Upload File

antiphish project presentation · antiphish project presentation b r ia n w it t e n december 2006....

  • Home
  • Documents
  • AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package
18
AntiPhish Project Presentation Brian Witten December 2006

Upload: others

Post on 24-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

AntiPhish Project Presentation

Brian Witten

December 2006

Page 2: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

2Brian Witten

December 18th 2006

Agenda

1. Work Package 2 – Requirements and Specification

2. Work Package 1– Data Generation and Dissemination

3. Work Package 5 – Message Pre-processing & Feature Extraction

4. Work Package 6 – Advanced Learning Technology

5. Work Package 3 – Integration and Validation

6. Work Package 4– Wireless Platform

7. Work Package 7– Dissemination and Exploitation

8. Work Package 8– Project Management and Coordination

Agenda

Page 3: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

3Brian Witten

December 18th 2006

Work Package 2 – Requirements and Specification

• Architecture (Work Package Depiction)

• Architecture (Run-Time Depiction)

• Performance Requirements

• Continued Change in Spam and Phishing Threats: Image Spam

• Projected Revision to Run-Time Architecture

WP2 Requirements & Specification

Page 4: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

4Brian Witten

December 18th 2006

Work Package 2 – Architecture Specification(Work Package Depiction)

WP 8 Project Management and CoordinationFraunhofer IAIS

WP 2 Requirements and SpecificationSymantec Ireland

WP

1D

ata

Ge n

erat

ion

Sym

ante

cIr e

land

WP

3In

tegr

atio

nan

dVa

lidat

ion

Sym

ante

cIre

land

WP 5 Preprocessing and Feature Extraction

K.U. Leuven

WP 6 Learning TechnologyFraunhofer IAIS

WP

7D

isse

min

atio

nan

dE

xplo

itat io

nLI

RI C

WP

4W

irele

sspl

atfo

rmN

orte

lWP 8 Project Management and Coordination

Fraunhofer IAIS

WP 2 Requirements and SpecificationSymantec Ireland

WP

1D

ata

Ge n

erat

ion

Sym

ante

cIr e

land

WP

3In

tegr

atio

nan

dVa

lidat

ion

Sym

ante

cIre

land

WP 5 Preprocessing and Feature Extraction

K.U. Leuven

WP 6 Learning TechnologyFraunhofer IAIS

WP

7D

isse

min

atio

nan

dE

xplo

itat io

nLI

RI C

WP

4W

irele

sspl

atfo

WP 8 Project Management and CoordinationFraunhofer IAIS

WP 2 Requirements and SpecificationSymantec Ireland

WP

1D

ata

Ge n

erat

ion

Sym

ante

cIr e

land

WP

3In

tegr

atio

nan

dVa

lidat

ion

Sym

ante

cIre

land

WP 5 Preprocessing and Feature Extraction

K.U. Leuven

WP 6 Learning TechnologyFraunhofer IAIS

WP

7D

isse

min

atio

nan

dE

xplo

itat io

nLI

RI C

WP

4W

irele

sspl

atfo

rmN

orte

l

WP2 Requirements & Specification

Page 5: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

5Brian Witten

December 18th 2006

Work Package 2 – Architecture Specification (Run Time Depiction)

Labeled DataUnlabeled Data

Feature Extraction

Feature Weighting

Unlabeled Data Policy Enforcement

Point

Analysis System

Features

Blocking Rules

Messages Not Blocked

Blocked Messages

WP2 Requirements & Specification

Page 6: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

6Brian Witten

December 18th 2006

1.00

Desired PerformanceRegion

Work Package 2 – Performance Requirements

• Develop dynamic feature selection of sufficient quality to beat past performance of machine learning (ML) techniques, even where ML techniques were optimized with static feature selection.

• Performance Points:

• A: Prototype (Phishing)

• B: Production Requirement (Phishing)

• C: Production Goal (Phishing)

• D: Brightmail (Spam, Current)

• Additional requirements includenumber of messages per minute,volume per minute in megabytes,and with reasonable hardwareand staff availability constraints.

WP2 Requirements & Specification

Page 7: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

7Brian Witten

December 18th 2006

Continued Change in Spam and Phishing Threats:Image Spam

• Older image salting techniques were visually discernable.

• Some of the newer image salting techniques are more dangerous in Phishing because they are not visually discernable.

Example of Older Image Salting Techniques• However, because realism and

effectiveness of Phishing attacks are highly correlated, this makes Optical Character Recognition (OCR) techniques more applicable to Phishing than other Spam.

• OCR requires more CPU

• So this may requirebroadening our architecture.

WP2 Requirements & Specification

Page 8: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

8Brian Witten

December 18th 2006

Work Package 2 – Proposed Revision to Run Time Architecture

Labeled DataUnlabeled Data

Feature Extraction Feature Weighting

Unlabeled DataText Policy

Enforcement Point

Analysis System

Features

Blocking Rules

Visual Policy Enforcement

Point

WP2 Requirements & Specification

Page 9: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

9Brian Witten

December 18th 2006

Work Package 1– Data Generation

• Privacy Agreements completedwith both Fraunhofer and K.U.Leuven

• Final draft is presented on the right.

• First dataset:

• 32 GB of Spam

• 500 MB of Ham in English

• Nearly 100 MB of Ham not in English

• Second dataset:

• Collecting 5GB with old hardware

• New hardware should work faster

We currently process billions of messages per day. The datasets represent the very small fraction of messages that

can be shared while respecting privacy concerns.

WP1 Data Generation

Page 10: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

10Brian Witten

December 18th 2006

Work Package 5: Message Preprocessing/Feature Extraction

• Message Preprocessing

• Message instantiation.

• Message text extraction

• Message structure extraction

• Feature Extraction

• T5.1 – salting features

• T5.2 – syntactic features

• T5.4 – structure & layout features

• Gathering statistics

WP5 Message Processing

Page 11: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

11Brian Witten

December 18th 2006

Work Package 5: Message Preprocessing/Feature Extraction

WP5 Message Preprocessing

Page 12: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

12Brian Witten

December 18th 2006

Work Package 6 – Advanced Learning Technology

Implement a number of algorithms: tradeoff: speed vs. performance vs. memory

• On-line learning with kernels (Kivinen et al 2001)Very efficient for very high dimensional learning.

• Implement Perceptron passive: do nothing if no errorincrease margin (conv. Theorem)

• Implement MIRA [Crammer 04,06] passive: do nothing if no erroraggressive: learn current example perfectly

• Investigate LASVM [Bordes et al. 05]select / drop support vectors; online learning approaching SVM-solution

• Investigate L2-SVM [Keerthi, DeCoste 05]square loss, 400-fold speed increase vs. usual SVM

),(ˆ iii xwsigny !

"#$

%!

!% elsexywyyw

wiii

iiii

ˆ if1

WP6 Advanced Learning

Page 13: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

13Brian Witten

December 18th 2006

Work Package 3 – Proposed Integration Architecture

Labeled DataUnlabeled Data

Feature Weighting

Analysis System

Data andAnnotations(Primary and

Additional Annotations)

Aggregate Analysis Engine

Analysis Engines ForFeature Extraction

Analysis Engines ForFeature Extraction

Analysis Engines ForFeature Extraction

Analysis Engines ForFeature Extraction

Analysis Engines ForFeature Extraction

Machine LearningBased Optimization of Feature Weighting

Machine LearningBased Optimization of Feature Extraction

Performance to be validated in Brightmail testing

WP3 Proposed Integration

Page 14: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

14Brian Witten

December 18th 2006

Work Package 4– Wireless Platform

• Apply AntiPhish techniques to Wireless environment, witha specific focus on legacy 3GPP network architectures

• Demonstrate applicability to the ever growing wirelesstraffic, including mail, SMS, MMS, …

• Current architecture is:

• access type agnostic (e.g. 2G/GSM, 3G/UTRAN, 4G/LTE and possibly WLAN access)

• compatible with 3PGG upcoming "Enhanced Packet Core" evolutions being studied

Access Network

Nortel WirelessEdge Node

(possibly a GGSN)

Core NetworkIMS domain

Incoming /out-going

Internet traffic

Filtering information from Symantec

WP4 Wireless Platform

Page 15: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

15Brian Witten

December 18th 2006

Work Package 7 – Dissemination and Exploitation

• Licensing agreements have been established between Symantec and Nortel, Tiscali, Fraunhofer, and K.U.Leuvenfor the commercial exploitation of the research

• On December 4, 2006, Symantec issued a press release on behalf of the consortia members with their approvals

• Several periodicals covered the press release

• Translations are now hosted on Symantec websitesin many languages throughout Europe

• The full text of this press release is given on the next slide.

WP7 Dissemination and Exploitation

Page 16: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

16Brian Witten

December 18th 2006WP7 Dissemination and Exploitation

Page 17: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

17Brian Witten

December 18th 2006

Work Package 8 – Project Management and Coordination

• Schedule of Meetings Held to Date

• Darmstadt, DE (30.01.-01.02.2006)

• Bonn, DE (01.06.2006)

• Cagliari, IT (11.09.2006)

• Leuven, BE (10.01.2007)

• Coordination is also done through e-mail mailing lists, a private web server providing Basic Support for Collaborative Work (BSCW), and monthly teleconferences.

• Changes in Participation

• On departure of Thomas Hofmann from Fraunhofer IPSI, responsibility with Fraunhofer shifted to Fraunhofer IAIS

WP8 Project Management

Page 18: AntiPhish Project Presentation · AntiPhish Project Presentation B r ia n W it t e n December 2006. B r ia n W it t e n 2 D e c e m b e r 1 8 t h 2 0 0 6 A g e n d a 1 . Work Package

18Brian Witten

December 18th 2006

Summary

• Concluding the first year of a three year effort

• Fraunhofer and K.U.Leuven are making rapid progress in lab

• Spam and Phishing threats are adapting quickly,and the AntiPhish consortia is adapting quickly to these threats

• Emphasis for the coming year will be on completing the lab prototype and integrating it with current systems for field tests

Summary


Lif e lin e a n d Pe n n sy l v a n ia Th e Na tio n a l S

ucti C e veMedic m in A e CentrumExc el n t ia e E s t ......A m e r i c a n C e n t e r fo rRep o d u c ti v e M e d i c i n e C e n tr u m Exc el n t ia e E s t . 1 9 Ranked One

FTNisFiiTj`.e[o N iE`.D`.u-..¢``AT±!iA PAR T±`e`u±Ai ±

A G E N E R A T IN G F U N C T IO N A S S O C IA T E D W ... · N ov 1967 A G E N E R A T IN G F U N C T IO N A S S O C IA T E D W IT H T H E G E N E R A L IZ E D S T IR L IN G N

R E SIDE N C IA L P L A T E A

E U L E R IA N NUMBER S A S S O C IA T E D W IT H S E Q U ... · PDF fileE U L E R IA N NUMBER S A S S O C IA T E D W IT H S E Q U E N C E S O F P O L Y N O M IA L S M . V . K outras

IN T U N IS IA E N T R E P R E N E U R S H IP S O C IA …documents.worldbank.org/curated/en/279141492581023901/...In the wake of the Jasmin Revolution, the social entrepreneurship

FUNDING SYSTEM RE-DESIGN FOR EMPLOYMENT AND DAY SERVICES · 3 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% n at ia e d t o n ae s ao h io in a aia g a a ia y e s ia ia ia a a i y is

I N D O N E S IA K E F A R M A S I AN J U R N A L

U N D A N G -U N D A N G M A L A Y S IA - AGC 64… · p e s u r u h ja y a p e n y e m a k u n d a n g -u n d a n g , m a l a y s ia

T h e L a w r e n t ia n - lux.lawrence.edu

O N A G E N E R A L IZ A T IO N O F T H E B IN O M IA L T ... · PDF fileO N A G E N E R A L IZ A T IO N O F T H E B IN O M IA L T H E O R E M ... (say an=a), as the corresponding

R IS IN G D IA G O N A L P O L Y N O M IA L S A S S O C IA T E D W IT H ... · R IS IN G D IA G O N A L P O L Y N O M IA L S A S S O C IA T E D W IT H M O R G A N -V O Y C E P O L

T h e L a w r e n t ia n - Lawrence University

New The Howard Family Happy Hanukah Happy Chanukah · 2018. 4. 3. · 13 ta tn eria n er ia ta t ia ta t ia n er ia ta t ia n er ia ta t n eria Shalom ta t n eria hnk © 2009 statianery

IN T E R N E T : E S T R A T E G IA S P A R A U N A IN N O

1970 N o . C O P E IA D e c e m b e r

A lternatives to the M e d ia n A bsolute D eviationweb.ipac.caltech.edu/staff/fmasci/home/astro_refs/BetterThanMAD.pdf · A lternatives to the M e d ia n A bsolute D eviation

Demographic Challenges in Europe and Central Asia · e m in a aly e rg Ireland gal en s k ay y om d ria ia ia lgaria ia ia gary lic ia ia Russia s ia d rbia n an lic ijan y High Income

In V & v A n a lysis o f th e E sch e rich ia co fi R N A

T O R N E O D E V E R A N O C O P A O L IM P IA 2011 S ...fepana.org.py/competencias/resultados-pruebas-ind-copa...T O R N E O D E V E R A N O – C O P A O L IM P IA 2011 S E D E

State Budget Committee December 13, 2012 · rk y C. d gia ecticut ia an io a a ia is d y e essee a ri ia as e e t ia a sas sin sas o a a o a n oma a a n a a o a Source: La Fleur’s

Horicon Marsh Paddling Guide d a ou e l th a v k R e d C e ...dnr.wi.gov/topic/lands/documents/horicon/canoeing.pdfIA IA IA IA IA IA I* IA I* IA!y!y!y!y IA IA IA IA IA IA IA!| !|!|!|

G ifte d E d u ca tio n in P e n n sy lva n ia · E d u ca tio n in P e n n sy lva n ia ... A n in tro d u ctio n fo r fa m ilie s to h e lp ... chart ing the right co urs e

W e lc o m e to th e Sch o o l o f M e d ia a n d Jo ur n

S c h e m a tic o f (a ) in -p la n e b ia x ia l · 2020-05-05 · S c h e m a tic o f (a ) in -p la n e b ia x ia l te n s ile s tre s s a n d (b ) T D s G lid e d P la n e T r

cnegsr.salud.gob.mxcnegsr.salud.gob.mx/contenidos/descargas/PrevAtnViol/Guia_de_refer... · 12 L a U s u a r ia a c u d e a C o n s u lt a G e n e r a l / U r g e n c ia s s o lic

M IN IS T E R IO D E S A L U D P U B L IC A E C O N O M IA In s tr u c c ió n G e n e … · 2018-11-30 · E C O N O M IA In s tr u c c ió n G e n e r a l n o . 1 7 8 A p é n

IN T U N IS IA E N T R E P R E N E U R S H IP S O C IA L...economic policymaking and in financial policy. Social entrepreneurship an generate a “triple ottom line” for Tunisia:

Jeremy Aguero - EDAWN · 1.5% 2.5% 3.5% 4.5% 5.5% a a Texas Utah n o ng a e ia co ma e a io o a a ota e d on ia s US ia Wisconsin sey oma sas Hawaii a as i d n k t ois aska ia Kentucky

CANADA LANDS - MANITOBA T ER SDUC AN F IR S TN AOL Dand … · ri P nc ip al Me rid ia n ri P nc ip al Me rid ia n ri P nc ip al Me rid ia n Se co nd e M ri di n a a E t s e S o c

N Ur Ia Nd E Li Sa Bet =) Mabureixuuu!!!!^^ Park GüEllll

D E T E R M IN A T IO N O F H E R O N IA N T R IA N …500 D E T E R M IN A T IO N O F H E R O N IA N TRIANGLE S [D ec. (2) A f = n2A . H en ce, if A is an in teg er, so is A T.F o

J T h e L a w r e n t ia n - Lawrence University

and al rks - Princeton University Computer Science · rks n ics ia u Jr ics ia n 1 8. Motivation • e d to n • diffnt s • e d r n 2 8. rks • (TFns ne • affn, affd •