论文信息 - Assessing the severity of phishing attacks: A hybrid data mining approach

Assessing the severity of phishing attacks: A hybrid data mining approach

Phishing is an online crime that increasingly plagues firms and their consumers. We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value suffered by the targeted firms. We analyze 1030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid method that predicts the severity of the attack with up to 89% accuracy using text phrase extraction and supervised classification. Our research identifies some important textual and financial variables that impact the severity of the attacks and potential financial loss.

[1] Xin Luo,et al. The Phishing Hook: Issues and Reality , 2004 .

[2] Norman M. Sadeh,et al. Learning to detect phishing emails , 2007, WWW '07.

[3] Wei-Yang Lin,et al. Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[4] Kweku-Muata Osei-Bryson,et al. Exploring the characteristics of Internet security breaches that impact the market value of breached firms , 2007, Expert Syst. Appl..

[5] Indranil Bose,et al. Unveiling the Mask of Phishing: Threats, Preventive Measures, and Responsibilities , 2007, Commun. Assoc. Inf. Syst..

[6] Christopher Krügel,et al. On the Effectiveness of Techniques to Detect Phishing Sites , 2007, DIMVA.

[7] Mohammad Zulkernine,et al. Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[8] Frederick Kaefer,et al. Determining the appropriate amount of data for classifying consumers for direct marketing purposes , 2003 .

[9] RadhaKanta Mahapatra,et al. Business data mining - a machine learning perspective , 2001, Inf. Manag..

[10] E. Airoldi,et al. Data Mining Challenges for Electronic Safety: The Case of Fraudulent Intent Detection in E-Mails , 2004 .

[11] Jackie Rees Ulmer,et al. Market Reactions to Information Security Breach Announcements: An Empirical Analysis , 2007, Int. J. Electron. Commer..

[12] N. P. Singh. Online Frauds in Banks with Phishing , 2007 .

[13] Jan Guynes Clark,et al. Why there aren't more information security research studies , 2004, Inf. Manag..

[14] Jackie Rees Ulmer,et al. Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents , 2008, WEIS.

[15] Niels Provos,et al. A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[16] Hal Berghel. Phishing mongers and posers , 2006, CACM.

[17] M. Workman. Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008 .

[18] Sungzoon Cho,et al. Response models based on bagging neural networks , 2005 .

[19] Hou-Kuan Huang,et al. An intrusion detection system based on data mining and immune principles , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[20] Carolyn F. Holton,et al. Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem , 2009, Decis. Support Syst..

[21] Greg Goth. Phishing attacks rising, but dollar losses down , 2005, IEEE Security & Privacy.

[22] Hock-Hai Teo,et al. An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[23] Markus Jakobsson,et al. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[24] Markus Jakobsson,et al. Social phishing , 2007, CACM.

[25] Wei Liu,et al. A Behavior-Based Detection Approach to Mass-Mailing Host , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[26] A. Molla,et al. Adoption and Use of Internet Banking in the Sultanate of Oman: An Exploratory Study , 2004 .

[27] N. Crockford. An introduction to risk management , 1980 .

[28] Christopher J. C. Burges,et al. A Tutorial on Support Vector Machines for Pattern Recognition , 1998, Data Mining and Knowledge Discovery.

[29] J. Ross Quinlan,et al. C4.5: Programs for Machine Learning , 1992 .

[30] Christiane Fellbaum,et al. Book Reviews: WordNet: An Electronic Lexical Database , 1999, CL.

[31] Ronen Feldman,et al. Book Reviews: The Text Mining Handbook: Advanced Approaches to Analyzing Unstructured Data by Ronen Feldman and James Sanger , 2008, CL.

[32] Lorrie Faith Cranor,et al. Lessons from a real world evaluation of anti-phishing training , 2008, 2008 eCrime Researchers Summit.

[33] Michael E. Whitman. Enemy at the gate: threats to information security , 2003, CACM.

[34] Chih-Ping Wei,et al. Accommodating Individual Preferences in the Categorization of Documents: A Personalized Clustering Approach , 2006, J. Manag. Inf. Syst..

[35] Indranil Bose,et al. Indirect Financial Loss of Phishing to Global Market , 2008, ICIS.

[36] John Blackley,et al. Threats to Information Security , 2004 .

[37] Elias Levy. Criminals Become Tech Savvy , 2004, IEEE Secur. Priv..

[38] Houston H. Carr,et al. Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[39] Mojtaba Vahidi-Asl,et al. Learn to Detect Phishing Scams Using Learning and Ensemble ?Methods , 2007, 2007 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Workshops.

[40] Frederick Kaefer,et al. A neural network application to consumer classification to improve the timing of direct marketing activities , 2005, Comput. Oper. Res..

[41] Lorrie Faith Cranor,et al. School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[42] Abagail McWilliams,et al. Event Studies In Management Research: Theoretical And Empirical Issues , 1997 .

[43] Abdul Quaiyum Ansari,et al. Integrating Fuzzy Logic and Data Mining: Impact on Cyber Security , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[44] J. Doug Tygar,et al. Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks , 2005, HIP.

[45] Wilfried N. Gansterer,et al. E-Mail Classification for Phishing Defense , 2009, ECIR.

[46] Olivia R. Liu Sheng,et al. Discovering company revenue relations from news: A network approach , 2009, Decis. Support Syst..

[47] Seven Hinde. ID theft: the US legal fight back , 2004 .

[48] Xiaoning Zhang,et al. Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[49] Bart Baesens,et al. Bayesian neural network learning for repeat purchase modelling in direct marketing , 2002, Eur. J. Oper. Res..