and random forest algorithm. Finally, based on the structural equation model, the influence path of perceived security control on the Internet financial behavior is explored. The results show that, the applicants whose unit addresses are on blacklist have the highest touch fraud rate (14.16%). The precision rate (88.14%), accuracy rate (96.37%), recall rate (70.96%), and F-Score value (16.36) of the financial fraud identification model based on BPNN are the highest versus the other two algorithms, and the error detection rate (7.19%) is the lowest. The perceived security, identity authentication, non-repudiation of transactions, privacy protection, and control strength of data integrity positively affect users' trust, which further positively affects the attitude and intention of using the Internet finance, and the intention eventually affects users' behavior. Finally, some suggestions are put forward to improve the supervision of the Internet finance in China. To sum up, the Internet financial fraud identification model based on BPNN demonstrates satisfying performance and is worth of promotion. Additionally, the authentication technology, non-repudiation of transactions, privacy protection, data integrity, and users' sense of trust of the Internet finance have a significant impact on users' behavior.