Categories
Pages
-

DBIS

Automatic Response and Recovery of Phishing Email

June 10th, 2022

Thesis Type Master
Student Muhammad Usman Mansoor
Status Running
Supervisor(s) Stefan Decker
Advisor(s) akbari

Any Organization’s top priority is to protect itself from cyber crimes because any security incident will have severe social and economic effects. Since security-related risks and

threats have evolved, security-related technology has also evolved. However, finding a definitive solution based on cutting-edge technology that improves operations, automation,

and overall efficiency is difficult. With new product offerings from manufacturers in this market, security automation is slowly taking place. Deep Learning and machine

learning have facilitated automated security-related processes previously thought impossible. However, security operations centre (SOC) personnel are infested by many security

alerts, rapid detection and response to security warnings, and poor decision-making by machine learning models. The key to strengthening the response to a security threat

is quickly minimizing the damage. Under the circumstances, manual operation cannot guarantee response time and accuracy, and an efficient automatic decision-making

support method is needed. Therefore, we propose implementing an automatic decision-making workflow based on security orchestration, automation, and response (SOAR).

It uses machine learning models, automation, and orchestration to provide a perfect solution for enterprises to manage security concerns.

We propose implementing an automated responder for a phishing email showcase using Apache airflow, the Hive, and Machine learning algorithms. The goal is to design a

response system that can process incoming emails, review them for spam and phishing using ML models, and, if affirmative, take automatic action or alert a human operator.

The proposed workflow will help automate the incident management process; compared to the traditional full manual service, significantly improving the efficiency of the incident

response.


Prerequisites:

Development of ML classifier, heuristics for automation threshold, and implementation of a proof-of-concept prototype for automation pipeline.