A Game Theoretical Model for Anticipating Email Spear-Phishing Strategies

A solution to help victims against phishing is anticipating and leveraging impacts related to phisher actions. In this regard, this work reshapes game theoretical logic between Intrusion Detection System (IDS) agents and insiders to email spear-phishing interactions. The email spear-phishing attack is designed as a non-cooperative and repeated game between opponents. Additionally, this work relies on Quantal Response Equilibrium (QRE) to build a game theoretical approach to predict the phisher’s future intent based on past actions of both players. This approach is coupled with a recommendation strategy of appropriate allocation of resources to invest to strengthen user protection. Simulations on spear-phishing scenarios demonstrate the ability of the final system to intuitively guess the most likely phisher decisions. This work provides intelligence to spearphishing detectors and humans such that they can anticipate next phisher actions. Received on 11 May 2020; accepted on 09 September 2020; published on 18 September 2020

[1]  Andrew McLennan,et al.  Gambit: Software Tools for Game Theory , 2006 .

[2]  Qishi Wu,et al.  Game Theoretic Approaches to Protect Cyberspace , 2010 .

[3]  Richard N. Landers,et al.  Gamification Science, Its History and Future: Definitions and a Research Agenda , 2018 .

[4]  Masayuki Murata,et al.  Malicious URL sequence detection using event de-noising convolutional neural network , 2017, 2017 IEEE International Conference on Communications (ICC).

[5]  Victor Chang,et al.  Mobile malware attacks: Review, taxonomy & future directions , 2019, Future Gener. Comput. Syst..

[6]  Lina Zhou,et al.  Phishing environments, techniques, and countermeasures: A survey , 2017, Comput. Secur..

[7]  Massimo Magni,et al.  One Game Does not Fit All. Gamification and Learning: Overview and Future Directions , 2019 .

[8]  R. McKelvey,et al.  Quantal Response Equilibria for Extensive Form Games , 1998 .

[9]  Dimitris Gritzalis,et al.  Security Busters: Web browser security vs. rogue sites , 2015, Comput. Secur..

[10]  Alexandra Kunz,et al.  User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn , 2017, Comput. Secur..

[11]  T. L. McCluskey,et al.  Intelligent rule-based phishing websites classification , 2014, IET Inf. Secur..

[12]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[13]  Steven C. H. Hoi,et al.  Malicious URL Detection using Machine Learning: A Survey , 2017, ArXiv.

[14]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[15]  Ankit Kumar Jain,et al.  Towards detection of phishing websites on client-side using machine learning based approach , 2017, Telecommunication Systems.

[16]  Jason Hong,et al.  The state of phishing attacks , 2012, Commun. ACM.

[17]  Manmeet Mahinderjit Singh,et al.  Usable Security: Revealing End-Users Comprehensions on Security Warnings , 2017 .

[18]  Yufei Han,et al.  Accurate spear phishing campaign attribution and early detection , 2016, SAC.

[19]  Quanyan Zhu,et al.  Phishing for Phools in the Internet of Things: Modeling One-to-Many Deception using Poisson Signaling Games , 2017, ArXiv.

[20]  Harish Kumar,et al.  Internet attacks and intrusion detection system: A review of the literature , 2017, Online Inf. Rev..

[21]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[22]  Ankit Kumar Jain,et al.  Phishing Detection: Analysis of Visual Similarity Based Approaches , 2017, Secur. Commun. Networks.

[23]  Bhojane Yogesh,et al.  Intelligent rule-based Phishing Websites Classification , 2016 .

[24]  Ankit Kumar Jain,et al.  A novel approach to protect against phishing attacks at client side using auto-updated white-list , 2016, EURASIP Journal on Information Security.

[25]  K. S. Kuppusamy,et al.  PhiDMA - A phishing detection model with multi-filter approach , 2017, J. King Saud Univ. Comput. Inf. Sci..

[26]  Dimitris Gritzalis,et al.  Exploring the protection of private browsing in desktop browsers , 2017, Comput. Secur..

[27]  Rehan Ashraf,et al.  MPMPA: A Mitigation and Prevention Model for Social Engineering Based Phishing attacks on Facebook , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[28]  Ankit Kumar Jain,et al.  Mobile phishing attacks and defence mechanisms: State of art and open research challenges , 2017, Comput. Secur..

[29]  Richard Weber,et al.  Adversarial classification using signaling games with an application to phishing detection , 2016, Data Mining and Knowledge Discovery.

[30]  Tommy Chin,et al.  Phishlimiter: A Phishing Detection and Mitigation Approach Using Software-Defined Networking , 2018, IEEE Access.

[31]  Bo An,et al.  Optimizing Personalized Email Filtering Thresholds to Mitigate Sequential Spear Phishing Attacks , 2016, AAAI.

[32]  Ramiro Gonçalves,et al.  Intrusion detection systems in Internet of Things: A literature review , 2018, 2018 13th Iberian Conference on Information Systems and Technologies (CISTI).

[33]  Chao Liu,et al.  Modelling and analysis of phishing attack using stochastic game nets , 2013 .

[34]  Ali A. Ghorbani,et al.  Application of deep learning to cybersecurity: A survey , 2019, Neurocomputing.

[35]  Cleotilde González,et al.  Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks , 2018, Front. Psychol..

[36]  Choon Lin Tan,et al.  A survey of phishing attacks: Their types, vectors and technical approaches , 2018, Expert Syst. Appl..

[37]  Ioanna Kantzavelou,et al.  A game-based intrusion detection mechanism to confront internal attackers , 2010, Comput. Secur..

[38]  Shivam Lohani Social Engineering: Hacking into Humans , 2019 .

[39]  Sunil Choenni,et al.  A Study of Preventing Email (Spear) Phishing by Enabling Human Intelligence , 2015, 2015 European Intelligence and Security Informatics Conference.

[40]  El-Sayed M. El-Alfy Detection of Phishing Websites Based on Probabilistic Neural Networks and K-Medoids Clustering , 2017, Computer/law journal.

[41]  Indrakshi Ray,et al.  "Kn0w Thy Doma1n Name": Unbiased Phishing Detection Using Domain Name Based Features , 2018, SACMAT.

[42]  Klaudia Beich,et al.  Playing For Real A Text On Game Theory , 2016 .

[43]  Hongjie Li,et al.  Quantal Response Equilibrium-Based Strategies for Intrusion Detection in WSNs , 2015, Mob. Inf. Syst..

[44]  Franklin Tchakounté,et al.  True Request–Fake Response: A New Trend of Spear Phishing Attack , 2019 .

[45]  Malcolm Robert Pattinson,et al.  Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails , 2016, ACIS.

[46]  Quanyan Zhu,et al.  On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats , 2018, IEEE Access.

[47]  Mark Turner,et al.  Testing the Foundations of Quantal Response Equilibrium , 2013, SBP.

[48]  Shlomo Berkovsky,et al.  Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks , 2017, HAISA.

[49]  Harshal Tupsamudre,et al.  PHISHY - A Serious Game to Train Enterprise Users on Phishing Awareness , 2018, CHI PLAY.

[50]  Shelly Sachdeva,et al.  Invitation or Bait? Detecting Malicious URLs in Facebook Events , 2018, 2018 Eleventh International Conference on Contemporary Computing (IC3).

[51]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[52]  Naima Kaabouch,et al.  Social Engineering Attacks: A Survey , 2019, Future Internet.