Traditional methods of increasing security, such as passwords, secure channels, and others, are powerless when users are targeted by social engineering attacks. These attacks are designed to manipulate individuals and organizations into revealing valuable and confidential information for the benefit of cybercriminals. Several approaches based on machine learning algorithms have been developed to detect the malicious activity of this type of attack. However, such approaches are limited by the use of static data, which is typically found in data sets. This limitation affects the accuracy of the algorithm because the training data set quickly becomes outdated, causing errors in the estimator’s prediction. Furthermore, model training is done offline due to the high computational cost of this activity. Therefore, in this paper, we analyze the use of machine learning algorithms over continuous data streams. This type of algorithm is suitable for use on the Web due to the flow treatment given to network traffic and also allows online training of the estimator to detect new attacks. Our approach eliminates the drawbacks of traditional machine learning techniques that use batch algorithms. To characterize the anomalies, we analyze the type of ‘pretexting’ attack that can occur on the Web. We adapt the K-Nearest Neighbors (KNN), Bernoulli Naive Bayes (BernoulliNB), Logistic Regression (LR) and Hoeffding Adaptive Tree Classifier (HATC) algorithms to handle continuous data streams in order to verify which the one has the best effectiveness and efficiency in online learning. The experiment results show that these models can be used efficiently and effectively in online training.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Classification-Based Technique to Detect Social Engineering Attacks Using Continuous Data Stream Machine Learning Algorithms

  • Admilson de Ribamar Lima Ribeiro,
  • João Marco Cardoso da Silva

摘要

Traditional methods of increasing security, such as passwords, secure channels, and others, are powerless when users are targeted by social engineering attacks. These attacks are designed to manipulate individuals and organizations into revealing valuable and confidential information for the benefit of cybercriminals. Several approaches based on machine learning algorithms have been developed to detect the malicious activity of this type of attack. However, such approaches are limited by the use of static data, which is typically found in data sets. This limitation affects the accuracy of the algorithm because the training data set quickly becomes outdated, causing errors in the estimator’s prediction. Furthermore, model training is done offline due to the high computational cost of this activity. Therefore, in this paper, we analyze the use of machine learning algorithms over continuous data streams. This type of algorithm is suitable for use on the Web due to the flow treatment given to network traffic and also allows online training of the estimator to detect new attacks. Our approach eliminates the drawbacks of traditional machine learning techniques that use batch algorithms. To characterize the anomalies, we analyze the type of ‘pretexting’ attack that can occur on the Web. We adapt the K-Nearest Neighbors (KNN), Bernoulli Naive Bayes (BernoulliNB), Logistic Regression (LR) and Hoeffding Adaptive Tree Classifier (HATC) algorithms to handle continuous data streams in order to verify which the one has the best effectiveness and efficiency in online learning. The experiment results show that these models can be used efficiently and effectively in online training.