Faculty Publications
Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736
Publications by NITK Faculty
Browse
20 results
Search Results
Item Effect of wo3 powder particle shape, size and bulk density, on the grain size and grain size distribution of tungsten metal powder(European Powder Metallurgy Association (EPMA) info@epma.com, 2015) Raj, K.; Shivaram, G.; Rao, R.S.; Rengarajan, R.In order to study the effect of size, shape and bulk density, two types of WO3 powder samples with different bulk densities (low and high) were selected. These powder samples were subjected to reduction under similar condition. Tungsten metal powders obtained after reduction were subjected to SEM analysis to study the grain shape, size and its grain size distribution. Reduced powders were then characterized using Air permeability test and Laser particle granulometry test to find out average particle size and particle size distribution, respectively. SEM analysis and test results are detailed in this paper.Item Kernel Modification APT Attack Detection in Android(Springer Verlag service@springer.de, 2017) Anto, A.; Rao, R.S.; Pais, A.R.Android is one of the most secure and widely used operating systems for the mobile platform. Most of the Android devices have the functionality for rooting and installing new custom ROMs and kernels in the device. This feature of the Android devices makes it vulnerable to the kernel-modification advanced persistent threat attack (APT). This type of APT attacks cannot be detected by using existing tools and methods. This paper presents the implementation details of a kernel-modification APT attack performed on an android device and proposes a new method for detecting the same. The proposed system uses control flow analysis of the kernel binary code for detecting APT. In control flow analysis the control flow graph of the genuine kernel is compared with the control flow graph of the device-kernel and detects the APT based on signatures. © 2017, Springer Nature Singapore Pte Ltd.Item An enhanced blacklist method to detect phishing websites(Springer Verlag service@springer.de, 2017) Rao, R.S.; Pais, A.R.Existing anti-phishing techniques like whitelist or blacklist detect the phishing sites based on the database of approved and unapproved URLs. Most of the current phishing attacks are actually replicas or variations of other attacks in the database. In this paper, we propose an enhanced blacklist method which uses key discriminate features extracted from the source code of the website for the detection of phishing websites. The main focus of our work is to detect the phishing sites which are replicas of existing websites with manipulated content. Each phishing website is identified with a unique fingerprint which is generated from the set of proposed features. We used Simhash algorithm to generate fingerprint for each website. The features used for calculating fingerprint are filenames of the request URLs (js, img, CSS, favicon), pathnames of request URLs (CSS, scripts, img, anchor links), and attribute values of tags (H1, H2, div, body, form). Our experimentation detected 84.36% of phishing sites as replicas of other phishing websites with manipulated content while maintaining zero false positive rate. The proposed method is similar to that of traditional blacklist with an advantage that it can detect replicated and manipulated phishing sites efficiently. © Springer International Publishing AG 2017.Item Detecting phishing websites using automation of human behavior(Association for Computing Machinery, Inc acmhelp@acm.org, 2017) Rao, R.S.; Pais, A.R.In this paper, we propose a technique to detect phishing attacks based on behavior of human when exposed to fake website. Some online users submit fake credentials to the login page before submitting their actual credentials. He/She observes the login status of the resulting page to check whether the website is fake or legitimate. We automate the same behavior with our application (FeedPhish) which feeds fake values into login page. If the web page logs in successfully, it is classified as phishing otherwise it undergoes further heuristic filtering. If the suspicious site passes through all heuristic filters then the website is classified as a legitimate site. As per the experimentation results, our application has achieved a true positive rate of 97.61%, true negative rate of 94.37% and overall accuracy of 96.38%. Our application neither demands third party services nor prior knowledge like web history, whitelist or blacklist of URLS. It is able to detect not only zero-day phishing attacks but also detects phishing sites which are hosted on compromised domains. © 2017 Copyright held by the owner/author(s).Item Machine Learning-Based Technique for Phishing URLs Detection from TLS 1.2 and TLS 1.3 Traffic Without Decryption(Springer Science and Business Media Deutschland GmbH, 2023) Kumar, M.; Pais, A.R.; Rao, R.S.Phishing is one of the major leading cyberattack leading to huge financial loss and sensitive information loss such as account information, card details, password, login credentials. Existing techniques for phishing URL detection are unable to efficiently classify them. The use of TLS 1.2 and TLS 1.3 for client/server applications to communicate over the Internet securely has also contributed to the increase in these attacks. TLS 1.2 and TLS 1.3 traffic is encrypted, so detecting phishing URLs from encrypted traffic without decryption is a challenging task. In this paper, a machine learning (ML)-based technique is proposed for the detection of phishing URLs from encrypted traffic. The features are extracted from TLS 1.2 and TLS 1.3 traffic and based on the extracted features URLs are classified using ML algorithms. The dataset has been prepared for legitimate and phishing sites based on the features extracted from TLS 1.2 and TLS 1.3 traffic. Based on the experimental results, it is observed that the proposed model achieved promising results in the detection of phishing URLs from the encrypted traffic with an accuracy of 89.6%. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.Item Machine learning models for phishing detection from TLS traffic(Springer, 2023) Kumar, M.; Kondaiah, C.; Pais, A.R.; Rao, R.S.Phishing is a fraudulent tactic for attackers to obtain victims personal information, such as passwords, account details, credit card details, and other sensitive information. Existing anti-phishing detection methods using at the application layer and cannot be applied at the transport layer. A novel machine learning (ML) based phishing detection technique from transport layer security (TLS) 1.2 and TLS 1.3 encrypted traffic without decryption is proposed in this paper. Our proposed model detects phishing URLs at the transport layer and classifies them as legitimate or phishing. The features are extracted from TLS 1.2 and TLS 1.3 traffic, and phishing detection is performed using ML algorithms based on the extracted features. The datasets for legitimate and phishing sites are created using features derived from TLS 1.2 and TLS 1.3 traffic. According to the experimental results, the proposed model effectively detects phishing URLs in encrypted traffic. The proposed model achieves an accuracy of 93.63% for Random Forest (RF), 95.07% for XGBoost (XGB), and the highest accuracy of 95.40% for Light GBM (LGBM). © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.Item Jail-Phish: An improved search engine based phishing detection system(Elsevier Ltd, 2019) Rao, R.S.; Pais, A.R.Stealing of sensitive information (username, password, credit card information and social security number, etc.) using a fake webpage that imitates trusted website is termed as phishing. Recent techniques use search engine based approach to counter the phishing attacks as it achieves promising detection accuracy. But, the limitation of this approach is that it fails when phishing page is hosted on compromised server. Moreover, it also results in low true negative rate when newly registered or non-popular domains are encountered. Hence, in this paper, we propose an application named as Jail-Phish, which improves the accuracy of the search engine based techniques with an ability to detect the Phishing Sites Hosted on Compromised Servers (PSHCS) and also detection of newly registered legitimate sites. Jail-Phish compares the suspicious site and matched domain in the search results for calculating the similarity score between them. There exists some degree of similarity such as logos, favicons, images, scripts, styles, and anchorlinks within the pages of the same website whereas on the other side, the dissimilarity within the pages is very high in PSHCS. Hence, we use the similarity score between the suspicious site and matched domain as a parameter to detect the PSHCS. From the experimental results, it is observed that Jail-Phish achieved an accuracy of 98.61%, true positive rate of 97.77% and false positive rate less than 0.64%. © 2019 Elsevier LtdItem Detection of phishing websites using an efficient feature-based machine learning framework(Springer London, 2019) Rao, R.S.; Pais, A.R.Phishing is a cyber-attack which targets naive online users tricking into revealing sensitive information such as username, password, social security number or credit card number etc. Attackers fool the Internet users by masking webpage as a trustworthy or legitimate page to retrieve personal information. There are many anti-phishing solutions such as blacklist or whitelist, heuristic and visual similarity-based methods proposed to date, but online users are still getting trapped into revealing sensitive information in phishing websites. In this paper, we propose a novel classification model, based on heuristic features that are extracted from URL, source code, and third-party services to overcome the disadvantages of existing anti-phishing techniques. Our model has been evaluated using eight different machine learning algorithms and out of which, the Random Forest (RF) algorithm performed the best with an accuracy of 99.31%. The experiments were repeated with different (orthogonal and oblique) random forest classifiers to find the best classifier for the phishing website detection. Principal component analysis Random Forest (PCA-RF) performed the best out of all oblique Random Forests (oRFs) with an accuracy of 99.55%. We have also tested our model with the third-party-based features and without third-party-based features to determine the effectiveness of third-party services in the classification of suspicious websites. We also compared our results with the baseline models (CANTINA and CANTINA+). Our proposed technique outperformed these methods and also detected zero-day phishing attacks. © 2018, The Natural Computing Applications Forum.Item PhishDump: A multi-model ensemble based technique for the detection of phishing sites in mobile devices(Elsevier B.V., 2019) Rao, R.S.; Vaishnavi, T.; Pais, A.R.Phishing is a technique in which the attackers trick the online users to reveal the sensitive information by creating the phishing sites which look similar to that of legitimate sites. There exist many techniques to detect phishing sites in desktop computers. In recent years, the number of mobile users accessing the web has increased which lead to a rise in the number of attacks in mobile devices. Existing techniques designed for desktop computers may not be suitable for mobile devices due to their hardware limitations such as RAM, Screen size, low computational power etc. In this paper, we propose a mobile application named PhishDump to classify the legitimate and phishing websites in mobile devices. PhishDump is based on the multi-model ensemble of Long Short Term Memory (LSTM) and Support Vector Machine (SVM) classifier. As PhishDump focuses on the extraction of features from URL, it has several advantages over existing works such as fast computation, language independence and robust to accidental download of malwares. From the experimental analysis, we observed that our proposed multi-model ensemble outperformed traditional LSTM character and word-level models. PhishDump performed better than the existing baseline models with an accuracy of 97.30% on our dataset and 98.50% on the benchmark dataset. © 2019 Elsevier B.V.Item CatchPhish: detection of phishing websites by inspecting URLs(Springer, 2020) Rao, R.S.; Vaishnavi, T.; Pais, A.R.There exists many anti-phishing techniques which use source code-based features and third party services to detect the phishing sites. These techniques have some limitations and one of them is that they fail to handle drive-by-downloads. They also use third-party services for the detection of phishing URLs which delay the classification process. Hence, in this paper, we propose a light-weight application, CatchPhish which predicts the URL legitimacy without visiting the website. The proposed technique uses hostname, full URL, Term Frequency-Inverse Document Frequency (TF-IDF) features and phish-hinted words from the suspicious URL for the classification using the Random forest classifier. The proposed model with only TF-IDF features on our dataset achieved an accuracy of 93.25%. Experiment with TF-IDF and hand-crafted features achieved a significant accuracy of 94.26% on our dataset and an accuracy of 98.25%, 97.49% on benchmark datasets which is much better than the existing baseline models. © 2019, Springer-Verlag GmbH Germany, part of Springer Nature.