Dynamic phishing content using generative grammars

Sean Palka, Damon McCoy

    Research output: Contribution to journalArticle

    Abstract

    Phishing prevention and detection algorithms depend on content exemplars to train on in order to effectively identify threats. Developing these exemplars can either be done by hand, which is time consuming and expensive, or taken from attacks that have already been detected in the wild, which limits the ability to detect new or novel threats. In this paper, we describe PhishGen, a system that uses generative grammars to create dynamic e-mail contents for use as test cases for anti-phishing research. In addition, we demonstrate our system's ability to adapt to existing filters in order to ensure the delivery of e-mails without the need to white-list, which provides an additional level of realism for phishing attacks during penetration testing.

    Original languageEnglish (US)
    Article number7107458
    JournalUnknown Journal
    DOIs
    StatePublished - May 13 2015

    Fingerprint

    Electronic Mail
    Grammar
    Attack
    Testing
    Penetration
    Filter
    Demonstrate

    ASJC Scopus subject areas

    • Software

    Cite this

    Dynamic phishing content using generative grammars. / Palka, Sean; McCoy, Damon.

    In: Unknown Journal, 13.05.2015.

    Research output: Contribution to journalArticle

    @article{da10c67d6ee84b08a801da45f36df681,
    title = "Dynamic phishing content using generative grammars",
    abstract = "Phishing prevention and detection algorithms depend on content exemplars to train on in order to effectively identify threats. Developing these exemplars can either be done by hand, which is time consuming and expensive, or taken from attacks that have already been detected in the wild, which limits the ability to detect new or novel threats. In this paper, we describe PhishGen, a system that uses generative grammars to create dynamic e-mail contents for use as test cases for anti-phishing research. In addition, we demonstrate our system's ability to adapt to existing filters in order to ensure the delivery of e-mails without the need to white-list, which provides an additional level of realism for phishing attacks during penetration testing.",
    author = "Sean Palka and Damon McCoy",
    year = "2015",
    month = "5",
    day = "13",
    doi = "10.1109/ICSTW.2015.7107458",
    language = "English (US)",
    journal = "Theoretical Computer Science",
    issn = "0304-3975",
    publisher = "Elsevier",

    }

    TY - JOUR

    T1 - Dynamic phishing content using generative grammars

    AU - Palka, Sean

    AU - McCoy, Damon

    PY - 2015/5/13

    Y1 - 2015/5/13

    N2 - Phishing prevention and detection algorithms depend on content exemplars to train on in order to effectively identify threats. Developing these exemplars can either be done by hand, which is time consuming and expensive, or taken from attacks that have already been detected in the wild, which limits the ability to detect new or novel threats. In this paper, we describe PhishGen, a system that uses generative grammars to create dynamic e-mail contents for use as test cases for anti-phishing research. In addition, we demonstrate our system's ability to adapt to existing filters in order to ensure the delivery of e-mails without the need to white-list, which provides an additional level of realism for phishing attacks during penetration testing.

    AB - Phishing prevention and detection algorithms depend on content exemplars to train on in order to effectively identify threats. Developing these exemplars can either be done by hand, which is time consuming and expensive, or taken from attacks that have already been detected in the wild, which limits the ability to detect new or novel threats. In this paper, we describe PhishGen, a system that uses generative grammars to create dynamic e-mail contents for use as test cases for anti-phishing research. In addition, we demonstrate our system's ability to adapt to existing filters in order to ensure the delivery of e-mails without the need to white-list, which provides an additional level of realism for phishing attacks during penetration testing.

    UR - http://www.scopus.com/inward/record.url?scp=84934312245&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84934312245&partnerID=8YFLogxK

    U2 - 10.1109/ICSTW.2015.7107458

    DO - 10.1109/ICSTW.2015.7107458

    M3 - Article

    JO - Theoretical Computer Science

    JF - Theoretical Computer Science

    SN - 0304-3975

    M1 - 7107458

    ER -