Arjun BM
@arjunbm
MUDPIPE - Malicious URL Detection for Phishing Identification and Prevention
Submitted May 24, 2019
Section:
Crisp talk
Technical level:
Intermediate
Session type:
Demo
Social engineering is one of the most dangerous threats facing every individual and modern organization. Phishing is a well-known, computer-based, social engineering technique. Attackers use disguised emails as a weapon to target large companies. Numerous fake websites have
been developed to mimic trusted websites, with the aim of stealing financial assets from users and organizations.
With the huge number of phishing emails received every day, companies are not able to detect all of them. That is why new techniques and safeguards are needed to defend against phishing. In the layered-security model, this is the next level of security control to deal with those emails that even manage to evade spam filtering gateway & also block undesired action when a user clicks on a malicious link.
Machine learning (ML) is a popular tool for data analysis and recently has shown promising results in combating phishing. This talk will explore the behind-the-scenes of phishing detection and walk thorugh the the steps required to build a machine learning-based solution to detect phishing attempts, using cutting-edge Python machine learning libraries.
Outline
- Introduction to Phishing & Social Engineering
- Threat actors and vectors in phishing exploitation attacks
- Determinants at play while evaluating website genuineness
- How to build your own Machine Learning Model for phishing detection
- Demo of an existing model and model evaluation
- Factors to be considered while deploying the model in production
Speaker bio
Arjun is a security professional with diverse experience in architecting, designing, implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments. He is an information security enthusiast with diverse experience in areas like Application Security, Security Architecture, DevSecOps, Cloud Security & Machine Learning. Currently, Arjun is currently working as a Security Architect ensuring end-to-end implementation, design and governance of security measures an e-commerce platform, aimed at brand protection and improving customer confidence. He is currently developing products that aid in phishing detection for the enterprise and ensure that defenses are in place to counter this threat.
Links
Slides
Comments
Hybrid access (members only)
Hosted by
We care about site reliability, cloud costs, security and data privacy
Login to leave a comment
Zainab Bawa
@zainabbawa Editor & Promoter
Hello Arjun,
Here are two sets of feedback I received from a review we carried out:
Zainab Bawa
@zainabbawa Editor & Promoter
Thanks for the update, Arjun. This proposal is definitely interesting, and is at the intersection of ML and DevSecOps. The intersectionality makes this an important point of view to build on and share with the Rootconf community.
Given the paucity of time, we are happy to consider your proposal for Rootconf Pune 2019 (to be scheduled in September).
Meanwhile, we will have reviewers from the community give you feedback on your slides and preview video. The slides are far too cluttered right now. It might serve everyone if you were revisit them and break each slide down into one specific idea.
Arjun BM
@arjunbm Submitter
Hi Zainab. Thank you for taking the time and effort to review this proposal. I would be privileged to present this at Rootconf Pune 2019. I would be happy to work with the reviewers and get their feedback to improve the slides. Please keep me updated. Thank you.
Arjun BM
@arjunbm Submitter
I have updated the youtube link for preview video also. Please let me know if you need anything else. Thank you
Arjun BM
@arjunbm Submitter
Hi Saurabh. Thank you for your feedback. I have updated the proposal with the first cut slides. Please review. Thank you.
saurabh hirani
@saurabh_hirani
Hi Arjun - can you add some first cut slides and a preview video explaining the flow. Please highlight what value will this talk provide to the audience. I see that the later half of your outline gives a demo + insights on considerations while deploying it in production. Highlighting that would really help because if it is information that the audience can't easily google - it will make worth their while to attend the talk.