Framework for Mitigating Phishing E-mail in the Kenyan Banking Industry Using Artificial Intelligence (AI)
DOI:
https://doi.org/10.47604/ijts.2781Keywords:
Phishing Email, Cyber Threats, Mitigation, Banking Industry, Machine Learning Algorithm, Natural Language Processing (NLP) Techniques, E-Mail Filtering, Feature Extraction, Classification, Accuracy, Precision, Recall, F1-ScoreAbstract
Purpose: Phishing is a significant cybercrime threat that affects individuals and organizations globally, including the banking industry in Kenya. The sophistication of phishing attacks continues to increase, and it is increasingly challenging traditional security measures to mitigate these threats. The purpose of this thesis is to build a framework for mitigating phishing e-mail attacks in the banking industry in Kenya using artificial intelligence. Phishing emails are among the most common techniques of cyber-attacks utilized by assailants to gain unauthorized access to sensitive information such as financial details, personal information, and login credentials. These attacks can have devastating effects on the victims, leading to financial loss, reputation damage, and even identity theft.
Methodology: The framework development consists of four main stages: data collection, data preprocessing, model training, and deployment. In the data collection stage, a dataset of phishing and non-phishing emails is gathered from various sources such as public databases, dark web forums, and bank employees mail. In the data preprocessing stage, the collected data is cleaned, preprocessed, and labeled. In the model training stage, machine learning algorithms and NLP techniques is used to develop a robust phishing and non-phishing emails detection model. In the deployment stage, the model is integrated into the bank's email system to detect and block phishing emails in real-time. The framework is then evaluated using a dataset of phishing and non-phishing e-mails collected from the banking industry in Kenya. Various metrics such as accuracy, precision, recall, and F1-score are used to evaluate the framework. The framework is able to detect new phishing e-mails that were not previously included in the dataset, demonstrating its ability to adapt to new threats.
Findings: The framework is based on a hybrid approach that combines machine learning algorithms, natural language processing (NLP) techniques, and human expertise that identify and prevent phishing emails from reaching their targets. The four main components of this framework include e-mail filtering, feature extraction, classification, and response. The e-mail filtering component uses several algorithms to identify and filter suspicious e-mails. The feature extraction component analyzes the content of the e-mail and extracts relevant features to help classify the e-mail as either legitimate or phishing. The classification component uses machine-learning algorithms to classify the e-mail as either legitimate or phishing. Finally, the response component takes appropriate action based on the classification results.
Unique Contribution to Theory, Practice and Policy: The framework provides an effective way to identify and mitigate phishing e-mail attacks, reducing the risk of data breaches and financial losses.
Downloads
References
Aas, J. (2015). Let’s Encrypt: The CA’s Role in Fighting Phishing and Malware.
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., & Doshi-Velez, F. (2017). The web's identity crisis: quantifying the privacy implications of TLS interception. Proceedings on Privacy Enhancing Technologies, 2017(1), 109-124.
Ahmad, A., Webb, J., Desouza, K. C. & Boorman, J. (2019). Strategically Motivated Advanced Persistent Threat: Definition, Process, Tactics and a Disinfirmation Model of Counterattack. In Computers & Security, Volume 86, 2019, p. 402-418.
Aljawarneh, S. A., Al-Jarrah, O. Y., & Alzoubi, K. M. (2018). Anti-phishing techniques: A review of technical approaches. Journal of Network and Computer Applications, 110, 97-122.
Almazaydeh, L., Al-Emran, M., & Shaalan, K. (2018). A comprehensive study of machine learning methods for detecting phishing websites. Journal of Information Security and Applications, 39, 44-57.
Alsariera, Y.A.; Adeyemo, V.E.; Balogun, A.O.; Alazzawi, A.K. AI Meta-Learners and Extra-Trees Algorithm for the Detection of Phishing Websites. IEEE Access 2020, 8, 142532–142542. [Google Scholar] [CrossRef]
Anderss, J. (2019). Foundations of Information Security: A Straightforward Introduction. San Francisco: No Starch Press.
Anti-Phishing Working Group Inc. (2019). Phishing Activity Trends Report: 4th Quarter 2019.
Anti-Phishing Working Group Inc. (2020). Phishing Activity Trends Report: 1st Quarter 2020 plus COVID-19 Coverage.
Anti-Phishing Working Group Inc. (2020). Phishing Activity Trends Report: 2nd Quarter 2020.
Anti-Phishing Working Group Inc. (2020). Phishing Activity Trends Report: 1st Quarter 2020 plus COVID-19 Coverage.
Anti-Phishing Working Group Inc. (2020). Phishing Activity Trends Report: 2nd Quarter 2020.
Arghire, I. (2017). SecurityWeek: Let’s Encrypt Issues 15,000 Fraudulent “PayPal” Certificates Used for Cybercrime.
Arghire, I. (2017, 27. March). SecurityWeek: Let’s Encrypt Issues 15,000 Fraudulent “PayPal” Certificates Used for Cybercrime.
Arntz, P. (2017). Malwarebytes Labs: Understanding the basics of two-factor authentication.
Arntz, P. (2017, 20. January). Malwarebytes Labs: Understanding the basics of two-factor authentication.
Avanessian, A. (2017). Retrieved from Bobsguide.com: https://www.bobsguide.com/guide/news/2017/Apr/21/why-social-engineering-remains-a-threat-to-fintechs/
Avanessian, A. (2017, April 21). Retrieved from Bobsguide.com: https://www.bobsguide.com/guide/news/2017/Apr/21/why-social-engineering-remains-a-threat-to-fintechs/Bank Phishing Scams. (2016).
Baral, S. R., Chatterjee, S., & Sengupta, S. (2019). Unsupervised machine learning approaches for phishing detection: A review. Journal of Network and Computer Applications, 131, 60-80.
Bhattacharya, A., & Banerjee, S. (2017). Hybrid feature selection and extraction approach for phishing detection using machine learning techniques. Expert Systems with Applications, 88, 345-353.
Benenson, Z., Gassmann, F. & Landwirth, R. (2017). Unpacking Spear Phishing Susceptibility. In Brenner M. et al. (eds) Financial Cryptography and Data
Benenson, Z., Girard, A., Hintz, N. & Luder, A. (2014). Susceptibility to URL-based Internet attacks: Facebook vs email. In 2014 IEEE International Conference on Pervasive Computing and Communica-tion Workshops (PERCOM WORKSHOPS), Budapest, 2014, pp. 604-609.
Bohannon, D. & Carr, N, (2017). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques.
Bright, P. (2011, 4. April). Ars Technica: Spearphishing + zero-day: RSA hack not “extremely sophisticated”.
Brumaghin, E. & Grady, C. (2017). Spoofed SEC Emails Distribute Evolved DNSMessenger.
Canzoneri, N. (2014, June 12). Postmark blog: Explaining SPF record.
Cimpanu, C. (2017, 15. December). Microsoft disables DDE Feature in Word to Prevent Further Malware Attacks.
Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151.
Chaudhry, J.A. & Rittenhouse, G.R. (2015). Phishing: Classification and Countermeasures. In 7th International Conference on Multimedia, Computer Graphics and Broadcast-ing (MulGraB), Jeju, 2015, pp. 28-31.
Chell, D. (2018, March). MDSec blog: Payload Generation using SharpShooter.
Chell, D. (2019). Macros and More with SharpShooter v2.0.
Chell, D. (2019, March). Macros and More with SharpShooter v2.0.
Chen, J., Kakara, H. & Shoji, M. (2019). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. TrendMicro.
Chen, J., Kakara, H. & Shoji, M. (2019). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. TrendMicro.
Chou, T., Ledesma, R., Terzis, A., & Mancuso, V. (2018). PhishAri: Automatic Real-time Phishing Detection on Twitter. Proceedings of the 27th USENIX Security Symposium
Chung, W. (2018). Analyzing SharpShooter – Part 1.
Chung, W. (2018, 12. September). Analyzing SharpShooter – Part 1.
Chung, W. (2018, 20. August). Analyzing SharpShooter – Part 1.
Clabur, T. (2020). The Register: To test its security mid-pandemic,
Cole, R., Moore, A., Stark, G. & Stancill, B. (2020). STOMP 2 DIS: Brilliance in the (Visual) Basic.
Cole, R., Moore, A., Stark, G. & Stancill, B. (2020, 5. February). STOMP 2 DIS: Brilliance in the (Visual) Basic.
Conference (ACM-SE ‘11). Asso-ciation for Computing Machinery, New York, USA, 328-329.
Cormack, G. V. (2008). Email spam filtering: A systematic review. Now Publishers Inc.
Cova, M., Kruegel, C. & Vigna, G. (2008). There is no free phish: An analysis of "free" and live phishing kits. In Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies
CrowdStrike. (2019). CrowdStrike blog: Who is FANCY BEAR (APT28)?.
CrowdStrike. (2019, February 12). CrowdStrike blog: Who is FANCY BEAR (APT28).
CrowdStrike. (2020). 2020 Global Threat Report.
Cybersecurity & Infrastructure Security Agency. (2020, 16. April). Continued Threat Actor Exploitation Post Pulse Secure VPN Patching.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Asiema Mwavali
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
