Project Objectives
OBJECTIVE 1
Formalize multidisciplinary anti-phishing user models that will highlight statistical correlations among human, technology, and legal factors of phishing.
AILA will suggest an anti-phishing user model that will consist of three layers aiming to model the phishing cybercrime from multiple perspectives. This will be achieved through an extensive multidisciplinary literature survey aiming to identify specific metrics aligned to static and dynamic human, technology and legal factors. The human factor will embrace metrics like age, gender, nationality, personality, emotion level etc., the technology factor will embrace metrics like authentication policy, knowledge-based authentication, interaction device etc. whereas the legal factor will embrace National and EU laws, domain specific guidelines etc. These models will be initialised through data derived from the literature survey, but they will be continuously updated and validated within a User Centered Design methodology (UCD) that will embrace user studies throughout the projects course.
OBJECTIVE 2
Deliver novel artificial intelligence-driven anti-phishing algorithms for user modeling, adaptation and recommendation functions aiming to support phishing prevention and mitigation.
AILA will utilize the anti-phishing user models for designing the AI-driven algorithms. The algorithms will be based on the interaction among three layers: a) User Profile Layer that will gather the static and dynamic metrics of the users while engaged with interaction with the system; b) Authentication Policy Layer that will classify the users through machine learning algorithms, based on the applied user authentication policy and their susceptibility to phishing attacks based on the statistical models identified in Objective 1; and c) National and EU Laws Layer that will reason about the best-fist recommendation legal advice aiming to mitigate phishing attacks to end-users and service providers. Laws and legislations that apply for phishing are still at their infant stage, in fact, there are no specific phishing laws in many countries. Most of the phishing attacks are covered under traditional criminal laws such as identity theft and computer crimes. Therefore, recommending of specific laws, at National or EU level, is an important step in mitigating these attacks especially considering the dynamic context of cybersecurity legislations in the EU and in Greece
OBJECTIVE 3
Develop an open-source integrated anti-phishing personalization framework and demonstrate knowledge transfer and integration guidelines to critical domains like banking, e-government.
The framework will be implemented and integrated under a unified open-source platform that will be available through a mixed license approach (Apache and GNU) and will be easily integrated into state of the art information systems. The anti-phishing platform anticipates providing phishing prevention and mitigation services by integrating intelligent user modeling mechanisms and legal advice services that have been identified in Objectives 1 & 2. The platform will consist of easy-to-use integration and adaptation tools with well-specified Application Programming Interfaces that will be available for to third-party domains. AILA will use the Higher Education domain as validation case for the developed technologies, due to their importance and potential to verify various phishing modes through the involved scenarios, and due to the straightforward generalisation of those scenarios in other domains.
OBJECTIVE 4
Demonstrate novel anti-phishing analytics and tools to organizational stakeholders and advance state-of-the-art legal research in phishing prevention and mitigation.
AILA will provide novel anti-phishing analytics to organizational stakeholders that will allow them to take informed decisions related to phishing attacks. These tools will assist organization to identify high-risk vulnerability users within the organization and take appropriate educative and training countermeasures and provide dashboard information about organizational defense and readiness level against phishing attacks in terms of legislative recommendations. This process will be supervised by legal experts, to create a list of anti-phishing heuristics that can be easily transferred to other domains. In fact, phishing is a concept used to cover a broad category of unlawful acts, such as illegal spamming, fraud, blackmail, unlawful processing of personal data, hacking, etc. Therefore, it is necessary to clarify the exact contours of this act and the appropriate legal response to it. The problem is exacerbated by the fact that different approaches exist in the EU and the U.S., whereas international regulations are required to address this issue, as the perpetrators are active worldwide and different jurisdictions are applicable.
OBJECTIVE 5
Validate the framework within real-world use cases and increase the project’s uptake through the provision of open-access validated anti-phishing datasets.
AILA will provide of statistically validated open-access datasets that can be used for training anti-phishing user models. By doing so, we aim to fill the gap of such datasets in state-of-the-art-research. The evaluation studies will be performed at the two participating Higher Education Universities, and we will publish validated open-access datasets that will embrace anonymized GDPR-compliant user profiles & datasets highlighting statistical relations among specific human, technological and legal factors.