TY - CONF
T1 - Fuzzing e-mail Filters with generative grammars and N-Gram analysis
AU - Palka, Sean
AU - McCoy, Damon
N1 - Funding Information:
We would like to thank George Mason University and the Volgenau School of Engineering for their support and constructive criticism during the development of PhishGen. Additionally. we would also like to acknowledge the great feedback provided by the anonymous reviewers of this paper, especially Dr. Collin Mulliner for his contributions shepherding this paper. This work was supported by National Science Foundation grant NSF-1237076.
Funding Information:
We would like to thank George Mason University and the Volgenau School of Engineering for their support and constructive criticism during the development of Phish-Gen. Additionally. we would also like to acknowledge the great feedback provided by the anonymous reviewers of this paper, especially Dr. Collin Mulliner for his contributions shepherding this paper. This work was supported by National Science Foundation grant NSF-1237076.
Publisher Copyright:
© 2015 USENIX Association. All rights reserved.
PY - 2015
Y1 - 2015
N2 - Phishing attacks remain a common attack vector in today’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when specific signatures are detected the e-mail is either quarantined or moved to a Junk mailbox. Much like anti-virus, though, a signature-based approach is inadequate when it comes to detecting zero-day phishing e-mails, and can often be bypassed with slight variations in the e-mail contents. In this paper, we demonstrate an approach to evaluating the effectiveness of e-mail filters using a fuzzing strategy. We present a system that utilizes generative grammars to create large sets of unique phishing e-mails, which can then be used for fuzzing input against e-mail filters. Rather than creating random text, our approach maintains a high degree of semantic quality in generated e-mails. We demonstrate how our system is able to adapt to existing filters and identify contents that are not detected, and show how this approach can be used to ensure the delivery of e-mails without the need to white-list.
AB - Phishing attacks remain a common attack vector in today’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when specific signatures are detected the e-mail is either quarantined or moved to a Junk mailbox. Much like anti-virus, though, a signature-based approach is inadequate when it comes to detecting zero-day phishing e-mails, and can often be bypassed with slight variations in the e-mail contents. In this paper, we demonstrate an approach to evaluating the effectiveness of e-mail filters using a fuzzing strategy. We present a system that utilizes generative grammars to create large sets of unique phishing e-mails, which can then be used for fuzzing input against e-mail filters. Rather than creating random text, our approach maintains a high degree of semantic quality in generated e-mails. We demonstrate how our system is able to adapt to existing filters and identify contents that are not detected, and show how this approach can be used to ensure the delivery of e-mails without the need to white-list.
UR - http://www.scopus.com/inward/record.url?scp=85084162106&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85084162106&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:85084162106
T2 - 9th USENIX Workshop on Offensive Technologies, WOOT 2015
Y2 - 10 August 2015 through 11 August 2015
ER -