SlideShare a Scribd company logo
1 of 27
Download to read offline
Automatic Realtime
Phishing Detection on
Twitter
Anupama Aggarwal, Ashwin Rajadesingan,
Ponnurangam Kumaraguru

1
Motivation: Some Statistics

• $520 million were lost worldwide from

phishing attacks in 2011 alone. (RSA Report)

• In 2012, around 20% of all phishing attacks
targeted Facebook

• Social network phishing has jumped 221%
attacks during Q1 of 2012
2
Phishing Detection on OSM:
Current State-of-Art

• Offline Spam Characterization & Detection Studies
• No characterization of phishing on OSM
• Lack of Realtime detection mechanisms
• Absence of end-user deployed systems
• Dependence on Spam/Phishing Blacklists

3
What Did We Do to
Fill the Gap?

• Built a mechanism to Automatically detect
phishing on Twitter in Realtime

• No dependency on Blacklists
• Deployed end-user system for Twitter
users - Chrome Extension
4
Twitter 101
Hey, I am in
Puerto Rico
attending @APWG
eCrime research

Tweets
<140 char

Talking about
#phishing on OSN
Earn Money #help #money
http://bit.ly/Pw637z

5
Twitter 101
Hey, I am in
Puerto Rico

To mention/reply
to a Twitter user

@Tag

attending @APWG
eCrime research
Talking about
#phishing on OSN

To mention a topic

#Tag
Earn Money #help #money
http://bit.ly/Pw637z

To link external media

URL in Tweet
6
Twitter 101
We’ll follow
Blue!

attending @APWG
eCrime research
I’ll follow
Grey2!
I’ll follow
Grey1!

Followers

Nice! I’ll share this tweet
in my network!

attending @APWG
eCrime research

Followees

Retweet (RT)
7
Twitter 101
We’ll follow
Blue!

@Blue
Twitter Timeline

attending @APWG
eCrime research
I’ll follow
Grey2!
I’ll follow
Grey1!

Followers

Tweets by Followees
Retweets by Followees
Tweets by Self
Retweets by Self
Tweets with @Blue

Nice! I’ll share this
tweet in my
network!

attending @APWG
eCrime research

Followees

Retweet (RT)
8
Challenges of Phishing
Detection on Twitter

• Only 140 Characters - very less information
• Use of short URLs in tweets
• 100,000 Tweets per minute - quick spread
• Phishing Blacklists are slow - not reliable

9
Our Contribution

• PhishAri: Automatic realtime phishing
detection mechanism for Twitter

• More efficient than plain blacklisting method
• Better than Twitter’s own phishing detection
mechanism

• Real-world implementation of the system Chrome Extension for Twitter

10
Methodology

•

•

Step 1: Classification Model for Phishing
Detection

•
•
•

Data Collection
Feature Extraction
Classification

Step 2: Realtime end-user Interface

•
•

Using pre-trained classification model
Chrome Browser Extension
11
Data Collection
•
•

1,589 Phishing Tweets
903 Unique phishing URLs
Wait for 3 days

12
Features Used

• URL Features - Length, number of dots,
characters, redirections

• WHOIs Features - domain name,
ownership period

• Tweet Features - Number of #tags,
@mentions, length, trending topics

• Network Features - Follower/Followee

ratio, Age of account, Number of Tweets
13
Classification Results
Evaluation
Naive Bayes
Metric

Decision
Tree

Random
Forest

Accuracy

87.02%

89.28%

92.52%

Precision

89.21%

88.05%

95.24%

Precision

92.12%

94.15%

97.23%

Recall

68.32%

74.51%

92.21%

Precision

85.68%

89.20%

95.54%

(Phishing)

(Safe)

(Phishing)

(Safe)

14
Evaluation

• Comparison with Blacklists
• 80.6% more phishing tweets detected by

PhishAri at zero hour which were caught by
blacklists after 3 days.

• Comparison with Twitter’s defense mechanism
• 84.6% more phishing tweets detected by

PhishAri at zero hour which were marked as
suspicious by Twitter after 3 days
15
Time Evaluation

• Used Intel Xeon 16 core Ubuntu server with
2.67 GHz processor and 32 GB RAM

• Multiprocessing Modules for faster processing
• Time required for the feature extraction &

classification of a tweet is a maximum of
0.522 seconds (Min: 0.167 sec, Avg: 0.425 sec, Median 0.384 sec)
16
Text Analysis

Phishing Tweets

Legitimate Tweets

17
PhishAri: RESTful API

• Use above classification model to create a
RESTful API

• POST requests can be made to API to query
a tweet

• Pre-trained classifier model used for
classification of new tweets
18
PhishAri Chrome Extension

19
PhishAri Chrome Extension

• Red / Green Indicators in front of Tweets with
URLs

• Detects phishing tweets on
• User Timeline
• Twitter search results
• Profile of other users
• DMs (Limited as for now)
20
Demo

21
How Extension Works?

• Integration of API with the Browser Extension

22
PhishAri Extension: User
Experience and Statistics

• 78 Active Users
• User study shows that • users want support for other browsers,
mobile apps

• found useful to use
• more robustness desired
23
Conclusion

• “Phish” + “Ari” = Realtime Automatic Detection
• 92.52% Accuracy with Random Forest Classifier
• Efficient - takes only 0.522 seconds for indicator
to appear

• No dependency on Blacklists
• Faster than Blacklists
• Faster than Twitter’s own detection mechanism
24
Future Work

• Backend database for faster lookup
• Increase the scope of PhishAri from public to all
tweets

• Increase response time of PhishAri and
appearance of indicators

• Support for other browsers and mobile apps
25
Thank You!

Questions?
Suggestions?

26
For any further information, please write to
pk@iiitd.ac.in
precog.iiitd.edu.in

27

More Related Content

More from IIIT Hyderabad

Responsible & Safe AI Systems at ACM India ROCS at IIT Bombay
Responsible & Safe AI Systems at ACM India ROCS at IIT BombayResponsible & Safe AI Systems at ACM India ROCS at IIT Bombay
Responsible & Safe AI Systems at ACM India ROCS at IIT BombayIIIT Hyderabad
 
International Collaboration: Experiences, Challenges, Success stories
International Collaboration: Experiences, Challenges, Success storiesInternational Collaboration: Experiences, Challenges, Success stories
International Collaboration: Experiences, Challenges, Success storiesIIIT Hyderabad
 
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBias
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBiasResponsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBias
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBiasIIIT Hyderabad
 
Identify, Inspect and Intervene Multimodal Fake News
Identify, Inspect and Intervene Multimodal Fake NewsIdentify, Inspect and Intervene Multimodal Fake News
Identify, Inspect and Intervene Multimodal Fake NewsIIIT Hyderabad
 
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafety
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafetyData Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafety
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafetyIIIT Hyderabad
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...IIIT Hyderabad
 
Beyond the Surface: A Computational Exploration of Linguistic Ambiguity
Beyond the Surface: A Computational Exploration of Linguistic AmbiguityBeyond the Surface: A Computational Exploration of Linguistic Ambiguity
Beyond the Surface: A Computational Exploration of Linguistic AmbiguityIIIT Hyderabad
 
Data Science for Social Good: #LegalNLP #AlgorithmicBias...
Data Science for Social Good:                      #LegalNLP #AlgorithmicBias...Data Science for Social Good:                      #LegalNLP #AlgorithmicBias...
Data Science for Social Good: #LegalNLP #AlgorithmicBias...IIIT Hyderabad
 
How to Write a (Good) Research Paper
How to Write a (Good) Research Paper How to Write a (Good) Research Paper
How to Write a (Good) Research Paper IIIT Hyderabad
 
Data Science for Social Good: #LegalNLP #AlgorithmicBias
Data Science for Social Good: #LegalNLP #AlgorithmicBiasData Science for Social Good: #LegalNLP #AlgorithmicBias
Data Science for Social Good: #LegalNLP #AlgorithmicBiasIIIT Hyderabad
 
Social Computing Research in India
Social Computing Research in IndiaSocial Computing Research in India
Social Computing Research in IndiaIIIT Hyderabad
 
Social Computing Research in India
Social Computing Research in IndiaSocial Computing Research in India
Social Computing Research in IndiaIIIT Hyderabad
 
Modeling Online User Interactions and their Offline effects on Socio-Technica...
Modeling Online User Interactions and their Offline effects on Socio-Technica...Modeling Online User Interactions and their Offline effects on Socio-Technica...
Modeling Online User Interactions and their Offline effects on Socio-Technica...IIIT Hyderabad
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayIIIT Hyderabad
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...IIIT Hyderabad
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...IIIT Hyderabad
 
Leveraging Social Media for Financial Advice
Leveraging Social Media for Financial AdviceLeveraging Social Media for Financial Advice
Leveraging Social Media for Financial AdviceIIIT Hyderabad
 
Development of Stress Induction and Detection System to Study its Effect on B...
Development of Stress Induction and Detection System to Study its Effect on B...Development of Stress Induction and Detection System to Study its Effect on B...
Development of Stress Induction and Detection System to Study its Effect on B...IIIT Hyderabad
 
A Framework for Automatic Question Answering in Indian Languages
A Framework for Automatic Question Answering in Indian LanguagesA Framework for Automatic Question Answering in Indian Languages
A Framework for Automatic Question Answering in Indian LanguagesIIIT Hyderabad
 

More from IIIT Hyderabad (20)

Responsible & Safe AI Systems at ACM India ROCS at IIT Bombay
Responsible & Safe AI Systems at ACM India ROCS at IIT BombayResponsible & Safe AI Systems at ACM India ROCS at IIT Bombay
Responsible & Safe AI Systems at ACM India ROCS at IIT Bombay
 
International Collaboration: Experiences, Challenges, Success stories
International Collaboration: Experiences, Challenges, Success storiesInternational Collaboration: Experiences, Challenges, Success stories
International Collaboration: Experiences, Challenges, Success stories
 
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBias
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBiasResponsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBias
Responsible & Safe AI: #LegalBias #Inconsistency #BiasinLLMs #MultiModalBias
 
Identify, Inspect and Intervene Multimodal Fake News
Identify, Inspect and Intervene Multimodal Fake NewsIdentify, Inspect and Intervene Multimodal Fake News
Identify, Inspect and Intervene Multimodal Fake News
 
#ChatGPT #ResponsibleAI
#ChatGPT #ResponsibleAI#ChatGPT #ResponsibleAI
#ChatGPT #ResponsibleAI
 
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafety
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafetyData Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafety
Data Science for Social Good: #MentalHealth #CodeMix #LegalNLP #AISafety
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...
 
Beyond the Surface: A Computational Exploration of Linguistic Ambiguity
Beyond the Surface: A Computational Exploration of Linguistic AmbiguityBeyond the Surface: A Computational Exploration of Linguistic Ambiguity
Beyond the Surface: A Computational Exploration of Linguistic Ambiguity
 
Data Science for Social Good: #LegalNLP #AlgorithmicBias...
Data Science for Social Good:                      #LegalNLP #AlgorithmicBias...Data Science for Social Good:                      #LegalNLP #AlgorithmicBias...
Data Science for Social Good: #LegalNLP #AlgorithmicBias...
 
How to Write a (Good) Research Paper
How to Write a (Good) Research Paper How to Write a (Good) Research Paper
How to Write a (Good) Research Paper
 
Data Science for Social Good: #LegalNLP #AlgorithmicBias
Data Science for Social Good: #LegalNLP #AlgorithmicBiasData Science for Social Good: #LegalNLP #AlgorithmicBias
Data Science for Social Good: #LegalNLP #AlgorithmicBias
 
Social Computing Research in India
Social Computing Research in IndiaSocial Computing Research in India
Social Computing Research in India
 
Social Computing Research in India
Social Computing Research in IndiaSocial Computing Research in India
Social Computing Research in India
 
Modeling Online User Interactions and their Offline effects on Socio-Technica...
Modeling Online User Interactions and their Offline effects on Socio-Technica...Modeling Online User Interactions and their Offline effects on Socio-Technica...
Modeling Online User Interactions and their Offline effects on Socio-Technica...
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...
 
It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...It is our choices, Harry, that show what we truly are, far more than our abil...
It is our choices, Harry, that show what we truly are, far more than our abil...
 
Leveraging Social Media for Financial Advice
Leveraging Social Media for Financial AdviceLeveraging Social Media for Financial Advice
Leveraging Social Media for Financial Advice
 
Development of Stress Induction and Detection System to Study its Effect on B...
Development of Stress Induction and Detection System to Study its Effect on B...Development of Stress Induction and Detection System to Study its Effect on B...
Development of Stress Induction and Detection System to Study its Effect on B...
 
A Framework for Automatic Question Answering in Indian Languages
A Framework for Automatic Question Answering in Indian LanguagesA Framework for Automatic Question Answering in Indian Languages
A Framework for Automatic Question Answering in Indian Languages
 

Recently uploaded

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 

Recently uploaded (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 

PhishAri: Automatic Realtime Phishing Detection on Twitter

  • 1. Automatic Realtime Phishing Detection on Twitter Anupama Aggarwal, Ashwin Rajadesingan, Ponnurangam Kumaraguru 1
  • 2. Motivation: Some Statistics • $520 million were lost worldwide from phishing attacks in 2011 alone. (RSA Report) • In 2012, around 20% of all phishing attacks targeted Facebook • Social network phishing has jumped 221% attacks during Q1 of 2012 2
  • 3. Phishing Detection on OSM: Current State-of-Art • Offline Spam Characterization & Detection Studies • No characterization of phishing on OSM • Lack of Realtime detection mechanisms • Absence of end-user deployed systems • Dependence on Spam/Phishing Blacklists 3
  • 4. What Did We Do to Fill the Gap? • Built a mechanism to Automatically detect phishing on Twitter in Realtime • No dependency on Blacklists • Deployed end-user system for Twitter users - Chrome Extension 4
  • 5. Twitter 101 Hey, I am in Puerto Rico attending @APWG eCrime research Tweets <140 char Talking about #phishing on OSN Earn Money #help #money http://bit.ly/Pw637z 5
  • 6. Twitter 101 Hey, I am in Puerto Rico To mention/reply to a Twitter user @Tag attending @APWG eCrime research Talking about #phishing on OSN To mention a topic #Tag Earn Money #help #money http://bit.ly/Pw637z To link external media URL in Tweet 6
  • 7. Twitter 101 We’ll follow Blue! attending @APWG eCrime research I’ll follow Grey2! I’ll follow Grey1! Followers Nice! I’ll share this tweet in my network! attending @APWG eCrime research Followees Retweet (RT) 7
  • 8. Twitter 101 We’ll follow Blue! @Blue Twitter Timeline attending @APWG eCrime research I’ll follow Grey2! I’ll follow Grey1! Followers Tweets by Followees Retweets by Followees Tweets by Self Retweets by Self Tweets with @Blue Nice! I’ll share this tweet in my network! attending @APWG eCrime research Followees Retweet (RT) 8
  • 9. Challenges of Phishing Detection on Twitter • Only 140 Characters - very less information • Use of short URLs in tweets • 100,000 Tweets per minute - quick spread • Phishing Blacklists are slow - not reliable 9
  • 10. Our Contribution • PhishAri: Automatic realtime phishing detection mechanism for Twitter • More efficient than plain blacklisting method • Better than Twitter’s own phishing detection mechanism • Real-world implementation of the system Chrome Extension for Twitter 10
  • 11. Methodology • • Step 1: Classification Model for Phishing Detection • • • Data Collection Feature Extraction Classification Step 2: Realtime end-user Interface • • Using pre-trained classification model Chrome Browser Extension 11
  • 12. Data Collection • • 1,589 Phishing Tweets 903 Unique phishing URLs Wait for 3 days 12
  • 13. Features Used • URL Features - Length, number of dots, characters, redirections • WHOIs Features - domain name, ownership period • Tweet Features - Number of #tags, @mentions, length, trending topics • Network Features - Follower/Followee ratio, Age of account, Number of Tweets 13
  • 15. Evaluation • Comparison with Blacklists • 80.6% more phishing tweets detected by PhishAri at zero hour which were caught by blacklists after 3 days. • Comparison with Twitter’s defense mechanism • 84.6% more phishing tweets detected by PhishAri at zero hour which were marked as suspicious by Twitter after 3 days 15
  • 16. Time Evaluation • Used Intel Xeon 16 core Ubuntu server with 2.67 GHz processor and 32 GB RAM • Multiprocessing Modules for faster processing • Time required for the feature extraction & classification of a tweet is a maximum of 0.522 seconds (Min: 0.167 sec, Avg: 0.425 sec, Median 0.384 sec) 16
  • 18. PhishAri: RESTful API • Use above classification model to create a RESTful API • POST requests can be made to API to query a tweet • Pre-trained classifier model used for classification of new tweets 18
  • 20. PhishAri Chrome Extension • Red / Green Indicators in front of Tweets with URLs • Detects phishing tweets on • User Timeline • Twitter search results • Profile of other users • DMs (Limited as for now) 20
  • 22. How Extension Works? • Integration of API with the Browser Extension 22
  • 23. PhishAri Extension: User Experience and Statistics • 78 Active Users • User study shows that • users want support for other browsers, mobile apps • found useful to use • more robustness desired 23
  • 24. Conclusion • “Phish” + “Ari” = Realtime Automatic Detection • 92.52% Accuracy with Random Forest Classifier • Efficient - takes only 0.522 seconds for indicator to appear • No dependency on Blacklists • Faster than Blacklists • Faster than Twitter’s own detection mechanism 24
  • 25. Future Work • Backend database for faster lookup • Increase the scope of PhishAri from public to all tweets • Increase response time of PhishAri and appearance of indicators • Support for other browsers and mobile apps 25
  • 27. For any further information, please write to pk@iiitd.ac.in precog.iiitd.edu.in 27