Phishing Using a Modified Bayesian Technique

Dakota State University has a unique computing environment. Every undergraduate student and professor has a school assigned tablet PC. In addition, it is the State of South Dakota’s premier four year technology university. The university also hosts email, website, and website services for the state’s K-12 program in addition to its own. The high use of the mobile computing environment serves as a reason why we chose it for our phishing experiment. For example, recently one staff member was able to be fooled into providing domain login and password information through a phishing email. This caused over 300,000 emails to be sent from that account and the university was therefore blacklisted from Microsoft and its associated affiliates such as Hotmail and MSN. This paper is an attempt to measure the viability of a phishing attack in a mobile computing environment as well as using an adaptation of a popular spam filtering technique to separate phishing emails from spam and phishing emails from legitimate email.

[1]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunnelled Authentication Protocols , 2003, Security Protocols Workshop.

[2]  Kathleen M. Carley,et al.  Exploration of communication networks from the Enron email corpus , 2005 .

[3]  Emil Sit,et al.  An empirical study of spam traffic and the use of DNS black lists , 2004, IMC '04.

[4]  Alessandro Acquisti,et al.  School of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002) , 2009 .

[5]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[6]  Min Wu,et al.  Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[7]  N. Asokan Man-in-the-Middle in Tunnelled Authentication Protocols (Discussion) , 2003, Security Protocols Workshop.

[8]  Gregg Tally Phisherman: A Phishing Data Repository , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[9]  Balachander Krishnamurthy,et al.  Fishing for Phishing from the Network Stream , 2008 .

[10]  M. Jakobsson,et al.  Designing and Conducting Phishing Experiments , 2006 .

[11]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[12]  Christopher Krügel,et al.  There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits , 2008, WOOT.

[13]  M. Stepp PhishHook : A tool to detect and prevent phishing attacks , 2005 .

[14]  A. J. Ferguson Fostering E-Mail Security Awareness: The West Point Carronade , 2005 .

[15]  Jonathan A. Zdziarski,et al.  Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification , 2005 .

[16]  Markus Jakobsson,et al.  Designing ethical phishing experiments , 2007, IEEE Technology and Society Magazine.

[17]  Tyler Moore,et al.  Cooperative attack and defense in distributed networks , 2008 .