Is This Magikarp a Gyarados?: Using Machine Learning for Phishing Detection

Presented at BSidesLV 2019, Aug. 7, 2019, 11 a.m. (55 minutes)

Sometimes, the link you clink on is harmless like a Magikarp using splash. However, sometimes the link you click on might be a Gyarados using Hyperbeam to misuse PHP and steal your credit card credentials.

Phishing campaigns remain as one of the most timeless, and prevalent attacks against a corporation. However, phishing detection and prevention used today are still rooted in archaic methodologies of producing, obtaining, and maintaining blacklists. As an alternative, research into implementing a heuristic-based approach, rooted in fundamental machine learning algorithms, for phishing prevention is becoming more common. This talk will include a discussion on the heuristically approach of extracting features from a website and assessing if they are malicious or not, exploring how to effectively use various modeling for classification on the features of a website, and the stages to build out a repository for phishing research.

Presenters:

• Veronica Weiss
  Veronica Weiss is currently a security analyst in the financial industry. She is a data science researcher in her personal time, and is very passionate about gradient boosting algorithms and has recently been focusing on cloud security. Veronica is also an undergraduate college student studying Computer Science and Statistics at Skidmore College, and can be found playing Capture the Flag (CTF) competitions with RPISEC.

Similar Presentations:

• DEF CON 16 (2008) / Let's Sink the Phishermen's Boat!
• DerbyCon 3.0 All in the Family (2013) / Phishing Like The Pros
• THOTCON 0x5 (2014) / Phishing Frenzy: 7 seconds from hook to sinker