Neda Abdelhamid

Phishing detection based Associative Classification data mining

Abstract Website phishing is considered one of the crucial security challenges for the online community due to the massive numbers of online transactions performed on a daily basis. Website phishing can be described as mimicking a trusted website to obtain sensitive information from online users such as usernames and passwords. Black lists, white lists and the utilisation of search methods are examples of solutions to minimise the risk of this problem. One intelligent approach based on data mining called Associative Classification (AC) seems a potential solution that may effectively detect phishing websites with high accuracy. According to experimental studies, AC often extracts classifiers containing simple “If-Then” rules with a high degree of predictive accuracy. In this paper, we investigate the problem of website phishing using a developed AC method called Multi-label Classifier based Associative Classification (MCAC) to seek its applicability to the phishing problem. We also want to identify features that distinguish phishing websites from legitimate ones. In addition, we survey intelligent approaches used to handle the phishing problem. Experimental results using real data collected from different sources show that AC particularly MCAC detects phishing websites with higher accuracy than other intelligent algorithms. Further, MCAC generates new hidden knowledge (rules) that other algorithms are unable to find and this has improved its classifiers predictive performance.

MAC: A Multiclass Associative Classification Algorithm

Associative classification (AC) is a data mining approach that uses association rule discovery methods to build classification systems (classifiers). Several research studies reveal that AC normally generates higher accurate classifiers than classic classification data mining approaches such as rule induction, probabilistic and decision trees. This paper proposes a new multiclass AC algorithm called MAC. The proposed algorithm employs a novel method for building the classifier that normally reduces the resulting classifier size in order to enable end-user to more understand and maintain it. Experimentations against 19 different data sets from the UCI data repository and using different common AC and traditional learning approaches have been conducted with reference to classification accuracy and the number of rules derived. The results show that the proposed algorithm is able to derive higher predictive classifiers than rule induction (RIPPER) and decision tree (C4.5) algorithms and very competitive to a known AC algorithm named MCAR. Furthermore, MAC is also able to produce less number of rules than MCAR in normal circumstances (standard support and confidence thresholds) and in sever circumstances (low support and confidence thresholds) and for most of the data sets considered in the experiments.

Associative Classification Approaches: Review and Comparison

Associative classification (AC) is a promising data mining approach that integrates classification and association rule discovery to build classification models (classifiers). In the last decade, several AC algorithms have been proposed such as Classification based Association (CBA), Classification based on Predicted Association Rule (CPAR), Multi-class Classification using Association Rule (MCAR), Live and Let Live (L3) and others. These algorithms use different procedures for rule learning, rule sorting, rule pruning, classifier building and class allocation for test cases. This paper sheds the light and critically compares common AC algorithms with reference to the abovementioned procedures. Moreover, data representation formats in AC mining are discussed along with potential new research directions.

PREDICTION PHASE IN ASSOCIATIVE CLASSIFICATION MINING

Associative classification (AC) is an important data mining approach which effectively integrates association rule mining and classification. Prediction of test data is a fundamental step in classification that impacts the outputted system accuracy. In this paper, we present three new prediction methods (Dominant Class Label, Highest Average Confidence per Class, Full Match Rule) and one rule pruning procedure (Partial Matching) in AC. Furthermore, we review current prediction methods in AC. Experimental results on large English and Arabic text categorisation data collections (Reuters, SPA) using the proposed prediction methods and other popular classification algorithms (SVM, KNN, NB, BCAR, MCAR, C4.5, etc.), have been conducted. The bases of the comparison in the experiments are classification accuracy and the Break-Even-Point (BEP) evaluation measures. The results reveal that our prediction methods are very competitive with reference to BEP if compared with known AC prediction approaches such as those of 2-PS, ARC-BC and BCAR. Moreover, the proposed prediction methods outperform other existing methods in traditional classification approaches such as decision trees, and probabilistic with regards to accuracy. Finally, the results indicate that using the proposed pruning procedure in AC improved the accuracy of the outputted classifier.

Multi-Label Rules Algorithm Based Associative Classification

Current associative classification (AC) algorithms generate only the most obvious class linked with a rule in the training data set and ignore all other classes. We handle this problem by proposing a learning algorithm based on AC called Multi-label Classifiers based Associative Classification (MCAC) that learns rules associated with multiple classes from single label data. MCAC algorithm extracts classifiers from the whole training data set discovering all possible classes connected with a rule as long as they have sufficient training data representation. Another distinguishing feature of the MCAC algorithm is the classifier building method that cuts down the number of rules treating one known problem in AC mining which is the exponential growth of rules. Experimentations using real application data related to a complex scheduling problem known as the trainer timetabling problem reveal that MCACs predictive accuracy is highly competitive if contrasted with known AC algorithms.

Phishing detection: A recent intelligent machine learning comparison based on models content and features

In the last decade, numerous fake websites have been developed on the World Wide Web to mimic trusted websites, with the aim of stealing financial assets from users and organizations. This form of online attack is called phishing, and it has cost the online community and the various stakeholders hundreds of million Dollars. Therefore, effective counter measures that can accurately detect phishing are needed. Machine learning (ML) is a popular tool for data analysis and recently has shown promising results in combating phishing when contrasted with classic anti-phishing approaches, including awareness workshops, visualization and legal solutions. This article investigates ML techniques applicability to detect phishing attacks and describes their pros and cons. In particular, different types of ML techniques have been investigated to reveal the suitable options that can serve as anti-phishing tools. More importantly, we experimentally compare large numbers of ML techniques on real phishing datasets and with respect to different metrics. The purpose of the comparison is to reveal the advantages and disadvantages of ML predictive models and to show their actual performance when it comes to phishing attacks. The experimental results show that Covering approach models are more appropriate as anti-phishing solutions, especially for novice users, because of their simple yet effective knowledge bases in addition to their good phishing detection rate.

Deriving Correlated Sets of Website Features for Phishing Detection: A Computational Intelligence Approach

Classification is one of the major tasks in data mining which aims to build classifiers for decision making. One of the most recent online threats is phishing, which has caused significant losses to online shoppers, electronic businesses and financial institutions. A common way of phishing is impersonating online websites to deceive online users and steal their financial information. One way to guide the anti-phishing classification method is to preliminarily identify a minimal set of related features so the search space can be reduced. The aim of this paper is to compare different features assessment techniques in the website phishing context in order to determine the minimal set of features for detecting phishing activities. Experimental results on real phishing datasets consisting of 30 features has been conducted using three known features selection methods. New features cutoffs have been identified after statistical analysis utilising three data mining classification methods. We have been able to identify new clusters of features that when used together are able to detect phishing activities. Further, important correlations among common features have been derived.

Associative Classification Common Research Challenges

Association rule mining involves discovering concealed correlations among variables often from sales transactions to help managers in key business decision involving items shelving, sales and planning. In the last decade, association rule mining methods have been employed in deriving rules from classification dataset in different business domains. This has resulted in an emergence of new classification approach called Associative Classification (AC), which often produces higher predictive classifiers than classic approaches such as decision trees, greedy and rule induction. Nevertheless, AC suffers from noticeable challenges some of which have been inherited from association rules and others have been resulted from building the classifier phase. These challenges are not limited to the massive numbers of candidate ruleitems found, the very large classifiers derived, the inability to handle multi-label datasets, and the design of rule pruning, ranking and prediction procedures. This article highlights and critically analyzes common challenges faced by AC algorithms that are still sustained. Hence, it opens the door for interested researchers to further investigate these challenges hoping to enhance the overall performance of this approach and increase it applicability in research domains.

A visualization cybersecurity method based on features' dissimilarity

Abstract Phishing attacks on websites are a serious problem that has seen a recent dramatic increase due to the higher volume of online financial transactions and advancements in computer network technology. One of the main challenges with existing intelligent phishing detection approaches is that despite their promising detection rates they do not provide novice users with alerting mechanisms in order to enrich users’ experience and knowledge of deceptive techniques. This paper proposes a new anti-phishing technique that not only detects phishing websites accurately, but also offers to novice users an alerting mechanism with rich rules. The key to success in the proposed anti-phishing technique are the features that have been developed by using a hybrid feature analysis. These provide visual cues in the web browser when phishing attacks occur. The rich rules are derived using a fuzzy rule induction approach and they can be utilized by the novice users to understand the security issues of the phishing problem. To evaluate the proposed technique, several experiments have been conducted using feature selection methods and classification algorithms (Furia, SMO, AdaBoost, Naive Bayes, C4.5) against distinctive feature sets derived from a real phishing dataset. The results show that there are six features, which are not redundant, and when processed using Furia generate effective phishing detection models. More importantly, detection of these features is the basis of an alerting tool for pinpointing possible phishing attacks.