Click here to load reader

Technical Report - Intrusion Detection · PDF fileIntrusion Detection System for Malicious Email Technical Report BSHC ... 3.1.2 Requirement 1: ... to click on suspicious links or

  • View
    217

  • Download
    0

Embed Size (px)

Text of Technical Report - Intrusion Detection · PDF fileIntrusion Detection System for Malicious...

  • StephenKellyx12386816 [email protected] . ie

    IntrusionDetectionSystemforMaliciousEmailTechnicalReportBSHC(Honours)inComputingSoftwareProjectNationalCollegeofIrelandSupervisor:SaraKadry

    10thMay 2017

    08 Fall

  • Technical Report

    Page 2

    Table of Contents ExecutiveSummary ................................................................................................ 41 Introduction ...................................................................................................... 5

    1.1 Background ................................................................................................ 5

    1.2 Aims ........................................................................................................... 61.3 Scope .......................................................................................................... 6

    1.4 Technologies ............................................................................................... 72 UserClassesandCharacteristics ........................................................................ 8

    3 RequirementsSpecification ............................................................................... 9

    3.1 FunctionalRequirements ............................................................................ 93.1.1 UseCaseDiagram ............................................................................... 10

    3.1.2 Requirement1:Register ..................................................................... 103.1.3 Requirement2:UploadPhoto(CreateAlbum) ..................................... 15

    3.1.4 Requirement3:InviteUsers ............................................................... 19

    3.1.5 Requirement4:SharePhoto ............................................................... 213.1.6 Requirement5:EditFriendList(TrustedUser) ................................... 22

    3.2 Non-FunctionalRequirements .................................................................. 29

    3.2.1 Performance/Responsetimerequirement .......................................... 293.2.2 SafetyRequirement ............................................................................ 29

    3.2.3 SecurityRequirement ......................................................................... 293.2.4 RequirementAttributes ...................................................................... 30

    3.2.5 BusinessRules .................................................................................... 30

    3.2.6 Userrequirement ............................................................................... 313.2.7 Maintainabilityrequirement ............................................................... 31

    3.2.8 Portabilityrequirement ...................................................................... 313.2.9 Extendibilityrequirement ................................................................... 31

    3.3 DesignandArchitecture ............................................................................ 32

    3.4 GraphicalUserInterface(GUI) .................................................................. 333.5 Testing ..................................................................................................... 42

    3.6 Evaluation ................................................................................................ 43

    4 Conclusion ...................................................................................................... 435 FutureDevelopment ........................................................................................ 43

  • Technical Report

    Page 3

    6 References ...................................................................................................... 44

    7 Appendix ........................................................................................................ 447.1 MonthlyJournals ...................................................................................... 44

    7.2 ProjectProposal ........................................................................................ 54

  • Technical Report

    Page 4

    ExecutiveSummary

    Nowadays,usersallaroundtheworlduseemailastheirfundamentalmethodtoshare informationovertheweb.Thenetworkprovidersallowall typesofemailfor the purpose of communication. During this transfer of information somemaliciousemailsarereceivedwhichcancauseproblemseitherattheserversideor at the client side. In this project,we propose an intrusion detection systemdesignedtodetectthesemaliciousemails.

    Inrecenttimes,someofthemostdangeroussecuritythreatsagainstprivateuserdataathomeandintheworkplaceisphishing.Phishinghasbecomeanextremelycommonformofcyberattack.Itconsistsofdefraudingpeoplebyluringthemtofake websites where users unknowingly provide personal details such as logininformation and credit card details. These fraudsters appear as a trusted thirdparty,likeawell-knownbank.Themostcommonmethodsofphishingaredoneby email. Once these details are acquired they can be used in the practice ofidentity theft or credit card fraud. In thepast, efforts havebeenmade to stoptheseattacksby identifyingphishingsitesusingplug-ins,but theseeffortshavebeenmadeinvainbyemergingblockingtechniques,whichrenderthemuseless.There isanabundanceofthesetypesofattacks,somuchso,thattheeverydayuserwillbeindangerwhethertheyknowitornot.InthisprojectweproposeanIntrusion Detection System for identifying these types of malicious emails androotthemtotheirsourcetoevaluate.Thiswillbemadepossiblebyusingadatacapture facility thatwill categorize a number of incoming emails as potentiallymalicious actions and an evaluation system thatwill send crawlers towebsitesrelatedtothesedetectedemailstodeterminetheirtrueintentions.Bydetectingmalicious emails in incoming traffic, this filters a users inbox and removes therequirementofauserbeing trained in thepracticeof securewebbrowsing.Asmostusersarenottrainedinthismanner,thissystemwillprovequiteuseful.TheIntrusionDetectionSystem(IDS)willdetectmaliciousemailsandensurethatalloftheincomingemails/dataisnotharmful.Whenamaliciousemailisdetected,the next step is to send crawlers to these phishingwebsites that are linked intheseemailsandalsothewebsitethat it is tryingto impersonate.Analgorithmthen stripsboth sitesdownand compares themusinga scoring system for thedifferencebetweenthetwoultimatelydecidingwhetherornotitisaphishingwebsite. This Intrusion Detection System will be implemented into a photosharingwebapplicationwithemailfunctionality.

  • Technical Report

    Page 5

    1 Introduction

    1.1 BackgroundI am a current employee of ACIA (Aon Centre for Innovation and Analytics)workingpart-timeduringmystudies.IhavebeenanemployeeofACIAsincethesummerof2015whenIappliedforaninternship.IhavenotbeenworkingwiththiscompanyforlongbutIhaveseenmyfairshareofmisleadingandmaliciousemails in the workplace. Even in a technology-based company such as this,employeeswerestillthevictimsofthesephishingattacks.

    Itjustgoestoshowhowcomplexanddeceitfultheseattacksarebecoming.ThiswasthebasisofmydecisiontodesignanddevelopanIntrusionDetectionSystemfor my final year project. It was one attack in particular that was successfulamong a small number of my colleagues. It occurred during my six-monthplacementforthirdyear,aroundthemonthofJuly.Anumberofstaffbegantoreceive fake emails purporting to come from the Revenue Commissioners andwerewarnedsoonafterwardsthatalthoughtheemailaddressseemsvalid, it isjustapieceoftextandcaneasilybefaked.Emailaddressesarenotverifiedandcannot be relied on as proof of the identity of the sender organization. Theseemails seemed very professionallymade and tried to trick users into believingthattheyweredueataxrefund,mostlyintherangeofaround160,andenticedthemtoenterbankdetails. Itwasntuntil theverynextday thatsimilaremailsstartedtorollin.Colleagueswerewarnedtoremainextremelyvigilantandneverto click on suspicious links or provide any sensitive information. This time thephishingemailswere indisguise as invoices fromApple andagain, looked verylegitimate.AnofficewideemailwassentoutfromITtowarnthatproceedsfromsuch scams are quickly transferred offshore, usually through multiplecountries/banks and prove impossible to retrieve, even where amounts aregreatlyinexcessof25.99.

    Althoughthesetypesofattacksareveryunfortunate,itwasgoodtoexperienceitfirsthand in theworkplace, and to see how the office dealtwith the situation.HoweverIfeltthatitwasntenoughandIwantedtocreatesomethingthatwouldtacklethisissueheadon,eradicatingtheproblemontheusersend.

  • Technical Report

    Page 6

    1.2 AimsThepurposeofthisproject istoprovideaneasyanduser-friendlywaytoallowuserstohaveasafeworkingenvironmentwhenusinganonlinewebapplicationwithemail functionality.Themainobjectiveofthisproject is tomaintainasafeanduser-friendlyenvironmentand toeradicateany incoming threatsviaemail.Thisproductwillconsistoftwomaincomponents:anIntrusionDetectionSystemandawebapplicationthatwillallowuserstosharephotoswithfriends.

    1.3 ScopeThewebapplicationwillallowuserstosignuptoaservicewhichwillprovideasafeenvironmentforthemtosharephotoswiththeirfriends.Tosignuptothisservice, eachusermust have a valid email address.Once a user has becomearegisteredmember,theycaninviteotherusersviaemailtojointheservice.Theydothisbysendinganemail,whichwillincludeaninvitation.Whenthereceiverofthe invitation email accepts the invite, they will be brought to the webapplication to register as amember.Once completed, theywill thenbecomeafriend (trusted user) and will appear on a trusted user friends list. This willconnectbothusersandallowthemtosharephotosonthewebsite.

    To ensure the safety and security of the process of sending emails, we haveimplemented an intrusion detection system that will detect malicious email