Phishing is the most common precursor for an Internet of Things (IoT) targeting attack. To curtail attacks, malware and web browser detection engines, similar to other research studies, rely on publicly available past-performance datasets and crowd sourcing to train their internal algorithms. This generic implementation ensures that their relevance declines over time as cyber-attacks gain sophistication and eventually become harder to detect. This study detects phishing webpages with an accuracy rate of >97% (AUC ≈ 0.97 – 1.0) via dynamically derived features and weights generated using Classification Based on Association (CBA). This study commenced with static model analysis where Fuzzy Logic (FL) generated an AUC of 1.0. However, this would overfit due to old patterns and the rate of detection eventually declines by 15% over time to an AUC of 0.85–0.90. The study was updated to deploy data drift analysis to detect significant degradation (>5%) which eventually occurred due evolving phishing patterns. This led to the development of an adaptive (or auto-updating) FL system which used regenerated (or adapted) features, weights, rules and other FL aspects ensuring an AUC ≈ 0.97 – 1.0. These adapted features and weights were fed back into model and confirmed post verification of improvement in detection ratios. This ensured that this model could be left unattended while the adaptive data drift did not deviate, underscoring the importance of data-driven feature tuning in maintaining detection efficacy in evolving threat landscapes. The study uncovered existing and novel attacks that deployed authorization tokens and not login forms to gain access.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Auto Adaptive Fuzzy Logic Powered IoT Phishing Detection Engine

  • Aadya Srivastava

摘要

Phishing is the most common precursor for an Internet of Things (IoT) targeting attack. To curtail attacks, malware and web browser detection engines, similar to other research studies, rely on publicly available past-performance datasets and crowd sourcing to train their internal algorithms. This generic implementation ensures that their relevance declines over time as cyber-attacks gain sophistication and eventually become harder to detect. This study detects phishing webpages with an accuracy rate of >97% (AUC ≈ 0.97 – 1.0) via dynamically derived features and weights generated using Classification Based on Association (CBA). This study commenced with static model analysis where Fuzzy Logic (FL) generated an AUC of 1.0. However, this would overfit due to old patterns and the rate of detection eventually declines by 15% over time to an AUC of 0.85–0.90. The study was updated to deploy data drift analysis to detect significant degradation (>5%) which eventually occurred due evolving phishing patterns. This led to the development of an adaptive (or auto-updating) FL system which used regenerated (or adapted) features, weights, rules and other FL aspects ensuring an AUC ≈ 0.97 – 1.0. These adapted features and weights were fed back into model and confirmed post verification of improvement in detection ratios. This ensured that this model could be left unattended while the adaptive data drift did not deviate, underscoring the importance of data-driven feature tuning in maintaining detection efficacy in evolving threat landscapes. The study uncovered existing and novel attacks that deployed authorization tokens and not login forms to gain access.