Detecting client-side e-banking fraud using a heuristic model
|
|
|
- Bethany Henderson
- 8 years ago
- Views:
Transcription
1 Detecting client-side e-banking fraud using a heuristic model Tim Timmermans tim.timmermans@os3.nl Jurgen Kloosterman jurgen.kloosterman@os3.nl University of Amsterdam July 4, 2013 Tim Timmermans, Jurgen Kloosterman Research project 2. (1 of 21)
2 Introduction E-banking malware; Man-in-the-browser attack; Owns the browser; Not possible to detect malware with web techniques, i.e JavaScript. Tim Timmermans, Jurgen Kloosterman Research project 2. (2 of 21)
3 Normal banking web page Figure 1: Normal banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (3 of 21)
4 Malicious banking web page Figure 2: Malicious banking web page Tim Timmermans, Jurgen Kloosterman Research project 2. (4 of 21)
5 Research question To what extend is it possible to detect maliciously injected code into a web page using a heuristic model in order to counteract fraud and what is the performance of such technique in terms of accuracy and execution time? Tim Timmermans, Jurgen Kloosterman Research project 2. (5 of 21)
6 Current Solutions Pattern recognition; Cannot detect injections from unknown malware. Tim Timmermans, Jurgen Kloosterman Research project 2. (6 of 21)
7 Related Work CaffeineMonkey: a method to analyse and detect malicious JavaScript (Feinstein et. al.); Prophiler: a filter to examine millions of web pages for malicious content (Canali, Davide, et al.); Zozzle: a low-overhead solution that applies Bayesian analysis to detect JavaScript malware in the browser (Curtsinger, Charlie, et al.). Tim Timmermans, Jurgen Kloosterman Research project 2. (7 of 21)
8 Approach (1) Supervised machine learning; Labeling of benign and malicious pages Server-side detection mechanism; Goal: detect injections from unknown malware and difficult to bypass. Tim Timmermans, Jurgen Kloosterman Research project 2. (8 of 21)
9 Approach (2) Figure 3: Normal interaction with an e-banking web site. Tim Timmermans, Jurgen Kloosterman Research project 2. (9 of 21)
10 Approach (3) Figure 4: Overview of fraud detection implementation. Tim Timmermans, Jurgen Kloosterman Research project 2. (10 of 21)
11 Model overview Figure 5: Overview of the fraud detection model. Tim Timmermans, Jurgen Kloosterman Research project 2. (11 of 21)
12 Method: feature extraction Brief selection of features that are identified: iframes; inline styles; hidden elements; input fields; (obfuscated) Javascript; external Javascript, stylesheets and images. Figure 6: Feature extraction component A total of 26 relevant features are identified from HTML, Javascript and URLs Tim Timmermans, Jurgen Kloosterman Research project 2. (12 of 21)
13 Method: preprocessor Transforms the feature data to a vector as input for the classifier; Assigns a maliciousness score based on the extracted URL features. Figure 7: Preprocessor component Tim Timmermans, Jurgen Kloosterman Research project 2. (13 of 21)
14 Method: classifier Naïve Bayes learning algorithm Two components Trainer; Classification. Figure 8: Classifier components Tim Timmermans, Jurgen Kloosterman Research project 2. (14 of 21)
15 Classifier: trainer Train the classifier on manual labeled malicious and benign pages. Figure 9: Classifier - trainer component Tim Timmermans, Jurgen Kloosterman Research project 2. (15 of 21)
16 Classifier: classification Classifies an unknown page against the training set using the Bayes theorem; Result consists of a probability between 0 and 100% for each class. Figure 10: Classifier - classification Tim Timmermans, Jurgen Kloosterman Research component project 2. (16 of 21)
17 Results: performance Mean execution time to classify an unknown page: seconds. Figure 11: Execution time performance Tim Timmermans, Jurgen Kloosterman Research project 2. (17 of 21)
18 Results: accuracy 90% accuracy reached with instances in the training set. Figure 12: Accuracy measurements Tim Timmermans, Jurgen Kloosterman Research project 2. (18 of 21)
19 Results: model validation Experiment to validate the developed model: 1 Train classifier on page adapter by Zeus malware; 2 Classify a page adapted by Citadel malware. Result: classified as malicious with a probability of 100%. Tim Timmermans, Jurgen Kloosterman Research project 2. (19 of 21)
20 Conclusion Classifier reaches an accuracy of 90% given the used dataset (needs validation with more complete set); The developed model is able to counteract fraud, caused by (unknown) malware; Classification process of a web page is performed with a mean of seconds; Improvement of the model may lower impact on resources and optimizing executing time. Tim Timmermans, Jurgen Kloosterman Research project 2. (20 of 21)
21 References Feinstein, Ben, Daniel Peck, and I. SecureWorks. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA 2007 (2007). Canali, Davide, et al. Prophiler: a fast filter for the large-scale detection of malicious web pages. Proceedings of the 20th international conference on World wide web. ACM, Curtsinger, Charlie, et al. ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection. USENIX Security Symposium Tim Timmermans, Jurgen Kloosterman Research project 2. (21 of 21)
LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
Deciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
Secure all the things with graphs and predictive analytics
Secure all the things with graphs and predictive analytics SESSION ID: Kevin Mahaffey CTO Lookout Tim Wyatt Director, Security Engineering Lookout Over-simplification of security Protection bars on windows
On Attacking Statistical Spam Filters
On Attacking Statistical Spam Filters Gregory L. Wittel and S. Felix Wu Department of Computer Science University of California, Davis One Shields Avenue, Davis, CA 95616 USA Paper review by Deepak Chinavle
Machine Learning with MATLAB David Willingham Application Engineer
Machine Learning with MATLAB David Willingham Application Engineer 2014 The MathWorks, Inc. 1 Goals Overview of machine learning Machine learning models & techniques available in MATLAB Streamlining the
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Cumhur Doruk Bozagac Bilkent University, Computer Science and Engineering Department, 06532 Ankara, Turkey
2.0. Specification of HSN 2.0 JavaScript Static Analyzer
2.0 Specification of HSN 2.0 JavaScript Static Analyzer Pawe l Jacewicz Version 0.3 Last edit by: Lukasz Siewierski, 2012-11-08 Relevant issues: #4925 Sprint: 11 Summary This document specifies operation
Introduction to Data Mining
Introduction to Data Mining Jay Urbain Credits: Nazli Goharian & David Grossman @ IIT Outline Introduction Data Pre-processing Data Mining Algorithms Naïve Bayes Decision Tree Neural Network Association
Journal of Network and Computer Applications
Journal of Network and Computer Applications 38 (2014) 135 149 Contents lists available at ScienceDirect Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca Efficient
Autonomous Learning for Detection of JavaScript Attacks: Vision or Reality?
Autonomous Learning for Detection of JavaScript Attacks: Vision or Reality? Guido Schwenk Technische Universität Berlin Berlin, Germany Alexander Bikadorov Technische Universität Berlin Berlin, Germany
Detection of Malicious URLs by Correlating the Chains of Redirection in an Online Social Network (Twitter)
International Journal of Research Studies in Computer Science and Engineering (IJRSCSE) Volume 1, Issue 3, July 2014, PP 33-38 ISSN 2349-4840 (Print) & ISSN 2349-4859 (Online) www.arcjournals.org Detection
Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
International Journal of Security and Its s Applications Automatic Detection for JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis YoungHan Choi, TaeGhyoon Kim, SeokJin Choi The
Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages
Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages Davide Canali Marco Cova Giovanni Vigna Christopher Kruegel Institute Eurecom, France University of Birmingham, UK University
Prediction of Heart Disease Using Naïve Bayes Algorithm
Prediction of Heart Disease Using Naïve Bayes Algorithm R.Karthiyayini 1, S.Chithaara 2 Assistant Professor, Department of computer Applications, Anna University, BIT campus, Tiruchirapalli, Tamilnadu,
The Power of Obfuscation Techniques in Malicious JavaScript Code: A Measurement Study
The Power of Obfuscation Techniques in Malicious JavaScript Code: A Measurement Study Wei Xu, Fangfang Zhang and Sencun Zhu Department of Computer Science and Engineering The Pennsylvania State University,
Search engine optimization: Black hat Cloaking Detection technique
Search engine optimization: Black hat Cloaking Detection technique Patel Trupti 1, Kachhadiya Kajal 2, Panchani Asha 3, Mistry Pooja 4 Shrimad Rajchandra Institute of Management and Computer Application
Protect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains
TECHNICAL REPORT An Analysis of Domain Silver, Inc..pl Domains July 31, 2013 CONTENTS Contents 1 Introduction 2 2 Registry, registrar and registrant 3 2.1 Rogue registrar..................................
A Content based Spam Filtering Using Optical Back Propagation Technique
A Content based Spam Filtering Using Optical Back Propagation Technique Sarab M. Hameed 1, Noor Alhuda J. Mohammed 2 Department of Computer Science, College of Science, University of Baghdad - Iraq ABSTRACT
Protection, Usability and Improvements in Reflected XSS Filters
Protection, Usability and Improvements in Reflected XSS Filters Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University May 2, 2012 1 / 19 Riccardo Pelizzi Improvements
Interactive Website Filter for Safe Web Browsing
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING XX, XXX-XXX (201X) Interactive Website Filter for Safe Web Browsing INSOON JO 1, EUNJIN (EJ) JUNG 2 AND HEON Y. YEOM 1 1 School of Computer Science and Engineering
CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA
CLASSIFYING NETWORK TRAFFIC IN THE BIG DATA ERA Professor Yang Xiang Network Security and Computing Laboratory (NSCLab) School of Information Technology Deakin University, Melbourne, Australia http://anss.org.au/nsclab
An Introduction to Data Mining
An Introduction to Intel Beijing wei.heng@intel.com January 17, 2014 Outline 1 DW Overview What is Notable Application of Conference, Software and Applications Major Process in 2 Major Tasks in Detail
KEYWORDS: Internet Applications, Security, Languages, Review and evaluation.
[Madhusudhanan, 4(3): March, 2015] ISSN: 2277-9655 IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY WEB SECURITY VULNERABILITY ASSESSMENT AND RECOVERY MACHANISAM M.Madhusudhanan*,
Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
T-61.3050 : Email Classification as Spam or Ham using Naive Bayes Classifier. Santosh Tirunagari : 245577
T-61.3050 : Email Classification as Spam or Ham using Naive Bayes Classifier Santosh Tirunagari : 245577 January 20, 2011 Abstract This term project gives a solution how to classify an email as spam or
Internet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology
Internet Monitoring via DNS Traffic Analysis Wenke Lee Georgia Institute of Technology 0 Malware Networks (Botnets) 1 From General-Purpose to Targeted Attacks 11/14/12 2 Command and Control l Botnet design:
Transaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
Web application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
Three types of messages: A, B, C. Assume A is the oldest type, and C is the most recent type.
Chronological Sampling for Email Filtering Ching-Lung Fu 2, Daniel Silver 1, and James Blustein 2 1 Acadia University, Wolfville, Nova Scotia, Canada 2 Dalhousie University, Halifax, Nova Scotia, Canada
SQL INJECTION IN MYSQL
SQL INJECTION IN MYSQL WHAT IS SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database. extracted from http://www.sqlcourse.com/intro.html SELECT
Email Spam Detection A Machine Learning Approach
Email Spam Detection A Machine Learning Approach Ge Song, Lauren Steimle ABSTRACT Machine learning is a branch of artificial intelligence concerned with the creation and study of systems that can learn
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION
CYBER SCIENCE 2015 AN ANALYSIS OF NETWORK TRAFFIC CLASSIFICATION FOR BOTNET DETECTION MATIJA STEVANOVIC PhD Student JENS MYRUP PEDERSEN Associate Professor Department of Electronic Systems Aalborg University,
Feature Subset Selection in E-mail Spam Detection
Feature Subset Selection in E-mail Spam Detection Amir Rajabi Behjat, Universiti Technology MARA, Malaysia IT Security for the Next Generation Asia Pacific & MEA Cup, Hong Kong 14-16 March, 2012 Feature
MACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?
MACHINE LEARNING & INTRUSION DETECTION: 1 SUMMARY The potential use of machine learning techniques for intrusion detection is widely discussed amongst security experts. At Kudelski Security, we looked
Web-Application Security
Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice
Detecting Obfuscated JavaScripts using Machine Learning
Detecting Obfuscated JavaScripts using Machine Learning Simon Aebersold, Krzysztof Kryszczuk, Sergio Paganoni, Bernhard Tellenbach, Timothy Trowbridge Zurich University of Applied Sciences, Switzerland
Fighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
Universal XSS via IE8s XSS Filters
Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides: http://p42.us/ie8xss/ About Us Eduardo Vela Nava aka sirdarckcat http://sirdarckcat.net http://twitter.com/sirdarckcat
Introduction to Data Mining and Machine Learning Techniques. Iza Moise, Evangelos Pournaras, Dirk Helbing
Introduction to Data Mining and Machine Learning Techniques Iza Moise, Evangelos Pournaras, Dirk Helbing Iza Moise, Evangelos Pournaras, Dirk Helbing 1 Overview Main principles of data mining Definition
SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting
SECURITY ADVISORY December 2008 Barracuda Load Balancer admin login Cross-site Scripting Discovered in December 2008 by FortConsult s Security Research Team/Jan Skovgren WARNING NOT FOR DISCLOSURE BEFORE
Botnets: The Advanced Malware Threat in Kenya's Cyberspace
Botnets: The Advanced Malware Threat in Kenya's Cyberspace AfricaHackon 28 th February 2014 Who we Are! Paula Musuva-Kigen Research Associate Director, Centre for Informatics Research and Innovation (CIRI)
MACHINE LEARNING BASICS WITH R
MACHINE LEARNING [Hands-on Introduction of Supervised Machine Learning Methods] DURATION 2 DAY The field of machine learning is concerned with the question of how to construct computer programs that automatically
Spam Detection on Twitter Using Traditional Classifiers M. McCord CSE Dept Lehigh University 19 Memorial Drive West Bethlehem, PA 18015, USA
Spam Detection on Twitter Using Traditional Classifiers M. McCord CSE Dept Lehigh University 19 Memorial Drive West Bethlehem, PA 18015, USA mpm308@lehigh.edu M. Chuah CSE Dept Lehigh University 19 Memorial
A Multi agent Scanner to Detect Stored XSS Vulnerabilities
A Multi agent Scanner to Detect Stored XSS Vulnerabilities E. Galán, A. Alcaide, A. Orfila, J. Blasco University Carlos III of Madrid, UC3M Leganés, Spain {edgalan,aalcaide,adiaz,jbalis}@inf.uc3m.es Abstract
Recurrent Patterns Detection Technology. White Paper
SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware
Decision Support System For A Customer Relationship Management Case Study
61 Decision Support System For A Customer Relationship Management Case Study Ozge Kart 1, Alp Kut 1, and Vladimir Radevski 2 1 Dokuz Eylul University, Izmir, Turkey {ozge, alp}@cs.deu.edu.tr 2 SEE University,
Defending Networks with Incomplete Information: A Machine Learning Approach. Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject Agenda Security Monitoring: We are doing it wrong Machine Learning
Removing Web Spam Links from Search Engine Results
Removing Web Spam Links from Search Engine Results Manuel EGELE pizzaman@iseclab.org, 1 Overview Search Engine Optimization and definition of web spam Motivation Approach Inferring importance of features
BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology
BioCatch Fraud Detection CHECKLIST 6 Use Cases Solved with Behavioral Biometrics Technology 1 2 MAN-IN-THE- BROWSER MALWARE ATTACK DETECTION (E.G. DYRE, NEVERQUEST) REMOTE ACCESS (RAT) DETECTION Challenge:
Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
A Logistic Regression Approach to Ad Click Prediction
A Logistic Regression Approach to Ad Click Prediction Gouthami Kondakindi kondakin@usc.edu Satakshi Rana satakshr@usc.edu Aswin Rajkumar aswinraj@usc.edu Sai Kaushik Ponnekanti ponnekan@usc.edu Vinit Parakh
WEB CONTENT SCANNER SDK
WEB CONTENT SCANNER SDK Web Content Inspection for PCs and Mobile OVERVIEW Web Content Scanner SDK is a multi-platform SDK that enables an application to filter websites based on web content at very high
Social Media Mining. Data Mining Essentials
Introduction Data production rate has been increased dramatically (Big Data) and we are able store much more data than before E.g., purchase data, social media data, mobile phone data Businesses and customers
International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
Machine Learning using MapReduce
Machine Learning using MapReduce What is Machine Learning Machine learning is a subfield of artificial intelligence concerned with techniques that allow computers to improve their outputs based on previous
INVISIBLE END-TO-END WEB SECURITY
September 2015 White Paper INVISIBLE END-TO-END WEB SEURITY YBERRIME, A GROWING THREAT THE INREASING HALLENGE OF YBER RIME ybercrime, is spreading at an alarming rate. It has today become a global multi-billion-dollar
Security of Web Applications and Browsers: Challenges and Solutions
Security of Web Applications and Browsers: Challenges and Solutions A Tutorial Proposal for ACM SAC 2015 By Dr. Hossain Shahriar Department of Computer Science Kennesaw State University Kennesaw, GA 30144,
Networks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
Spam Filtering using Naïve Bayesian Classification
Spam Filtering using Naïve Bayesian Classification Presented by: Samer Younes Outline What is spam anyway? Some statistics Why is Spam a Problem Major Techniques for Classifying Spam Transport Level Filtering
Monitoring Web Browsing Habits of User Using Web Log Analysis and Role-Based Web Accessing Control. Phudinan Singkhamfu, Parinya Suwanasrikham
Monitoring Web Browsing Habits of User Using Web Log Analysis and Role-Based Web Accessing Control Phudinan Singkhamfu, Parinya Suwanasrikham Chiang Mai University, Thailand 0659 The Asian Conference on
Deposit Identification Utility and Visualization Tool
Deposit Identification Utility and Visualization Tool Colorado School of Mines Field Session Summer 2014 David Alexander Jeremy Kerr Luke McPherson Introduction Newmont Mining Corporation was founded in
Data Mining Part 5. Prediction
Data Mining Part 5. Prediction 5.1 Spring 2010 Instructor: Dr. Masoud Yaghini Outline Classification vs. Numeric Prediction Prediction Process Data Preparation Comparing Prediction Methods References Classification
AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM
AUTO CLAIM FRAUD DETECTION USING MULTI CLASSIFIER SYSTEM ABSTRACT Luis Alexandre Rodrigues and Nizam Omar Department of Electrical Engineering, Mackenzie Presbiterian University, Brazil, São Paulo 71251911@mackenzie.br,nizam.omar@mackenzie.br
WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES
WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious
Malicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
Detecting Spam Bots in Online Social Networking Sites: A Machine Learning Approach
Detecting Spam Bots in Online Social Networking Sites: A Machine Learning Approach Alex Hai Wang College of Information Sciences and Technology, The Pennsylvania State University, Dunmore, PA 18512, USA
Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
FSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
Detection of DOM-based Cross-Site Scripting by Analyzing Dynamically Extracted Scripts
Detection of DOM-based Cross-Site Scripting by Analyzing Dynamically Extracted Scripts Suman Saha 1, Shizhen Jin 2,3 and Kyung-Goo Doh 3 1 LIP6-Regal, France Suman.Saha@lip6.fr 2 GTOne, Seoul, Korea jinshzh@gmail.com
Spam Filtering based on Naive Bayes Classification. Tianhao Sun
Spam Filtering based on Naive Bayes Classification Tianhao Sun May 1, 2009 Abstract This project discusses about the popular statistical spam filtering process: naive Bayes classification. A fairly famous
MEASURING AND FINGERPRINTING CLICK-SPAM IN AD NETWORKS
MEASURING AND FINGERPRINTING CLICK-SPAM IN AD NETWORKS Vacha Dave *, Saikat Guha and Yin Zhang * * The University of Texas at Austin Microsoft Research India Internet Advertising Today 2 Online advertising
Integrating Web Application Security into the IT Curriculum
Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University Topics 1. 2. 3. 4. Why should we teach web application security? What material do we need to cover?
GoldenBullet in a Nutshell
GoldenBullet in a Nutshell Y. Ding, M. Korotkiy, B. Omelayenko, V. Kartseva, V. Zykov, M. Klein, E. Schulten, and D. Fensel Vrije Universiteit Amsterdam, De Boelelaan 1081a, 1081 HV Amsterdam, NL From:
We are still vulnerable to clickjacking attacks: about 99% of Korean websites are dangerous
We are still vulnerable to clickjacking attacks: about 99% of Korean websites are dangerous Daehyun Kim and Hyoungshick Kim Department of Computer Science and Engineering, Sungkyunkwan University, Republic
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
HTTPParameter Pollution. ChrysostomosDaniel
HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider
Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
On the Property of the Distribution of Symbols in SQL Injection Attack
On the Property of the Distribution of Symbols in SQL Injection Attack Takeshi Matsuda Department of Computer Science Shizuoka Institute of Science and Technology Abstract SQL injection is an attack of
Web Crawlers Detection
American University In Cairo Seminar Report Web Crawlers Detection Author: Yomna ElRashidy Supervisor: Ahmed Rafea A report submitted in fulfilment of the requirements of Seminar 1 course for the degree
Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks
Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks Priyank Singhal Student, Computer Engineering Sardar Patel Institute of Technology University
MS1b Statistical Data Mining
MS1b Statistical Data Mining Yee Whye Teh Department of Statistics Oxford http://www.stats.ox.ac.uk/~teh/datamining.html Outline Administrivia and Introduction Course Structure Syllabus Introduction to
Anti-Spam Filter Based on Naïve Bayes, SVM, and KNN model
AI TERM PROJECT GROUP 14 1 Anti-Spam Filter Based on,, and model Yun-Nung Chen, Che-An Lu, Chao-Yu Huang Abstract spam email filters are a well-known and powerful type of filters. We construct different
Web Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
DON T FOLLOW ME: SPAM DETECTION IN TWITTER
DON T FOLLOW ME: SPAM DETECTION IN TWITTER Alex Hai Wang College of Information Sciences and Technology, The Pennsylvania State University, Dunmore, PA 18512, USA hwang@psu.edu Keywords: Abstract: social
Data Mining Algorithms Part 1. Dejan Sarka
Data Mining Algorithms Part 1 Dejan Sarka Join the conversation on Twitter: @DevWeek #DW2015 Instructor Bio Dejan Sarka (dsarka@solidq.com) 30 years of experience SQL Server MVP, MCT, 13 books 7+ courses
Web Document Clustering
Web Document Clustering Lab Project based on the MDL clustering suite http://www.cs.ccsu.edu/~markov/mdlclustering/ Zdravko Markov Computer Science Department Central Connecticut State University New Britain,
Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks
Bypassing NoScript Security Suite March 2016 Mazin Ahmed mazin@mazinahmed.net @mazen160 Table of Contents Abstract... 3 Introduction... 3 Research... 4 Solution... 7 Recommendations... 7 Notes... 7 Disclosure
EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
CSE 473: Artificial Intelligence Autumn 2010
CSE 473: Artificial Intelligence Autumn 2010 Machine Learning: Naive Bayes and Perceptron Luke Zettlemoyer Many slides over the course adapted from Dan Klein. 1 Outline Learning: Naive Bayes and Perceptron
WEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW
WEBSENSE EMAIL SECURITY SOLUTIONS OVERVIEW Challenge The nature of email threats has changed over the past few years. Gone are the days when email security, better known as anti-spam, was primarily tasked
Forecasting stock markets with Twitter
Forecasting stock markets with Twitter Argimiro Arratia argimiro@lsi.upc.edu Joint work with Marta Arias and Ramón Xuriguera To appear in: ACM Transactions on Intelligent Systems and Technology, 2013,
SOCIAL NETWORKS AND INFECTION MODEL
Feature Chain Exploitation Social Networks Malware Aditya K. Sood has more than five years of experience in computer security and has worked in the security domain for Armorize, COSEINC and KPMG. He is
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA
WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS Wei Xu, Kyle Sanders & Yanxin Zhang Palo Alto Networks, Inc., USA Email {wei.xu, ksanders, yzhang}@ paloaltonetworks.com ABSTRACT Malicious domains
How To Create A Spam Detector On A Web Browser
Design and Evaluation of a Real-Time URL Spam Filtering Service Geraldo Franciscani 15 de Maio de 2012 Teacher: Ponnurangam K (PK) Introduction Initial Presentation Monarch is a real-time system for filtering
Keywords data mining, prediction techniques, decision making.
Volume 5, Issue 4, April 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Analysis of Datamining
INTERNET MARKETING. SEO Course Syllabus Modules includes: COURSE BROCHURE
AWA offers a wide-ranging yet comprehensive overview into the world of Internet Marketing and Social Networking, examining the most effective methods for utilizing the power of the internet to conduct
IMPROVING SPAM EMAIL FILTERING EFFICIENCY USING BAYESIAN BACKWARD APPROACH PROJECT
IMPROVING SPAM EMAIL FILTERING EFFICIENCY USING BAYESIAN BACKWARD APPROACH PROJECT M.SHESHIKALA Assistant Professor, SREC Engineering College,Warangal Email: marthakala08@gmail.com, Abstract- Unethical
ARTIFICIAL INTELLIGENCE (CSCU9YE) LECTURE 6: MACHINE LEARNING 2: UNSUPERVISED LEARNING (CLUSTERING)
ARTIFICIAL INTELLIGENCE (CSCU9YE) LECTURE 6: MACHINE LEARNING 2: UNSUPERVISED LEARNING (CLUSTERING) Gabriela Ochoa http://www.cs.stir.ac.uk/~goc/ OUTLINE Preliminaries Classification and Clustering Applications
CS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.