Previous MSc Theses

"Applying Business Analytics in Practice: Dataset Analysis Using WEKA: "Phishing Websites Dataset"." B. K. Al-Mahrouqi. D. Roussinov. Department of Computer and Information Sciences, University of Strathclyde. 2016. Download PDF (BibTeX) ACS

Abstract:
Phishing attacks are one of the sophisticated and most dangerous web threats that Internet users and organisations face today. Phishers utilise social engineering tricks and spoofing techniques in order impersonate legitimate websites which phishers use to steal personal and private data. The rapid growth of online services and the lack of web security skills held by many Internet users are two main factors that contributed heavily to the continuous success of phishing attacks. Besides stealing personal and private data of users and organisations, phishing attacks continue to impose huge financial damages. They also create direct negative effect on the reputation of organisations and on the trust of users on the security of online transactions. While different phishing countermeasures such as black lists and anti-phish plugins had been implemented to fight phishing attacks, most of those approaches had limitations and were not very effective. An automatic and on-the-fly evaluation of websites is indeed required to provide user with high protection from phishing attacks. In this dissertation report, I applied business analytics techniques on a dataset that contains different features and characteristics of both legitimate and phishing websites. I used Weka - open source machine learning software - in order to train a classifier and develop a model that is capable of effectively and efficiently distinguish between legitimate and phishing websites based on their features and characteristics. The results showed that there are some machine learning algorithms that are capable of correctly classifying the websites with an accuracy of over 92%. These models can be utilised to protect Internet users from phishing attacks while they are surfing the Internet.