Bachelor of Arts, Wittenberg University, 2024, Computer Science

The question investigated in this thesis is whether or not machine learning can correctly classify and separate phishing emails from regular emails. Various methods of data processing were used to clean the Enron corpus including regular expression, lemmatization, and stop word removal. Results through term-frequency inverse-document-frequency (TF-IDF) and KMeans clustering yielded successful results.

Committee: Sunday Ngwobia (Advisor); Richard Phillips (Committee Member); Alyssa Hoofnagle (Committee Member) Subjects: Computer Engineering; Computer Science

Master of Science, University of Toledo, 2020, Engineering (Computer Science)

Technology developments and the growth in the use of the Internet through mobile devices have contributed to greater visibility of cybercrime by organizations and individuals. As teens are easy targets of these cybercrimes, they need to be trained on developments in cybersecurity as educating students on current cyber attacks is seen as a powerful tool to teach cybersecurity. This work presents a pedagogical strategy to train students to recognise and respond to potential attacks to alleviate them. This is achieved by cybersecurity activities based on observational, experiential, and real-life practice. Two malicious phishing android applications have been developed, namely Social-Phish, Chat-Phish, and one focusing on cyber-secure practices, namely Quiz Your Permissions. By thoroughly exercising the application, psychological learning is emphasized in this approach. The underlying objectives of this research are to establish a security mindset, to raise awareness of threats associated with the use of smartphones and tablets, and to instill interest among high school students in cybersecurity careers.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Computer Engineering; Curriculum Development; Education

MS, Kent State University, 2019, College of Arts and Sciences / Department of Computer Science

As a response to the overall lack of success in educating social media users about their digital security, this thesis seeks to test a new method of hands-on education based on the simulation and recreation of social media environments paired with realistic identity theft experiences as a means of creating first-hand experience under controlled conditions. This thesis lays out the basic details of the system then details the means by which this system was tested on multiple cohorts of high-school age students, and the resulting effects, gauged by survey results and through the analysis of logged performance records, that the system had on their overall awareness and attitude towards privacy security issues.

Committee: Kambiz Ghazinour (Advisor); Jonathan Maletic (Committee Member); Feodor Dragan (Committee Member) Subjects: Computer Science

Master of Sciences, Case Western Reserve University, 2019, EECS - Computer and Information Sciences

Online phishing is one of the most epidemic crime schemes of the modern Internet. A common countermeasure involves checking URLs against blacklists of known phishing websites, which are traditionally compiled based on manual verification, and is inefficient. Thus, as the Internet scale grows, automatic URL detection is increasingly important to provide timely protection to end users. In this thesis, we propose an effective and flexible malicious URL detection system with a rich set of features reflecting diverse characteristics of phishing webpages and their hosting platforms, including features that are hard to forge by a miscreant. Using Random Forests algorithm, our system enjoys the benefit of both high detection power and low error rates. Based on our knowledge, this is the first study to conduct such a large-scale websites/URLs scanning and classification experiments taking advantage of distributed vantage points for feature collection. Experiment results demonstrate that our system can be utilized for automatic construction of blacklists by a blacklist provider.

Committee: Michael Rabinovich (Advisor); Michael Rabinovich (Committee Chair); Soumya Ray (Committee Member); Andy Podgurski (Committee Member) Subjects: Computer Science

Master of Science, The Ohio State University, 2014, Industrial and Systems Engineering

Cyber-attacks are considered the greatest domestic security threat in the United States and among the greatest international security threats. In the recent past, phishing and “denial of service” attacks are starting to become the most relevant forms of cyber intrusion, even while they can involve exploiting system vulnerabilities. Specifically, phishing attacks are reaching the level at which many large organizations are seriously considering purchasing technology and adopting mitigating practices. Therefore, data-driven decision support technology relating to mitigating or avoiding phishing and denial of service attacks are increasingly relevant. A key element of the proposed approach is to treat management of phishing and denial of service cyber-attacks in a manner similar to quality management in production systems. Phishing control charting can become critical tools in both moving target (MT) decision-making and metric development, just as similar techniques are already in manufacturing and service operations. In this thesis, we explore the case study application of design for six sigma to create a proposed integrated system response to phishing email attacks. Specifically, we used a CTQ flow diagram to clarify the relevance of CTQ characteristics including the number of phishing emails and the number of suspended accounts. In Chapter 3, we describe the observed autocorrelations in time series corresponding to both CTQ characteristics. This motivated the use of moving centerline demerit (MCD) charts from a standard reference. From developing an interrelationship diagram, we identified several important interrelationships including the relationship between phishing emails and organizational password policies. Clear seasonality was observed in the data suggesting that responsiveness in certain months (January and summer months) are months are more critical than other months. Strong patterns were identified in that selected sub-populations were much more prone to (open full item for complete abstract)

Committee: Theodore Allen (Advisor); Cathy Xia (Committee Member) Subjects: Industrial Engineering; Operations Research; Statistics