WWW.DISSERTATION.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Dissertations, online materials
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 | 5 |   ...   | 33 |

«PhD-FSTC-2015-30 Ecole Doctorale IAEM Lorraine Faculté des Sciences, de la Technologie et de la Communication DISSERTATION Defense held on ...»

-- [ Page 1 ] --

PhD-FSTC-2015-30 Ecole Doctorale IAEM Lorraine

Faculté des Sciences, de la Technologie et de

la Communication

DISSERTATION

Defense held on 22/06/2015 in Luxembourg

To obtain the degree of

DOCTEUR DE L’UNIVERSITÉ DU LUXEMBOURG

EN INFORMATIQUE

AND

DOCTEUR DE L’UNIVERSITÉ DE LORRAINE

SPECIALITE: INFORMATIQUE

by Samuel Marchal Born on May 5, 1987 in Pont-à-Mousson (France)

DNS AND SEMANTIC ANALYSIS FOR

PHISHING DETECTION

Dissertation defense committee:

Prof. Dr. Thomas Engel, supervisor Prof. Dr. Eric Filiol, member University of Luxembourg (Luxembourg) ESEIA (France) Prof. Dr. Olivier Festor, co-supervisor Prof. Dr. Eric Totel, member TELECOM Nancy – University of Lorraine (France) Supélec Rennes (France) Prof. Dr. Ulrich Sorger, chairman Dr. Vijay Gurbani, expert University of Luxembourg (Luxembourg) Bell Laboratories (USA) Prof. Dr. Claude Godart, vice-chairman Dr. Habil. Radu State, expert University of Lorraine (France) SnT (Luxembourg) ´ Ecole doctorale IAEM Lorraine Analyse du DNS et Analyse S´mantique pour la D´tection de e e l’Hame¸onnage c (DNS and Semantic Analysis for Phishing Detection) ` THESE pr´sent´e et soutenue publiquement le 22 Juin 2015 e e pour l’obtention du Doctorat de l’Universit´ de Lorraine e (mention informatique) par Samuel MARCHAL Composition du jury Rapporteurs : Prof. Dr. Eric FILIOL ESEIA Prof. Dr. Eric TOTEL Sup´lec Rennes e Examinateurs : Prof.

–  –  –

Laboratoire Lorrain de Recherche en Informatique et ses Applications — UMR 7503 Mis en page avec la classe thesul.

Remerciements My first thanks go to the reviewers of this document and to the jury members who accepted to evaluate it. I thank them for the time they spent to read it, for the interest they showed to my work and for the constructive reviews and comment I got out of their evaluation. These helped me to improve this manuscript, to identify some improvements that can be brought to this work and new research perspectives that can be explored.

I faithfully thank my two co-supervisors, Thomas Engel and Olivier Festor for welcoming me in their team at SnT and LORIA during the four years of my Ph.D.. They both provided me a very good support and wise advices while I was doing my research activities. I thank them for their listening, their help and the constructive feedback they gave me. Their supervision has been a key element for the achievement of this Ph.D.

I also want to thank Radu State and Jérôme François. I met Radu Sate while he was my professor at TELECOM Nancy. I discovered and started to do research activities under his supervision. He gave me the taste and the motivation to do research by sharing his work and passion with me. I thanks him for the opportunity he gave me to work with him, for his support and the help he provided me during the past four years. I thank Jérôme François for the supervision and the help he provided me when I started my Ph.D. He put me on the right track from the beginning and we collaborated on many research activities afterwards. It has been a pleasure to work with both of them and they were of great help to produce the results presented in this document.

I want to thank all the people from the SecanLab team (SnT) and the MADYNES team (LORIA). Working within these teams is a great environment to carry research, exchange ideas and produce high quality work. It has been a pleasure for me to work in both during my Ph.D.

and I am happy to have spend time there. I address a special thanks to my office mates for the good working environment they provided me. I thank as well people from LORIA and SnT, I interacted with a lot of different people along these years and I am glad that some of them became good friends.

I thank CETREL, the industrial partner for my Ph.D. and more specifically Sam Gabbaï and Jean-Yves Decker. It has been a pleasure to work with them and to carry research activities to solve concrete problems. Sam and Jean-Yves have always been of great help and I thank them for the precious time they gave me and their availability during our collaboration.

Finally, I address a special thank to my family and in first place my parents who supported me all along my studies. I thank as well my friends with who I spent good times out of office which helped me to relax and work more efficiently.

To you all, thank you.

–  –  –

1 Context The power of persuasion has been used for thousands of years to convince people to do things dictated by a leader employing persuasion. This ancestral art is used by politicians, salesmen or lawyers for instance, in order to spread ideas, to sell products or convince a jury, respectively.

Even though these examples are legal practices, one may find the ratio of power unfair between people mastering this technique and their gullible victims. The power of persuasion has also been used to perpetrate other activities considered as illegal such as swindling. In a swindle, a crook uses his skills to abuse people credulity in order to make them do actions for his own benefit.





This can consist in lending money without warranty, provide services or products without paying, give advance payment for fake sales, etc. These practices have been used by unscrupulous people for centuries in order to make easy money. These tricks were initially performed using direct interaction with victims through convincing speeches. However, time changes and the way to perpetrate swindles as well as their targets changes. Nowadays, other means of communications than direct talk are available through electronic communications like phone calls, emails, instant messaging, etc. Moreover, the direct getting of money is not necessarily the first objective of modern swindling and the acquisition of others valuable immaterial things, like data that can be sold or used to steal money, became more common.

Phishing is an example of modern swindles that targets electronic communications users such as phones and computers users. The same objectives are aimed by e-crooks, who are named phishers, namely to persuade their victims to perform some actions using electronic communications means. Phishers use their power of persuasion to tailor convincing socially engineered emails or websites to manipulate their victims. They use carefully chosen words and sentences to establish a trust atmosphere with their victims in order to push them to perform some actions. Rather than targeting the direct stealing of money or delivery of products for free, phishing mostly aims to steal the victim’s confidential electronic data that has became valuable.

The Internet has made it easy to use services that in the past required a more intimate contact between the people conducting the transaction. Some general services such as news providers, education services or science libraries are now available on the Internet. Personalized services such as payment services, banking management services or retail services are also proposed.

These personalized services are sensitive because usually dealing with money management and user’s confidential information. Hence, the access to these services is valuable in order to steal the information and/or the money stored. For instance, gaining enough personal information about a victim can be used to impersonate him through identity theft. A stolen identity can be used to pose as a person in others swindles in order to hide and protect the identity of the real crook, or to access personal electronic services in order to act in his name. This represents actually the main goal sought by phishers: to steal the required information in order to access sensitive services.

General Introduction

–  –  –

Figure 1: Phishing attacks and phishing domain names recorded every year (source:APWG) Phishing appeared almost 20 years ago and its first victims were ISP users from which phishers tried to steal the account access information using spoofed emails alleging having been sent by administrators. Phishing attacks usually target users of a given sensitive service related to a brand. Phishers lure the brand clients by alleging to be some brand’s representatives in order to ask information related to their usage of the service. This information mostly consists in credentials for a given website or credit card numbers. Several vectors are used for phishing while the mostly used are emails and websites that mimic the ones of legitimate services and alleged to be related to them. Despite this diversity, a common point of many vectors is the use of link misdirecting victims to phishing contents. The use of obfuscated URLs and domain names is widespread in phishing attacks and the use of malicious domain names as a support for attacks is increasing as depicted in Figure 1, showing the relevancy to identify URLs and domain names to fight phishing. This figure shows the evolution of the number of phishing attacks and phishing domain names in use every year between 2008 and 2014. We can see that the count of registered phishing attacks fluctuates between 100,000 and 250,000 globally along the period.

However, we can see a regular increase in the count of domain names used as a support for phishing attacks starting from around 50,000 in 2008 and reaching almost 170,000 in 2014.

Over the years, phishing activities dramatically increased in terms of attacks and number of targeted brands [apw04, AR14]. This augmentation of phishing attacks is depicted by an ever increasing financial damage that reached US $5.9 billion in 2013 [rsa14]. This increase is ongoing since phishing appeared and according to the current trend, this progression will continue. We identified four main reasons explaining this increase and the installation of phishing as a continual

threat:

–  –  –

the Internet, as highlighted by the raise of online websites, reaching almost one billion [net15]. Hence, many new potential victims, physical vectors and targets become available letting space for new kind of phishing attacks to be perpetrated.

• The second reason is the variety of phishing attacks used to perpetrate phishing. Regular phone calls, sms, emails or websites are examples of communication technologies used to perform phishing. Protecting against this variety of vectors is difficult and existing phishing prevention and detection techniques only cope with few of them. Detection techniques for phishing emails [FST07] or phishing websites [MKK08, CDM10, CSDM14] exist for instance, but their application is limited to few attacks compared to the tens that exist.

Hence, a global protection implies the use of several independent techniques as we can see today with email filtering, web browser warnings and website authentication techniques that are jointly used to protect against phishing. However, some phishing attacks still succeed to bypass this cumulated protections in order that phishing impact is still progressing.

• The third reason is the increasing number of phishers and attacks perpetrated. The former is explained by the fact that phishing is an easy to perpetrate task requiring low technical skills. The main effort to build phishing attacks is invested in the social engineering tricks used [HCNK+ 14]. This can easily be performed by technically unqualified crooks thanks to the availability of ready-to-use phishing kits [CKV08] and the availability of cheap infrastructures to deploy the attacks. The increase of attacks performed is explained by the decrease of gain per attack forcing phishers to launch more campaigns to keep a constant revenue from their crime [HF08]. Phishing can be qualified as the cybercrime equivalent of pickpocketing since many people are perpetrated it for low revenue. Hence, targeted countermeasures against specific phishers do not cope with this cybercrime since many other phishers would still continue their activities.

• The fourth and predominant reason is the lack of user awareness about the risk associated with electronic communications and the value of the information stored on their several websites accounts. Most people do not understand and are not concerned about the impact of credential stealing, credit card number stealing or identity theft [pon14]. This lack of concerns does not motivate them to protect their data from stealing. Security is a secondary purpose for most users and their limited technical knowledge does not allow them to enhance the security level of their electronic communications [WT99]. New users of modern electronic communications means are gullible and easy targets for phishers who can easily lure them. This widespread unawareness is the main reason of the efficiency of phishing attacks.

Phishing is an ever growing activity that became of major concerns. Many factors explain its expansion and the raise of its financial damage to reach several billions of dollars every year. The variety of phishing attacks, the augmentation of potential victims and physical vectors, the ease to perpetrate this modern swindle and the widespread unawareness of victims make it a troublesome cybercrime activity. Beside its financial impact, phishing raise as well concerns regarding the use of electronic communications means to communicate. People see personal information stealing and misuse as a very-likely-to-occur event in their life [pon14]. This perception of phishing as a fatality and not as a problem that can be prevented leads to erode the trust among electronic communications users. A direct risk of this lose of trust is the decreasing usage of electronic means such as emails as way of communication [HF08]. This renders the fight against phishing paramount to preserve the widespread usage of this useful technology.



Pages:   || 2 | 3 | 4 | 5 |   ...   | 33 |


Similar works:

«Guide to Terraria Professional Terraria Pet Keeping with HOBBY Products Keeping and taking care of terrarium animals is very popular. Fundamental principles must be observed to establish and maintain living conditions that accommodate the natural behaviour of the animals. This guide introduces you to HOBBY products from Dohse Aquaristik KG that have been especially designed for the needs of terrarium animals. Terrano Pine Bark Terrano Red Bark Terrano Terra Terrano Chopped Beech Terrano Corn...»

«Chapter 500 STIPULATIONS AND MOTIONS 501 Stipulations 501.01 In General 501.02 Filing Stipulations 501.03 Form of Stipulations 502 Motions In General 502.01 Available Motions 502.02 Form of Motions and Briefs on Motions 502.02(a) Form of Motions 502.02(b) Briefs on Motions 502.02(c) Confidential Information 502.03 Oral Hearings on Motions 502.04 Determination of Motions 502.05 Attorneys’ Fees, etc., on Motions 502.06 Telephone and Pretrial Conferences 502.06(a) Telephone Conferences 502.06(b)...»

«THINKING SERIOUSLY ABOUT CRIME: Some models of Criminology Jock Young Crime is a subject of perennial interest, and in recent years it has once again become a topic of major public debate. We are likely to encounter the ‘conversation about crime’ wherever we turn – in conversations at a bus stop, or in the pub, reading the News of the World or The Guardian, or listening to a phone-in on the radio. These conversations will not only reflect the concern with what is commonly perceived as the...»

«REFLEKS 5-1 2006 Innhold Forord 1 Plymouthbrødrene 2 Geir Lie Ekklesiologi på avveie 7 UTGIVER Geir Lie REFLEKS-Publishing REDAKTØR Poul Madsen og Kristent Fælles35 Geir Lie skab-bevegelsen Geir Lie ADRESSE Ravnkroken 60G 1254 Oslo Charles F. Schmitt – a brief intro57 duction TELEFON 97019629 Geir Lie EPOST The New Apostolic Movement 60 kontakt@reflekspublishing.com Paul L. King HJEMMESIDE The Convergence Movement 74 www.refleksWilliam DeArteaga publishing.com TRYKK Persecuted for Christ...»

«Audit de l’installation de traitement d’exhaure et de surveillance de la mine dite « Les Malines » Rapport final BRGM/RP-53321-FR septembre 2004 Audit de l’installation de traitement d’exhaure et de surveillance de la mine dite « Les Malines » Rapport final BRGM/RP-53321-FR septembre 2004 Y. Menard, D. Morin Audit de la station de traitement d’exhaure et de surveillance de la mine dit « Les Malines » Mots clés : Exhaures minières, Procédés, Les Malines, Traitement...»

«Review of Prevalence and Risk factors related to Sexual Assault: Prepared for the Harvard Sexual Assault Task Force Lisa F. Berkman, PhD Amy Ehntholt, MA, SM And members of the Research Report Subcommittee of the Harvard Sexual Task Force Overview In this report, we have aimed to review the literature on the prevalence and risk factors related to sexual assault, limited for the most part to college campuses. We examine issues related both to victims of assault and to perpetrators, and identify...»

«Rating Action: Moody's assigns A3/P-2 deposit ratings to Skandiabanken ASA; outlook stable Global Credit Research 06 Oct 2015 London, 06 October 2015 Moody's Investors Service has today assigned A3/Prime-2 longand short-term bank deposit ratings, a baa1 baseline credit assessment (BCA), and a baa1 adjusted BCA to Skandiabanken ASA following the bank's separation from Sweden's Skandiabanken AB (deposit ratings A2/Prime-1, BCA baa1) on 5 October. The rating outlook is stable. Moody's also...»

«Tema 3: El Sol y su Observación Generalidades.. El Sol es la estrella de nuestro sistema planetario. Su volumen es 1.300.000 veces el de la Tierra y su masa 332.000 veces la de nuestro planeta. La distancia media Sol Tierra es aproximadamente de 150 millones de km. Como toda estrella, emite una gran cantidad de radiación que llega hasta nosotros en forma de luz y calor principalmente. Esta energía procede de las reacciones nucleares que tienen lugar principalmente en el núcleo del Sol. En...»

«UNITED NATIONS TREATIES AND PRINCIPLES ON OUTER SPACE ST/SPACE/11 UNITED NATIONS TREATIES AND PRINCIPLES ON OUTER SPACE Text of treaties and principles governing the activities of States in the exploration and use of outer space, adopted by the United Nations General Assembly UNITED NATIONS New York, 2002 ST/SPACE/11 UNITED NATIONS PUBLICATION Sales No. E.02.I.20 ISBN 92-1-100900-6 Contents Page Foreword.................................................»

«1.DRAGONMAN By TED LAZARIS tedlazar@yahoo.com CONTACT: ThunderBall International Films, LLC Mario Domina Producer thunderballfilmsllc@yahoo.com www.thunderballfilms.com Anita Haeggstrom (Contemporary Talent Partners) ahaeggstrom@yahoo.com (310) 365-5485 (c) 2006-2012 DragonMan Productions and ThunderBall International Films, LLC 2.FADE IN: EXT. BLACKNESS A deep dismal voice pierces the silence. VOICE (O.S.) Long ago, in a world born of magic, peace and prosperity flourished throughout the land....»

«SOUTH PLACE ETHICAL,SOCIETY OFFICERS: General Secretary: Peter Cadogan Lettings Secretary/ Hall Manager; Margaret Pearce Hon. Registrar: H. 0.•Knight Hon. Treasurer: Jeremy, Thompson Acting Editor, The Ethical Record: J. Stewart Cook Associate Editor: Martin Page Address: Conway Hall Humanist Centre, Red Lion Square. London, W.C.1 (Tel;:, 01-242 8032) SUNDAY MORNING LECTURES Library —11.0 a.m. — Admission free November 8—LORD SORENSEN: The House of Lords Bass solos: G. C. Dowman,...»

«Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 Form 20-F (Mark One) ¨ REGISTRATION STATEMENT PURSUANT TO SECTION 12(B) OR 12(G) OF THE SECURITIES EXCHANGE ACT OF 1934 OR x ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2014. OR ¨ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934 OR ¨ SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(D)...»





 
<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.