Sandboxed navigation and deep inspection of suspicious links reported by Humans as a Security Sensor (HaaSS)

Abstract

This thesis is part of a long-lasting research carried out in the field of Humans as a Security Sensor. In this thesis, I propose a solution to help companies to fight back against phishing, in particular, targeted and highly-contextualized attacks also known as "spare phishing". The thesis aims to develop a deep inspection module of individual emails submitted to the system by human sensors. As soon as a suspicious email has been flagged, it is passed to the deep inspection module that takes care of navigating every URL while collecting evidence and marks of malicious activities. The characteristic of this project is that it mimics the behavior of a real human user while navigating. It does not stop at the initial page, instead, it follows the redirects and collects page links to further inspect them afterward. My work focuses only on the automated navigation and deep inspection part and integrates it with an existing project that provides emails to analyze and manages the human sensor network. The idea is related to the concept of a human honeypot and provides a toolset that can help gather precious information to augment phishing user reports. We design a system that can navigate potentially malicious URLs as a human user would do. It opens links and browses through the webpages while collecting data, with the crucial difference that all the navigation is carried out fully automatically and in a protected environment isolated from the rest, so that any infection remains confined.