Dynamic phishing content using generative grammars

Author

Palka, Sean ; Mccoy, Damon

Author_Institution

Dept. of Comput. Sci., George Mason Univ., Fairfax, VA, USA

fYear

2015

fDate

13-17 April 2015

Firstpage

1

Lastpage

8

Abstract

Phishing prevention and detection algorithms depend on content exemplars to train on in order to effectively identify threats. Developing these exemplars can either be done by hand, which is time consuming and expensive, or taken from attacks that have already been detected in the wild, which limits the ability to detect new or novel threats. In this paper, we describe PhishGen, a system that uses generative grammars to create dynamic e-mail contents for use as test cases for anti-phishing research. In addition, we demonstrate our system´s ability to adapt to existing filters in order to ensure the delivery of e-mails without the need to white-list, which provides an additional level of realism for phishing attacks during penetration testing.

Keywords

computer crime; grammars; unsolicited e-mail; PhishGen; antiphishing research; content exemplars; dynamic e-mail contents; dynamic phishing content; generative grammars; penetration testing; phishing attacks; phishing detection algorithm; phishing prevention; Electronic mail; Facsimile; Grammar; Semantics; Sociology; Statistics; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on

Conference_Location

Graz

Type

conf

DOI

10.1109/ICSTW.2015.7107458

Filename

7107458