Cognitive Web Application Firewall to Critical Infrastructures Protection from Phishing Attacks

摘要

Phishing scams and attacks attempt to trick people into providing sensitive personal information such as account login credentials, credit card numbers, banking details and other identifying data. This is done for malicious reasons, by disguising as a trustworthy entity in an electronic communication. It is an example of social engineering techniques used to deceive users and to exploit weaknesses in current web security. It is very popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate URL than trying to break through a computer’s defenses. Nowadays, phishing scammers continually target many critical infrastructures and major financial institutions, companies, government departments, and online service providers around the world. For those infrastructures specifically, skilled phishers use advanced techniques to target both vigilant and naive employees, with destructive often zero-day attacks, including ransomware, malware, bots, spam, spoofing and pharming. This paper proposes an innovative, ultra-fast and low requirements’?Intelligence Web Application Firewall (?WAF) for Critical Infrastructure?Protection (CIP). It discusses the design and development of an intelligent tool?which employs an evolving Izhikevich spiking neurons’ approach, for the?automated identification of phishing web sites. Additionally, it builds Group?Policy Objects (GPO) under Windows Domain for automated prevention of?phishing attacks. The reasoning of its core is based on advanced computational?intelligence approaches.