Tuning the False Positive Rate / False Negative Rate with Phishing Detection Models

Phishing attacks have risen by 209% in the last 10 years according to the Anti Phishing Working Group (APWG) statistics [19]. Machine learning is commonly used to detect phishing attacks. Researchers have traditionally judged phishing detection models with either accuracy or F1-scores, however in this paper we argue that a single metric alone will never correlate to a successful deployment of machine learning phishing detection model. This is because every machine learning model will have an inherent trade-off between it’s False Positive Rate (FPR) and False Negative Rate (FNR). Tuning the trade-off is important since a higher or lower FPR/FNR will impact the user acceptance rate of any deployment of a phishing detection model. When models have high FPR, they tend to block users from accessing legitimate webpages, whereas a model with a high FNR will allow the users to inadvertently access phishing webpages. Either one of these extremes may cause a user base to either complain (due to blocked pages) or fall victim to phishing attacks. Depending on the security needs of a deployment (secure vs relaxed setting) phishing detection models should be tuned accordingly. In this paper, we demonstrate two effective techniques to tune the trade-off between FPR and FNR: varying the class distribution of the training data and adjusting the probabilistic prediction threshold. We demonstrate both techniques using a data set of 50,000 phishing and 50,000 legitimate sites to perform all experiments using three common machine learning algorithms for example, Random Forest, Logistic Regression, and Neural Networks. Using our techniques we are able to regulate a model’s FPR/FNR. We observed that among the three algorithms we used, Neural Networks performed best; resulting in an higher F1-score of 0.98 with corresponding FPR/FNR values of 0.0003 and 0.0198 respectively.

Download Full-text

LINKCALCULATOR – AN EFFICIENT LINK-BASED PHISHING DETECTION TOOL

Acta Informatica Malaysia ◽

10.26480/aim.02.2020.37.44 ◽

2020 ◽

Vol 4 (2) ◽

pp. 37-44

Author(s):

Orunsolu Abiodun ◽

Sodiya A.S ◽

Kareem S.O

Keyword(s):

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

True Positive Rate ◽

True Negative ◽

Negative Rate ◽

Positive Rate ◽

Link Information ◽

Phishing Detection ◽

Mobile Market

The problem of phishing attacks continues to demand new solutions as existing solutions are limited by various challenges such as high computational requirements, zero-day attacks, needs for updates, complex ruled-based, etc. Besides, the emerging mobile market demands simple solutions to phishing due to several factors such as memory, fragmentation, etc. In response to the above challenges, a simple anti-phishing tool called LinkCalculator is presented. The proposed LinkCalculator anti-phishing scheme is based on an algorithm designed to extract link characteristics from loading URLs to determine their legitimacy. Unlike the other link-based extraction approaches, the proposed approach introduced the concept of weight to represent the different links found in a URL. This is because certain link information within parsed webpages or requests is sufficient to classify them as phishing without loss of generality. The approach is experimented using a dataset of 300 instances consisting of 150 legitimate URLs and 150 phishing URLs from openly-available research datasets. The experimental results indicate a significance performance of 100%. True Negative Rate and 0.00% False Positive Rate for legitimate instances and True Positive Rate of 96.67% with 0.03 % False Negative Rate for phishing instances which indicate that the approach offers a more efficient lightweight approach to phishing detection.

Download Full-text

A hybrid firefly and support vector machine classifier for phishing email detection

Kybernetes ◽

10.1108/k-07-2014-0129 ◽

2016 ◽

Vol 45 (6) ◽

pp. 977-994 ◽

Cited By ~ 10

Author(s):

Oluyinka Aderemi Adewumi ◽

Ayobami Andronicus Akinyelu

Keyword(s):

Support Vector Machine ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Support Vector ◽

Data Set ◽

Content Type ◽

Phishing Attacks ◽

Positive Rate ◽

E Mail

Purpose – Phishing is one of the major challenges faced by the world of e-commerce today. Thanks to phishing attacks, billions of dollars has been lost by many companies and individuals. The global impact of phishing attacks will continue to be on the increase and thus a more efficient phishing detection technique is required. The purpose of this paper is to investigate and report the use of a nature inspired based-machine learning (ML) approach in classification of phishing e-mails. Design/methodology/approach – ML-based techniques have been shown to be efficient in detecting phishing attacks. In this paper, firefly algorithm (FFA) was integrated with support vector machine (SVM) with the primary aim of developing an improved phishing e-mail classifier (known as FFA_SVM), capable of accurately detecting new phishing patterns as they occur. From a data set consisting of 4,000 phishing and ham e-mails, a set of features, suitable for phishing e-mail detection, was extracted and used to construct the hybrid classifier. Findings – The FFA_SVM was applied to a data set consisting of up to 4,000 phishing and ham e-mails. Simulation experiments were performed to evaluate and compared the performance of the classifier. The tests yielded a classification accuracy of 99.94 percent, false positive rate of 0.06 percent and false negative rate of 0.04 percent. Originality/value – The hybrid algorithm has not been earlier apply, as in this work, to the classification and detection of phishing e-mail, to the best of the authors’ knowledge.

Download Full-text

Letters to the Editor

PEDIATRICS ◽

10.1542/peds.68.1.144a ◽

1981 ◽

Vol 68 (1) ◽

pp. 144-145

Author(s):

Lachlan Ch De Crespigny ◽

Hugh P. Robinson

Keyword(s):

Real Time ◽

Linear Array ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Letters To The Editor ◽

Premature Babies ◽

Computed Tomography Scans ◽

Positive Rate ◽

Time Linear

We read with interest the report which suggested that the diagnosis of cerebroventricular hemorrhage ([CVH] including both subependymal [SEH] and intraventricular) with real time ultrasound was unreliable.1 Ultrasound, when compared with computed tomography scans, had a 35% false-positive rate and a 21% false-negative rate. In our institution over a 12-month period more than 200 premature babies have been examined (ADR real time linear array scanner with a 7-MHz transducer).

Download Full-text

Adoption of Machine Learning With Adaptive Approach for Securing CPS

Handbook of Research on Machine and Deep Learning Applications for Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9611-0.ch018 ◽

2020 ◽

pp. 388-415

Author(s):

Rama Mercy Sam Sigamani

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Smart Grids ◽

False Negative ◽

False Negative Rate ◽

Cyber Physical Systems ◽

Detection Accuracy ◽

Physical Systems ◽

Positive Rate ◽

Iot Devices

The cyber physical system safety and security is the major concern on the incorporated components with interface standards, communication protocols, physical operational characteristics, and real-time sensing. The seamless integration of computational and distributed physical components with intelligent mechanisms increases the adaptability, autonomy, efficiency, functionality, reliability, safety, and usability of cyber-physical systems. In IoT-enabled cyber physical systems, cyber security is an essential challenge due to IoT devices in industrial control systems. Computational intelligence algorithms have been proposed to detect and mitigate the cyber-attacks in cyber physical systems, smart grids, power systems. The various machine learning approaches towards securing CPS is observed based on the performance metrics like detection accuracy, average classification rate, false negative rate, false positive rate, processing time per packet. A unique feature of CPS is considered through structural adaptation which facilitates a self-healing CPS.

Download Full-text

Pathologic Assessment of Computerized Tomography Accuracy for the Evaluation of the Laryngeal Cartilaginous Frame Work in Laryngopharyngeal Carcinomas

Tumori Journal ◽

10.1177/030089168907500216 ◽

1989 ◽

Vol 75 (2) ◽

pp. 156-162 ◽

Cited By ~ 5

Author(s):

Sandro Sulfaro ◽

Francesco Querin ◽

Luigi Barzan ◽

Mario Lutman ◽

Roberto Comoretto ◽

...

Keyword(s):

Computerized Tomography ◽

False Positive ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Cartilage Destruction ◽

High False Negative Rate ◽

Positive Rate ◽

Pathologic Assessment ◽

Low Sensitivity

Sixty-six whole-organ sectioned laryngopharyngectomy specimens removed for cancer during a seven-year period were uniformly examined to determine the accuracy of preoperative high resolution computerized tomography (CT) for detection of cartilaginous involvement. Our results indicate that CT has a high overall specificity (88.2%) but a low sensitivity (47.1 %); we observed a high false-negative rate (26.5%) and a fairly low false-positive rate (5.9%). Massive cartilage destruction was easily assessed by CT, whereas both small macroscopic and microscopic neoplastic foci of cartilaginous invasion were missed on CT scans. Moreover, false-positive cases were mainly due to proximity of the tumor to the cartilage. Clinical implications of these results are discussed.

Download Full-text

Macromolecule Particle Picking and Segmentation of a KLH Database by Unsupervised Cryo-EM Image Processing

Biomolecules ◽

10.3390/biom9120809 ◽

2019 ◽

Vol 9 (12) ◽

pp. 809

Author(s):

Miguel Carrasco ◽

Patricio Toledo ◽

Nicole D. Tischler

Keyword(s):

Signal To Noise Ratio ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Keyhole Limpet Hemocyanin ◽

True Positive Rate ◽

Cryo Electron Microscopy ◽

Positive Rate ◽

Top View ◽

Non Negative Matrix Factorization

Segmentation is one of the most important stages in the 3D reconstruction of macromolecule structures in cryo-electron microscopy. Due to the variability of macromolecules and the low signal-to-noise ratio of the structures present, there is no generally satisfactory solution to this process. This work proposes a new unsupervised particle picking and segmentation algorithm based on the composition of two well-known image filters: Anisotropic (Perona–Malik) diffusion and non-negative matrix factorization. This study focused on keyhole limpet hemocyanin (KLH) macromolecules which offer both a top view and a side view. Our proposal was able to detect both types of views and separate them automatically. In our experiments, we used 30 images from the KLH dataset of 680 positive classified regions. The true positive rate was 95.1% for top views and 77.8% for side views. The false negative rate was 14.3%. Although the false positive rate was high at 21.8%, it can be lowered with a supervised classification technique.

Download Full-text

Validity and Reliability of the Hooper Visual Organization Test

Perceptual and Motor Skills ◽

10.2466/pms.1974.39.1.95 ◽

1974 ◽

Vol 39 (1) ◽

pp. 95-100 ◽

Cited By ~ 13

Author(s):

Allan Gerson

Keyword(s):

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Functional Disorders ◽

Validity And Reliability ◽

Clinical Value ◽

Clear Cut ◽

Positive Rate ◽

Organic Brain ◽

Visual Organization

To assess the validity and reliability of the Hooper Visual Organization Test, 68 Ss, of whom 16 were clinically and psychometrically determined to be suffering from organic brain damage, 19 had functional disorders, and 33 were without organic or functional disorders (normal), were given the test. The instrument was shown to be reliable ( r = .80), however, clear-cut discriminations between groups were not achieved. There were significant differences in scores of normal and damaged groups, functional and damaged Ss, but not functional and normal Ss. The qualitative signs said to aid in differentiations were totally absent from all protocols. Performance was affected in part by IQ and other aspects of recognition of meaning. There was a 19% false negative rate for the functionals and a 51% false positive rate for normals. The conclusion was that this device is of dubious clinical value.

Download Full-text

Empirical mean curve decomposition with multiwavelet transformation for eye movements recognition using electrooculogram signals

Proceedings of the Institution of Mechanical Engineers Part H Journal of Engineering in Medicine ◽

10.1177/0954411920924496 ◽

2020 ◽

Vol 234 (8) ◽

pp. 794-811

Author(s):

Harikrishna Mulam ◽

Malini Mudigonda

Keyword(s):

Neural Network ◽

Eye Movements ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Principal Component ◽

The Neural Network ◽

Marquardt Algorithm ◽

Positive Rate ◽

Sensitivity Specificity

Many research works are in progress in classification of the eye movements using the electrooculography signals and employing them to control the human–computer interface systems. This article introduces a new model for recognizing various eye movements using electrooculography signals with the help of empirical mean curve decomposition and multiwavelet transformation. Furthermore, this article also adopts a principal component analysis algorithm to reduce the dimension of electrooculography signals. Accordingly, the dimensionally reduced decomposed signal is provided to the neural network classifier for classifying the electrooculography signals, along with this, the weight of the neural network is fine-tuned with the assistance of the Levenberg–Marquardt algorithm. Finally, the proposed method is compared with the existing methods and it is observed that the proposed methodology gives the better performance in correspondence with accuracy, sensitivity, specificity, precision, false positive rate, false negative rate, negative predictive value, false discovery rate, F1 score, and Mathews correlation coefficient.

Download Full-text

Malicious Domain Names Detection Algorithm Based on N-Gram

Journal of Computer Networks and Communications ◽

10.1155/2019/4612474 ◽

2019 ◽

Vol 2019 ◽

pp. 1-9 ◽

Cited By ~ 2

Author(s):

Hong Zhao ◽

Zhaobin Chang ◽

Guangbin Bao ◽

Xiangyan Zeng

Keyword(s):

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Detection Algorithm ◽

Internet Security ◽

Domain Name ◽

Domain Names ◽

Malicious Attack ◽

Positive Rate ◽

N Gram

Malicious domain name attacks have become a serious issue for Internet security. In this study, a malicious domain names detection algorithm based on N-Gram is proposed. The top 100,000 domain names in Alexa 2013 are used in the N-Gram method. Each domain name excluding the top-level domain is segmented into substrings according to its domain level with the lengths of 3, 4, 5, 6, and 7. The substring set of the 100,000 domain names is established, and the weight value of a substring is calculated according to its occurrence number in the substring set. To detect a malicious attack, the domain name is also segmented by the N-Gram method and its reputation value is calculated based on the weight values of its substrings. Finally, the judgment of whether the domain name is malicious is made by thresholding. In the experiments on Alexa 2017 and Malware domain list, the proposed detection algorithm yielded an accuracy rate of 94.04%, a false negative rate of 7.42%, and a false positive rate of 6.14%. The time complexity is lower than other popular malicious domain names detection algorithms.

Download Full-text

Correlation of preoperative citology/histology in radiologically detected lesions and histologic findings at excision

Journal of Clinical Oncology ◽

10.1200/jco.2007.25.18_suppl.1552 ◽

2007 ◽

Vol 25 (18_suppl) ◽

pp. 1552-1552

Author(s):

P. Manente ◽

G. Vicario ◽

E. Scelzi ◽

L. Sartor ◽

L. Nicolardi ◽

...

Keyword(s):

High Performance ◽

False Positive Rate ◽

False Negative ◽

False Negative Rate ◽

Needle Aspiration ◽

European Guidelines ◽

Breast Abnormality ◽

Positive Rate ◽

Preoperative Procedures ◽

Screening Assessment

1552 Background: The major techniques used to diagnose breast abnormality has been for many years fine-needle aspiration (FNA) cytology and core needle biopsy (CNB) and more recently vacuum-assisted core biopsy (VACB). These techniques are accurate and allow definitive therapeutic surgery. The aim of our study was to detemine whether cytology/histologic findings mach histologic findings at excision. Methods: In our Institution, between January 2004 and June 2006, 43,138 mammographic exams were performed. 1,012 patients had patological lesions at mammography: 617 FNA cytology ( C due to European guidelines for breast cancer screening assessment) and 395 CNB/VACB (B) were performed. Patients with respectively suspicious and malignant FNA cytology (C4 and C5) and respectively uncertain malignant potential, suspicious and malignant histology (B3, B4 and B5) underwent to surgery. Results: The number of cancer identified by FNA cytology was 158 and the number of cancer identified by CNB/VACB was 253. The correlation of preoparative citology/histology with definitive histology had showed: false negative rate respectively 0.79% for histology (B) and 3.16% for cytology (C). False positive rate was respectively 0.4% for B and 0.63 for C. Complete sensitivity was 98.2% for B and 89.87% for C. Absolute sensitivity was 90.51% for B and 76.58% for C. Conclusions: Our data demostrated very high performance of diagnostic preoperative procedures due to multidisciplinary approach between the radiologists, the clinicians and the pathologists. No significant financial relationships to disclose.

Download Full-text