Enhancement of Phishing Email Detection with Bayesian Networks: A Cyber Security Training Module

In today's digital world, we rely on various applications to protect ourselves from malicious software on the internet. Many of these tools also aim to shield us from phishing emails, which are increasingly prevalent. But how reliable are these phishing protection tools? Do we uncritically trus...

Full description

Saved in:
Bibliographic Details
Published inEuropean Conference on Cyber Warfare and Security pp. 328 - 337
Main Authors Lappas, Dimitrios, Karampelas, Panagiotis, Fesakis, Giorgos
Format Conference Proceeding
LanguageEnglish
Published Reading Academic Conferences International Limited 01.06.2025
Subjects
Artificial intelligence
Bayesian analysis
Cybercrime
Cybersecurity
Electronic mail
Malware
Modules
Phishing
Software
Online AccessGet full text

Cover

More Information
Summary:In today's digital world, we rely on various applications to protect ourselves from malicious software on the internet. Many of these tools also aim to shield us from phishing emails, which are increasingly prevalent. But how reliable are these phishing protection tools? Do we uncritically trust their indication that an email is safe, or are their assessments merely probabilistic estimates? These questions became the focal point of an innovative educational process in cybersecurity training. In this training activity, participants initially assumed the role of phishing email creators, crafting emails targeting a hypothetical individual using social engineering techniques introduced during the course. Next, an anti-phishing software tool, developed specifically for this training, evaluated their emails and provided a percentage indicating the likelihood that the email would be identified as phishing. The software's functionality was built upon a Bayesian network designed specifically for the course, using data derived from emails created by participants in the previous academic year. Trainees were then introduced to Bayes' rule and learned how the Bayesian framework operates as a method of phishing detection. By the end of the training intervention, participants were proficient in applying Bayes' rule and constructing small Bayesian networks to assess the potential risk of emails, thereby enhancing their understanding of cybersecurity principles and tools. Our module makes a significant contribution to the cybersecurity education community by presenting an innovative approach to teaching protection against phishing emails.
Bibliography:ObjectType-Conference Proceeding-1
SourceType-Conference Papers & Proceedings-1
content type line 21