Browsing by Author "Wijesooriya, A"

Filter results by typing the first few letters
Now showing 1 - 4 of 4
  • Thumbnail Image
    ItemEmbargo
    Intelligent Detection of Corporate Targeted Phishing Emails - A Hybrid Approach Combining Deep Learning Models with Domain Anomaly Detection
    (Institute of Electrical and Electronics Engineers Inc., 2025) Seethawaka, R; Chathurya N.E.G; Chandrasiri D.K.W.G.G.T; Kavithma K.A.S; Fernando, H; Wijesooriya, A
    This paper introduces a system designed to detect corporate-targeted phishing emails by combining two key strategies: advanced email content analysis and domain similarity analysis. The system first examines the text of emails using a hybrid deep learning model that merges modern language understanding techniques with sequential pattern recognition, achieving high accuracy in identifying phishing intent. Two models were tested - a standalone Bi-LSTM sequential model and a hybrid version(BERT - Bi-LSTM) with the hybrid model proving superior, scoring an F1 score of 0.97 compared to 0.93 for the standalone model. Second, the system verifies sender domains to detect spoofing attempts, such as subtle typos, homograph attacks or TLD/subdomain spoofing. This domain check reduces reliance on text analysis alone, helping analysts prioritize threats more effectively. Tested against a mix of legitimate and malicious domains, the domain module achieved near-perfect accuracy, minimizing false alarms. By integrating these approaches, the system addresses a critical gap in existing methods, which often focus on only one aspect of phishing (e.g., email content or URL features). This dual strategy ensures a more comprehensive defense, particularly against sophisticated attacks that use convincing language paired with fake domains. The combined model not only improves detection accuracy but also supports security teams by providing clear, actionable insights, making it practical for real-world corporate environments.
  • Thumbnail Image
    PublicationEmbargo
    Platform Independent Browser Forensic Tool for Advanced Analysis of Artifacts and Case Management
    (IEEE, 2021-12-09) Dissanayake, D; Rajakaruna, S; Ranasinghe, D; Wijesooriya, A; Jayakody, A; Rajapaksha, S. K
    A web browser is a major attack vector which cyber-criminals utilize to land in an environment. The evidence related to the malicious browsing activities can be found in the host which gives valuable information related to the case. These digital footprints involve history, cookies, bookmarks, saved credentials and downloads etc. This paper presents a sophisticated tool aiding the conventional manual investigation process from evidence collection to the final v e rdict b y a u tomating h u man dependent functions, resulting a fast and unbiased analysis of browser forensic artifacts. This tool states its unique value over the existing tools by working operating systems independently, collecting all browsing evidence including deleted artifacts and encrypted saved credentials, automatically analysing the reputation of the extracted evidence, integrating evidence collected from different web browsers into a single timeline, and correlating the adjacent distrustful events inside and outside the host. Eventually, this tool calculates a browsing reputation scorecard and creates a profile for the host, condensing the findings g a thered t h roughout the investigation. The paper presents another important methodology to predict the future browsing reputation score based on the past browsing patterns. Furthermore, multiple cases management feature and dashboard provide a concise overview of overall findings to the forensic investigator.
  • Thumbnail Image
    PublicationEmbargo
    Platform Independent Browser Forensic Tool for Advanced Analysis of Artifacts and Case Management
    (IEEE, 2021-12-09) Dissanayake, D; Rajakaruna, S; Ranasinghe, D; Wijesooriya, A; Jayakody, A; Rajapaksha, S
    A web browser is a major attack vector which cyber-criminals utilize to land in an environment. The evidence related to the malicious browsing activities can be found in the host which gives valuable information related to the case. These digital footprints involve history, cookies, bookmarks, saved credentials and downloads etc. This paper presents a sophisticated tool aiding the conventional manual investigation process from evidence collection to the final v e rdict b y a u tomating h u man dependent functions, resulting a fast and unbiased analysis of browser forensic artifacts. This tool states its unique value over the existing tools by working operating systems independently, collecting all browsing evidence including deleted artifacts and encrypted saved credentials, automatically analysing the reputation of the extracted evidence, integrating evidence collected from different web browsers into a single timeline, and correlating the adjacent distrustful events inside and outside the host. Eventually, this tool calculates a browsing reputation scorecard and creates a profile for the host, condensing the findings g a thered t h roughout the investigation. The paper presents another important methodology to predict the future browsing reputation score based on the past browsing patterns. Furthermore, multiple cases management feature and dashboard provide a concise overview of overall findings to the forensic investigator.
  • Thumbnail Image
    ItemEmbargo
    Stealth Eye: Behavioral Analysis for Fileless Malware Detection
    (Institute of Electrical and Electronics Engineers Inc., 2025) Bandara H.M.H.M; Ayeshani K.M.N; Kumari M.M.P.M; Wijerathna D.M.S.T; Abeywardena, K.Y; Wijesooriya, A
    Fileless malware is a significant cybersecurity threat as it is entirely present in system memory and evades traditional signature-based detection methods. This paper introduces STEALTH EYE, an endpoint behavioral analysis framework for detecting fileless malware, such as ransomware, spyware, trojans, and RedLine Stealer, in real time. The framework utilizes an endpoint agent that monitors system activity in real time and captures snapshots of behavior every 60 seconds for real- time threat analysis. These captures track memory injections, DLL loading and execution, file and handle operations, service activity, process and thread behavior, registry modifications, network communications, cryptographic function usage, keystroke logging, and clipboard access. The data that is collected is analyzed through supervised machine learning mechanisms to detect patterns that indicate fileless malware activity. In contrast to traditional post-infection forensic approaches, STEALTH EYE provides real-time monitoring, notification, and active response with enhanced cybersecurity resilience against the widespread fileless attacks.