izpis_h1_title_alt

Analiza in detekcija kibernetskih napadov z lažnim predstavljanjem
ID DOVŽAN PEROVIĆ, ANŽE (Author), ID Sedlar, Urban (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (5,93 MB)
MD5: 93CA21BBA3B8DC42BB5DE00E02C7265B

Abstract
V delu je uvodoma predstavljeno področje kibernetskih napadov, natančneje napadov ribarjenja ter vloge socialnega inženiringa pri uspešnosti tovrstnih napadov. V nadaljevanju je kratek pregled zgodovine ribarjenja ter znani napadi ribarjenja. Sledi predstavitev različnih tipov ribarjenja (e-poštno ribarjenje, ribarjenje preko klica ali SMS sporočila, ribarjenje preko socialnih medijev, itd.), izmed katerih je najbolj razširjeno ravno masovno e-poštno ribarjenje. Predstavljena je programska oprema za zaznavanje ter programska oprema za preprečevanje napadov ribarjenja. Podane so lastnosti, na podlagi katerih ločimo škodljiva e-poštna sporočila od neškodljivih ter njihova uporaba. Ker praktični del zajema v veliki meri tudi strojno učenje za zaznavanje škodljivih e-poštnih sporočil, je v delu večji poudarek na strojnem učenju kot orodju za prepoznavanje ribarjenja v e-poštnih sporočilih. Opisano je delovanje štirih algoritmov, in sicer naivni Bayes, odločitveno drevo, naključni gozd ter metoda podpornih vektorjev. Sledi praktični primer celotnega postopka zaznavanja ribarjenja v e-poštnih sporočilih preko implementacije algoritmov naivni Bayes in odločitveno drevo, ki sta namenjena grajenju napovednih modelov na podlagi podane baze e-poštnih sporočil. Osemdeset odstotkov baze podatkov je namenjenih učenju, dvajset odstotkov pa testiranju modelov. Oba algoritma zelo dobro klasificirata dana e-poštna sporočila iz baze podatkov. V nadaljevanju praktičnega dela je prikazana celotna izdelava vtičnika za e-poštni bralnik Thunderbird. Podana je nazorna arhitektura sistema ter prikaz delovanja vtičnika na škodljivih in neškodljivih e-poštnih sporočilih. Vmesnik vtičnika uporabniku nudi nazoren pregled lastnosti ribarjenja v e-poštnih sporočilih preko dvanajstih semaforjev, ki s svojimi barvami nakazujejo na potencialno nevarnost ribarjanja zaradi posamezne vsebovane lastnosti v e-poštnem sporočilu. Delo je zaključeno s testiranjem razvitega vtičnika in predlogi za morebitne nadgradnje ter izboljšave.

Language:Slovenian
Keywords:kibernetska varnost, lažno predstavljanje, prevare, socialni inženiring, ribarjenje, e-pošta, strojno učenje, vtičnik
Work type:Master's thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2022
PID:20.500.12556/RUL-135680 This link opens in a new window
COBISS.SI-ID:104309507 This link opens in a new window
Publication date in RUL:25.03.2022
Views:1087
Downloads:179
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Analysis and detection of phishing cyber-attacks
Abstract:
The paper introduces the field of cyber attacks, more precisely phishing attacks and the role of social engineering in the success of such attacks. The introduction is followed by a brief history overview and known phishing attacks. Then, a presentation of different types of phishing is shown (email phishing, phishing via call or SMS, phishing via social media, etc.), of which mass email phishing is the most widespread. Detection and prevention software for phishing attacks is presented next. The properties on the basis of which we distinguish harmful emails from harmless ones and their use are given. As the practical part largely includes machine learning to detect harmful emails, the work places more emphasis on machine learning as a tool for recognizing phishing attacks in emails. Detailed descriptions of four algorithms are given, namely the Naive Bayes, Decision Tree, Random Forest and Support Vector Method. The following is a practical example of the entire process of detecting phishing emails through the implementation of Naive Bayes and Decision Tree algorithms, which are designed to build predictive models based on a given database of emails. Eighty percent of the database is dedicated to teaching the model, whereas twenty percent to model testing. Both algorithms classify emails from the database very well. In the second part of the practical work, the entire construction of the Thunderbird email plug-in is shown. A clear system architecture is given, as well as a demonstration of the plug-in’s operation with harmful and harmless emails. The plug-in’s interface provides the user with a clear overview of phishing properties in emails through twelve traffic lights, whose colors indicate the potential phishing danger due to each property contained in the email. The work is concluded by testing of the developed plug-in and suggestions for possible upgrades and improvements.

Keywords:cyber security, false presentation, scams, social engineering, phishing, e-mail, machine learning, plug-in

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back