1. Automated Test Case Generator for Phishing Prevention Using Generative Grammars and Discriminative Methods
- Author
-
Palka, Sean
- Abstract
This research details a methodology designed for creating content in support of various phishing prevention tasks including live exercises and detection algorithm research. Our system uses probabilistic context-free grammars (PCFG) and variable interpolation as part of a multi-pass method to create diverse and consistent phishing email content on a scale not achieved in previous research. This system, which we have named PhishGen, is capable of generating a large amount of unique content that can be used in live exercises, or alternatively used to build training datasets for phishing detection methods and filter settings. PhishGen is a web-based application that implements our underlying methodology to provide a user-interface for building and modifying PCFG rules and weights. The system is released as an open-source tool in order to allow access to other researchers. PhishGen has already been used in support of live commercial phishing exercises and is in the process of being utilized for content development for commercial frameworks. As part of our research, we present the results of multiple studies supporting our hypothesis regarding the impact of content on phishing exercises. We present a study focusing specifically on how phishing content affects click-through rates, and demonstrate how compelling content generates significantly higher click-through rates when compared to poorly crafted phishing content. We then present the results of a study that investigates whether content maintains its utility when being replayed across a population. The results of these initial motivational studies provided empirical evidence that content generation is a topic worth investigating. Next we present the results of a more thorough study involving the entire population of medium-sized commercial organization, in which we demonstrate again the impact of content-complexity and provide a normalization approach that takes into account differences in phishing e-mails. We then present several studies to test the effectiveness of PhishGen, during which several live phishing exercises were run to demonstrate how our generated content performs compared to phishing e-mails manually crafted by experts. We also present the results of simulations that did not involve live exercises to measure various characteristics of content created by PhishGen. Finally, we demonstrate how PhishGen is able to adapt to previous responses, or lack of responses, to generate more effective e-mails in subsequent exercises, while maintaining a higher level of diversity than existing methods of content generation. We show how this approach can be used to strengthen existing filters by identifying gaps in coverage. In all, over 115,000 test phishing e-mails were sent to over 19,000 participants in the course of our studies, making this one of the largest phishing research initiatives to date. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]
- Published
- 2015