Your Search Results

Use this resource - and many more! - in your textbook!

AcademicPub holds over eight million pieces of educational content for you to mix-and-match your way.

Experience the freedom of customizing your course pack with AcademicPub!
Not an educator but still interested in using this content? No problem! Visit our provider's page to contact the publisher and get permission directly.

Detecting hidden propagation structure and its application to analyzing phishing

By: Mingyan Liu; Yang Liu;

2014 / IEEE


This item from - IEEE Conference - 2014 International Conference on Data Science and Advanced Analytics (DSAA) - In this paper we study the problem of how to detect and extract a particular type of propagation structure that arises in phishing activities. One of the most interesting phenomena induced by phishing is fast-flux, whereby a single malicious domain is mapped to a constantly changing IP address in order to evade capture and shut-down. This leads to malicious activities observed to be propagating through different networks, even though they originate from the same phishing campaign. To be able to detect and extract such a propagation is of significant importance as it can help us understand and analyze phishing activities. To achieve this goal, we propose a multi-layered propagation model, where layers correspond to different delay stages in the propagation and each is given by an adjacency matrix called the propagation matrix which models pairwise propagation relationships. A regression problem is then formulated to estimate this set of matrices so that the model prediction best fits the data; a Gibbs sampling based randomized algorithm is developed to efficiently find solutions with guaranteed performance. We evaluate our method using both simulation and Internet measurement data.