Classification-Based Technique to Detect Social Engineering Attacks Using Continuous Data Stream Machine Learning Algorithms
摘要
Traditional methods of increasing security, such as passwords, secure channels, and others, are powerless when users are targeted by social engineering attacks. These attacks are designed to manipulate individuals and organizations into revealing valuable and confidential information for the benefit of cybercriminals. Several approaches based on machine learning algorithms have been developed to detect the malicious activity of this type of attack. However, such approaches are limited by the use of static data, which is typically found in data sets. This limitation affects the accuracy of the algorithm because the training data set quickly becomes outdated, causing errors in the estimator’s prediction. Furthermore, model training is done offline due to the high computational cost of this activity. Therefore, in this paper, we analyze the use of machine learning algorithms over continuous data streams. This type of algorithm is suitable for use on the Web due to the flow treatment given to network traffic and also allows online training of the estimator to detect new attacks. Our approach eliminates the drawbacks of traditional machine learning techniques that use batch algorithms. To characterize the anomalies, we analyze the type of ‘pretexting’ attack that can occur on the Web. We adapt the K-Nearest Neighbors (KNN), Bernoulli Naive Bayes (BernoulliNB), Logistic Regression (LR) and Hoeffding Adaptive Tree Classifier (HATC) algorithms to handle continuous data streams in order to verify which the one has the best effectiveness and efficiency in online learning. The experiment results show that these models can be used efficiently and effectively in online training.