Machine Learning Based Prediction versus Human-as-a-Security-Sensor

Abstract

Phishing is one of the most common cyber threats in the world today. It is a type of social engineering attack where the attacker lures unsuspecting victims into carrying out certain tasks mostly to steal personal and sensitive information. These stolen information are exploited to commit further crimes e.g. blackmails, data theft, financial theft, malware installation etc. This study was carried out to tackle this problem by designing an anti-phishing learning algorithm to detect phishing emails and also to study the accuracies of human phishing prediction to machine prediction. A graphical user interface was designed to emulate an email-client system that popped-up a warning on detecting a phishing mail successfully and collection of predictions made by expert and non-expert users on anti-phishing techniques. These predictions were compared to the predictions made by the machine learning algorithm to compare the efficiencies of all predictions considered in this research. The performance of the classifier used was measured with metrics such as confusion matrix, accuracy, receiver operating characteristic curve and area under graph