Advertisement

Learning Tensor-Based Representations from Brain-Computer Interface Data for Cybersecurity

  • Md. Lutfor RahmanEmail author
  • Sharmistha Bardhan
  • Ajaya Neupane
  • Evangelos Papalexakis
  • Chengyu Song
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11053)

Abstract

Understanding, modeling, and explaining neural data is a challenging task. In this paper, we learn tensor-based representations of electroencephalography (EEG) data to classify and analyze the underlying neural patterns related to phishing detection tasks. Specifically, we conduct a phishing detection experiment to collect the data, and apply tensor factorization to it for feature extraction and interpretation. Traditional feature extraction techniques, like power spectral density, autoregressive models, and Fast Fourier transform, can only represent data either in spatial or temporal dimension; however, our tensor modeling leverages both spatial and temporal traits in the input data. We perform a comprehensive analysis of the neural data and show the practicality of multi-way neural data analysis. We demonstrate that using tensor-based representations, we can classify real and phishing websites with accuracy as high as 97%, which outperforms state-of-the-art approaches in the same task by 21%. Furthermore, the extracted latent factors are interpretable, and provide insights with respect to the brain’s response to real and phishing websites.

References

  1. 1.
    Emotiv EEG headset (2017). https://www.emotiv.com. Accessed 17 May 2017
  2. 2.
    Hamid, I.R.A., Abawajy, J.: Hybrid feature selection for phishing email detection. In: Xiang, Y., Cuzzocrea, A., Hobbs, M., Zhou, W. (eds.) ICA3PP 2011. LNCS, vol. 7017, pp. 266–275. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24669-2_26CrossRefGoogle Scholar
  3. 3.
    Amazon.com Inc.: Alexa skill kit (2027). https://developer.amazon.com/alexa-skills-kit
  4. 4.
    Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)CrossRefGoogle Scholar
  5. 5.
    Cao, B., Lu, C.-T., Wei, X., Yu, P.S., Leow, A.D.: Semi-supervised tensor factorization for brain network analysis. In: Frasconi, P., Landwehr, N., Manco, G., Vreeken, J. (eds.) ECML PKDD 2016. LNCS, vol. 9851, pp. 17–32. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-46128-1_2CrossRefGoogle Scholar
  6. 6.
    Chew, P.A., Bader, B.W., Kolda, T.G., Abdelali, A.: Cross-language information retrieval using PARAFAC2. In: Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2007, pp. 143–152. ACM (2007)Google Scholar
  7. 7.
    Chu, W., Zhu, B.B., Xue, F., Guan, X., Cai, Z.: Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing URLs. In: 2013 IEEE International Conference on Communications, ICC, pp. 1990–1994. IEEE (2013)Google Scholar
  8. 8.
    Cichocki, A., et al.: Noninvasive BCIs: multiway signal-processing array decompositions. Computer 41(10), 34–42 (2008)CrossRefGoogle Scholar
  9. 9.
    Cong, F., Lin, Q.H., Kuang, L.D., Gong, X.F., Astikainen, P., Ristaniemi, T.: Tensor decomposition of EEG signals: a brief review. J. Neurosci. Methods 248, 59–69 (2015)CrossRefGoogle Scholar
  10. 10.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM (2006)Google Scholar
  11. 11.
    Downs, J.S., Holbrook, M., Cranor, L.F.: Behavioral response to phishing risk. In: Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit, eCrime 2007, pp. 37–44. ACM (2007)Google Scholar
  12. 12.
    Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2008, pp. 1065–1074. ACM (2008)Google Scholar
  13. 13.
    Gómez-Herrero, G., et al.: Automatic removal of ocular artifacts in the EEG without an EOG reference channel. In: NORSIG, Signal Processing Symposium, pp. 130–133. IEEE (2006)Google Scholar
  14. 14.
    Harshman, R.A.: Foundations of the PARAFAC procedure: models and conditions for an “explanatory” multimodal factor analysis (1970)Google Scholar
  15. 15.
    Ho, J.C., Ghosh, J., Sun, J.: Marble: high-throughput phenotyping from electronic health records via sparse nonnegative tensor factorization. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2014, pp. 115–124. ACM (2014)Google Scholar
  16. 16.
    Hyvärinen, A., Oja, E.: Independent component analysis: algorithms and applications. Neural Netw. 13(4), 411–430 (2000)CrossRefGoogle Scholar
  17. 17.
    Joyce, C.A., Gorodnitsky, I.F., Kutas, M.: Automatic removal of eye movement and blink artifacts from EEG data using blind component separation. Psychophysiology 41(2), 313–325 (2004)CrossRefGoogle Scholar
  18. 18.
    Kiers, H.A.L., Ten Berge, J.M.F., Bro, R.: PARAFAC2 - Part I. A direct fitting algorithm for the PARAFAC2 model. J. Chemometr. 13, 275–294 (1999)CrossRefGoogle Scholar
  19. 19.
    Latchoumane, C.F.V., Vialatte, F.B., Jeong, J., Cichocki, A.: EEG classification of mild and severe Alzheimer’s disease using parallel factor analysis method. In: Ao, S.I., Gelman, L. (eds.) Advances in Electrical Engineering and Computational Science. LNEE, vol. 39, pp. 705–715. Springer, Dordrecht (2009).  https://doi.org/10.1007/978-90-481-2311-7_60CrossRefGoogle Scholar
  20. 20.
    Liu, G., Qiu, B., Wenyin, L.: Automatic detection of phishing target from phishing webpage. In: 2010 20th International Conference on Pattern Recognition, pp. 4153–4156, August 2010Google Scholar
  21. 21.
    Luck, S.J.: Ten simple rules for designing ERP experiments. In: Event-Related Potentials: A Methods Handbook 262083337 (2005)Google Scholar
  22. 22.
    Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2009, pp. 1245–1254. ACM (2009)Google Scholar
  23. 23.
    Neupane, A., Rahman, M.L., Saxena, N.: PEEP: passively eavesdropping private input via brainwave signals. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 227–246. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70972-7_12CrossRefGoogle Scholar
  24. 24.
    Neupane, A., Rahman, M.L., Saxena, N., Hirshfield, L.: A multi-modal neuro-physiological study of phishing detection and malware warnings. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 479–491. ACM (2015)Google Scholar
  25. 25.
    Neupane, A., Saxena, N., Hirshfield, L.: Neural underpinnings of website legitimacy and familiarity detection: an fNIRS study. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1571–1580. International World Wide Web Conferences Steering Committee (2017)Google Scholar
  26. 26.
    Neupane, A., Saxena, N., Kuruvilla, K., Georgescu, M., Kana, R.: Neural signatures of user-centered security: an fMRI study of phishing, and malware warnings. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, pp. 1–16 (2014)Google Scholar
  27. 27.
    Onishi, A., Phan, A.H., Matsuoka, K., Cichocki, A.: Tensor classification for P300-based brain computer interface. In: 2012 IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP, pp. 581–584. IEEE (2012)Google Scholar
  28. 28.
    OpenPhish: Phishing url (2017). https://openphish.com/feed.txt. Accessed 10 May 2017
  29. 29.
    Papalexakis, E.E.: Automatic unsupervised tensor mining with quality assessment. ArXiv e-prints, March 2015Google Scholar
  30. 30.
    Papalexakis, E.E., Fyshe, A., Sidiropoulos, N.D., Talukdar, P.P., Mitchell, T.M., Faloutsos, C.: Good-enough brain model: challenges, algorithms and discoveries in multi-subject experiments. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2014, pp. 95–104. ACM, New York (2014)Google Scholar
  31. 31.
    Perros, I., et al.: SPARTan: scalable PARAFAC2 for large & sparse data. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2017, pp. 375–384. ACM (2017)Google Scholar
  32. 32.
    PhishTank: Join the fight against phishing (2017). https://www.phishtank.com/. Accessed 10 May 2017
  33. 33.
    Sanglerdsinlapachai, N., Rungsawang, A.: Using domain top-page similarity feature in machine learning-based web phishing detection. In: 2010 Third International Conference on Knowledge Discovery and Data Mining, pp. 187–190, January 2010Google Scholar
  34. 34.
    Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373–382. ACM (2010)Google Scholar
  35. 35.
    Sheng, S., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 88–99. ACM (2007)Google Scholar
  36. 36.
    Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists (2009)Google Scholar
  37. 37.
    Thomas, K., Grier, C., Ma, J., Paxson, V., Song, D.: Design and evaluation of a real-time URL spam filtering service. In: 2011 IEEE Symposium on Security and Privacy, SP, pp. 447–462. IEEE (2011)Google Scholar
  38. 38.
    Wang, Y., et al.: Rubik: knowledge guided tensor factorization and completion for health data analytics. In: Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2015, pp. 1265–1274. ACM (2015)Google Scholar
  39. 39.
    Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages. In: Proceedings of the Network and Distributed System Security Symposium, NDSS (2015)Google Scholar
  40. 40.
    Woodman, G.F.: A brief introduction to the use of event-related potentials in studies of perception and attention. Attention Percept. Psychophys. 72(8), 2031–2046 (2010)CrossRefGoogle Scholar
  41. 41.
    Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610. ACM (2006)Google Scholar
  42. 42.
    Zhang, J., Li, Q., Wang, Q., Geng, T., Ouyang, X., Xin, Y.: Parsing and detecting phishing pages based on semantic understanding of text. J. Inf. Comput. Sci. 9, 1521–1534 (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Md. Lutfor Rahman
    • 1
    Email author
  • Sharmistha Bardhan
    • 1
  • Ajaya Neupane
    • 1
  • Evangelos Papalexakis
    • 1
  • Chengyu Song
    • 1
  1. 1.University of California RiversideRiversideUSA

Personalised recommendations