Enhancement of Phishing Email Detection with Bayesian Networks. A Cyber Security Training Module.

Abstract

In today’s digital world, we rely on various applications to protect ourselves from malicious software on the internet. Many of these tools also aim to shield us from phishing emails, which are increasingly prevalent. But how reliable are these phishing protection tools? Do we uncritically trust their indication that an email is safe, or are their assessments merely probabilistic estimates? These questions became the focal point of an innovative educational process in cybersecurity training. In this training activity, participants initially assumed the role of phishing email creators, crafting emails targeting a hypothetical individual using social engineering techniques introduced during the course. Next, an anti-phishing software tool, developed specifically for this training, evaluated their emails and provided a percentage indicating the likelihood that the email would be identified as phishing. The software's functionality was built upon a Bayesian network designed specifically for the course, using data derived from emails created by participants in the previous academic year. Trainees were then introduced to Bayes' rule and learned how the Bayesian framework operates as a method of phishing detection. By the end of the training intervention, participants were proficient in applying Bayes' rule and constructing small Bayesian networks to assess the potential risk of emails, thereby enhancing their understanding of cybersecurity principles and tools. Our module makes a significant contribution to the cybersecurity education community by presenting an innovative approach to teaching protection against phishing emails.