My PhD was funded by the UK EPSRC (grant EP/K035584/1) at the Centre for Doctoral Training in Cyber Security, at Royal Holloway, University of London. I was jointly supervised by Professor Peter Komisarczuk, Professor Kenny Paterson, and Professor Lorenzo Cavallaro.
Phishing and malware attacks continue to plague the digital world; wreaking havoc on individuals, businesses, and governments worldwide. Attacks often target popular platforms, such as Twitter: a microblogging social networking service with over 330 million active monthly users, posting more than 500 million daily tweets.
My thesis explores how well-protected Twitter users are from phishing and malware attacks. We take an empirical, data-driven approach to investigate the effectiveness of Twitter's cybercrime defence system at time-of-tweet and time-of-click. We create Phishalytics: our measurement infrastructure that collects and analyses large-scale data sets. Our data feeds include Twitter's Stream API, Bitly's Clicks API, and 3 popular blacklists: Google Safe Browsing, PhishTank, and OpenPhish. We improve internet measurement studies by addressing soundness and limitations of existing work. Our studies include characterising URL blacklists, investigating blacklist delays, and examining Twitter's URL shortener (t.co). We aim to better enable policymakers, technology designers, and researchers to strengthen online user security.
We provide empirical evidence highlighting the state, and scale, of cybercrime on Twitter. Key findings show over 10,000 phishing and malware URLs -- publicly tweeted to more than 131 million Twitter accounts -- received over 1.6 million clicks from Twitter users. Twitter's time-of-click defence system blocks only 12% of blacklisted URLs and web browsers miss up to 62% of non-blacklisted phishing websites. We recommend Twitter users ensure their risk appetite aligns with their cybercrime defence strategy. Furthermore, blacklists do not offer absolute protection and cybercriminals can exploit uptake delays.
Our findings suggest more can be done to strengthen Twitter's phishing and malware defence system and improve user security. However, measuring and evaluating effectiveness is complex and non-trivial. We discuss the importance of soundness, the significance of measurement study reproducibility, and the challenges of measuring an ever-changing landscape.
I designed Phishalytics to help answer the following research questions:
Our research won 2 awards -- best paper and best student paper -- at the Australasian Computer Science Week Multiconference (2020), for our paper: Measuring the Effectiveness of Twitter's URL Shortener (t.co) at Protecting Users from Phishing and Malware Attacks.
Full details of my research projects are on the projects page. The projects are:
Full PhD thesis, and related research papers, can be accessed from the publications page.