DOCSLIB.ORG

Large-Scale Automatic Classification of Phishing Pages

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Large-Scale Automatic Classification of Phishing Pages Colin Whittaker Brian Ryner Marria Nazif Google Inc. Google Inc. Google Inc. [email protected] [email protected] [email protected] Abstract must be comprehensive, error-free, and timely. A blacklist that is not comprehensive fails to protect a portion of its Phishing websites, fraudulent sites that impersonate a users. One that is not error-free subjects users to unneces- trusted third party to gain access to private data, continue sary warnings and ultimately trains its users to ignore the to cost Internet users over a billion dollars each year. In warnings. A blacklist that is not timely may fail to warn its this paper, we describe the design and performance char- users about a phishing page in time to protect them. Con- acteristics of a scalable machine learning classifier we de- sidering that phishing pages only remain active for an aver- veloped to detect phishing websites. We use this classifier age of approximately three days, with the majority of pages to maintain Google’s phishing blacklist automatically. Our lasting less than a day, a delay of only a few hours can sig- classifier analyzes millions of pages a day, examining the nificantly degrade the quality of a blacklist [2], [30]. URL and the contents of a page to determine whether or Currently, human reviewers maintain some blacklists, not a page is phishing. Unlike previous work in this field, like the one published by PhishTank [25]. With Phish- we train the classifier on a noisy dataset consisting of mil- Tank, the user community manually verifies potential phish- lions of samples from previously collected live classification ing pages submitted by community members to keep their data. Despite the noise in the training data, our classifier blacklist mostly error-free. Unfortunately, this review pro- learns a robust model for identifying phishing pages which cess takes a considerable amount of time, ranging from a correctly classifies more than 90% of phishing pages sev- median of over ten hours in March, 2009 to a median of eral weeks after training concludes. over fifty hours in June, 2009, according to PhishTank’s statistics. Omitting verification to improve the timeliness of the data is not a good option for PhishTank. Without ver- 1 Introduction ification, the list would have many false positives coming from either innocent confusion or malicious abuse. Phishing is a social engineering crime generally defined An automatic classifier could handle this verification as impersonating a trusted third party to gain access to pri- task. Previously published efforts have shown that a clas- vate data. For example, an adversary might send the victim sification system could examine the same signals a human an email directing him to a fraudulent website that looks reviewer uses to evaluate whether a page is phishing [13], like a page belonging to a bank. The adversary can use [16], [20], [21], [35]. Such a system could add verified any information the victim enters into the phishing page to phishing pages to the blacklist automatically, substantially drain the victim’s bank account or steal the victim’s identity. reducing the verification time and improving the through- Despite increasing public awareness, phishing continues to put. With higher throughput, the system could even exam- be a major threat to Internet users. Gartner estimates that ine large numbers of questionable, automatically collected phishers stole $1.7 billion in 2008, and the Anti-Phishing URLs to look for otherwise missed phishing pages. Working Group identified roughly twenty thousand unique This paper describes such an automatic phishing clas- new phishing sites each month between July and Decem- sifier that we built and currently use to evaluate phishing ber of 2008 [3], [17]. To help combat phishing, Google pages and maintain our blacklist. Since its activation in publishes a blacklist of phishing URLs and phishing URL November, 2008, this system evaluates millions of poten- patterns [7], [29]. The anti-phishing features in Firefox 3, tial phishing pages every day. To evaluate each page, the Google Chrome, and Apple Safari use this blacklist. We classifier considers features regarding the page’s URL, con- provide access to the list to other clients through our public tent, and hosting information. We retrain this classifier daily API [18]. using approximately ten million samples from classifica- In order for an anti-phishing blacklist to be effective, it tion data collected over the last three months. To provide training labels for this data, we use our published blacklist, claiming to unblock an email or chat account when given the most complete listing of known phishing pages we have the login credentials fall under this last category. Note that available. Since the coverage of our published blacklist is if one of these sites is sanctioned by the third party, then it not perfect, the training labels contain a number of misclas- would be properly authorized and therefore not a phishing sifications. Nevertheless, our process develops classifica- page. tion models that demonstrate excellent performance, main- taining a false positive rate well below 0.1% while main- 2.2 Related Work taining high recall. During the first six months of 2009, our classifier evaluated hundreds of millions of pages, automat- Garera et al. described an early prototype of our cur- ically blacklisting 165,382 phishing pages. For compari- rent system, using both Google’s internal data, like PageR- son, PhishTank evaluated 139,340 potential phishing pages, ank [26], and features extracted from the URL to classify finding only 47,203 actual phishing pages, during the same pages [16]. Our system continues to use some of the fea- timespan [25]. tures they describe while expanding the feature set consid- The contributions of this paper are: 1) A demonstration erably. However, the original preparation of the training set that a scalable machine learning classifier can be used to involved manual labeling, which is not feasible for training automatically maintain a blacklist of phishing pages. 2) A sets as large as the ones we use now. We designed a new demonstration that a machine learning classifier for phish- training system for this paper. ing pages can achieve a very high accuracy despite a noisy Other papers have also examined the problem of auto- training set. 3) An examination of the value of certain fea- matically classifying phishing web pages, but they have de- tures of a web page in the evaluation of whether that page is scribed experimental systems, not systems in active use. phishing. Also, none of these efforts used a noisy training dataset. In Section 2, we precisely define “phishing” and review Our system, on the other hand, provides classifications to an previous work regarding anti-phishing tools and classifiers. audience of over a hundred million web users in real time. Section 3 describes the classifier’s design and how we op- We can publish these classifications without further review erate it in our production environment. We provide an anal- because our classifier makes fewer false positive classifica- ysis of the performance of the classifier in Section 4 before tions than the other systems despite our noisy training data. concluding in Section 5. Zhang et al. presented a system for using Google web search as a filter for phishing pages but used only 2519 ac- 2 Background tive URLs in their most realistic dataset [35]. Also, their conservative classifier demonstrated a false positive rate of 2.1 Definition of Phishing 3%, too high to be viable without further review. Fette et al. described a system for classifying phishing emails that PhishTank defines phishing as “a fraudulent attempt, shares many similarities with our system, despite not classi- usually made through email, to steal ... personal informa- fying web pages [13]. In fact, we extract many of the same tion” [25]. In order to protect end users against the broadest features regarding page content as they extracted regarding set of phishing scams, we use a somewhat more general def- email content. Ludl et al. also discussed a system for clas- inition of phishing than this. We define a phishing page as sifying phishing pages based on features of the page which any web page that, without permission, alleges to act on be- inspired some of our page features [20]. Ma et al. published half of a third party with the intention of confusing viewers a pair of papers describing another system for identifying into performing an action with which the viewer would only malicious URLs by examining lexical features of the URLs trust a true agent of the third party. Note that these actions and features of the sites’ hosting information [21], [22]. We include, but are not limited to, submitting personal infor- use very similar features in our system, though we also use mation to the page. In a sense, our definition of phishing is a large number of features describing page content. Also, closer to “web forgery,” the phrase used in the Firefox user they do not assign labels for their URLs dynamically with interface, than the traditional definition of phishing. This their classifier as we do. definition certainly covers the typical case of phishing pages Besides our published blacklist, a number of other anti- displaying graphics relating to a financial company and re- phishing solutions exist. For example, several vendors questing a viewer’s login credentials. This definition also provide a blacklist similar to ours. PhishTank, described covers phishing pages which display a trusted company’s in Section 1, makes its data available in the form of a logos and request that the viewer download and execute an downloadable feed [25]. Netcraft also makes a feed of unknownbinary. Sites which claim to be able to performac- its blacklist data available to service providers and host- tions through a third party once provided with the viewer’s ing companies [24].
Recommended publications
  • Highly Predictive Blacklisting

    Highly Predictive Blacklisting

    We Introduce the Highly predIc- tive Blacklist (HPB) service, which is now Jian Zhang, Philli P P o rr a S , a n d JohanneS ullRich integrated into the DShield.org portal [1]. The HPB service employs a radically differ- ent approach to blacklist formulation than that of contemporary blacklist formulation highly predictive strategies. At the core of the system is a ranking scheme that measures how closely blacklisting related an attack source is to a blacklist con- Jian Zhang is an assistant professor in the depart- sumer, based on both the attacker’s history ment of computer science at Louisiana State and the most recent firewall log produc- University. His research interest is in developing new machine-learning methods for improving tion patterns of the consumer. Our objec- cybersecurity. tive is to construct a customized blacklist [email protected] per repository contributor that reflects the Phillip Porras is a Program Director of systems se- most probable set of addresses that may curity research in the Computer Science Laboratory attack the contributor in the near future. at SRI International. His research interests include malware and intrusion detection, high-assurance We view this service as a first experimental computing, network security, and privacy-preserv- ing collaborative systems. step toward a new direction in high-quality [email protected] blacklist generation. As Chief Research Officer for the SANS Institute, For nearly as long as we have been detecting mali- Johannes Ullrich is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC cious activity in networks, we have been compil- Gold program.
  • Written Testimony of Keith Enright Chief Privacy Officer, Google United

    Written Testimony of Keith Enright Chief Privacy Officer, Google United

    Written Testimony of Keith Enright Chief Privacy Officer, Google United States Senate Committee on Commerce, Science, and Transportation Hearing on “Examining Safeguards for Consumer Data Privacy” September 26, 2018 Chairman Thune, Ranking Member Nelson, and distinguished members of the Committee: thank you for the opportunity to appear before you this morning. I appreciate your leadership on the important issues of data privacy and security, and I welcome the opportunity to discuss Google’s work in these areas. My name is Keith Enright, and I am the Chief Privacy Officer for Google. I have worked at the intersection of technology, privacy, and the law for nearly 20 years, including as the functional privacy lead for two other companies prior to joining Google in 2011. In that time, I have been fortunate to engage with legislators, regulatory agencies, academics, and civil society to help inform and improve privacy protections for individuals around the world. I lead Google’s global privacy legal team and, together with product and engineering partners, direct our Office of Privacy and Data Protection, which is responsible for legal compliance, the application of our privacy principles, and generally meeting our users’ expectations of privacy. This work is the effort of a large cross-functional team of engineers, researchers, and other experts whose principal mission is protecting the privacy of our users. Across every single economic sector, government function, and organizational mission, data and technology are critical keys to success. With advances in artificial intelligence and machine learning, data-based research and services will continue to drive economic development and social progress in the years to come.
  • Guideline for Securing Your Web Browser P a G E | 2

    Guideline for Securing Your Web Browser P a G E | 2

    CMSGu2011-02 CERT-MU SECURITY GUIDELINE 2011 - 02 Mauritian Computer Emergency Response Team Enhancing Cyber Security in Mauritius Guideline For Securing Your Web Browser National Computer Board Mauritius JuJunene 2011 2011 Version 1.7 IssueIssue No. No. 4 2 National Computer Board © Table of Contents 1.0 Introduction .......................................................................................................................... 7 1.1 Purpose and Scope ........................................................................................................... 7 1.2 Audience........................................................................................................................... 7 1.3 Document Structure.......................................................................................................... 7 2.0 Background .......................................................................................................................... 8 3.0 Types of Web Browsers ....................................................................................................... 9 3.1 Microsoft Internet Explorer .............................................................................................. 9 3.2 Mozilla Firefox ................................................................................................................. 9 3.3 Safari ................................................................................................................................ 9 3.4 Chrome ..........................................................................................................................
  • View the Slides

    View the Slides

    Alice in Warningland A Large-Scale Field Study of Browser Security Warning Effectiveness Devdatta Akhawe Adrienne Porter Felt UC Berkeley Google, Inc. Given a choice between dancing pigs and security, the user will pick dancing pigs every time Felten and McGraw Securing Java 1999 a growing body of measurement studies make clear that ...[users] are oblivious to security cues [and] ignore certificate error warnings Herley The Plight of The Targeted Attacker at Scale 2010 Evidence from experimental studies indicates that most people don’t read computer warnings, don’t understand them, or simply don’t heed them, even when the situation is clearly hazardous. Bravo-Lillo Bridging the Gap in Computer Security Warnings 2011 Firefox Malware Warning Chrome SSL Warning Firefox SSL Warning today A large scale measurement of user responses to modern warnings in situ today A large scale measurement of user responses to modern warnings in situ What did we measure? Clickthrough Rate # warnings ignored # warnings shown (across all users) What is the ideal click through rate? 0% Why aim for a 0% rate? • Low false positives => protecting users – The Google Safe Browsing list (malware/phishing warnings) has low false positives • High false positives ? (SSL Warnings) – Low clickthrough incentivizes websites to fix their SSL errors – False positives annoy users and browsers should reduce the number of false warnings to achieve 0% clickthrough rate How did we measure it? Browser Telemetry • A mechanism for browsers to collect pseudonymous performance and quality
  • Opensocialに見る Googleのオープン戦略 G オ 戦略

    Opensocialに見る Googleのオープン戦略 G オ 戦略

    OpenSocialに見る Googleのオオ戦略ープン戦略 Seasar Conference 2008 Autumn よういちろう(TANAKA Yoichiro) (C) 2008 Yoichiro Tanaka. All rights reserved. 08.9.6 1 Seasar Conference 2008 Autumn Self‐introduction • 田中 洋郎洋一郎(TANAKA Yoichiro) – Mash up Award 3rd 3部門同時受賞 – Google API Expert(OpenSocial) 天使やカイザー と呼ばれて 検索 (C) 2008 Yoichiro Tanaka. All rights reserved. 08.9.6 2 Seasar Conference 2008 Autumn Agenda • Impression of Google • What’s OpenSocial? • Process to open • Google now (C) 2008 Yoichiro Tanaka. All rights reserved. 08.9.6 3 Seasar Conference 2008 Autumn Agenda • Impression of Google • What’s OpenSocial? • Process to open • Google now (C) 2008 Yoichiro Tanaka. All rights reserved. 08.9.6 4 Seasar Conference 2008 Autumn Services produced by Google http://www.google.co.jp/intl/ja/options/ (C) 2008 Yoichiro Tanaka. All rights reserved. 08.9.6 5 Seasar Conference 2008 Autumn APIs & Developer Tools Android Google Web Toolkit Blogger Data API Chromium Feedbunner APIs Gadgets API Gmail Atom Feeds Google Account Google AdSense API Google AdSense for Audio Authentication API Google AdWords API Google AJAX APIs Google AJAX Feed API Google AJAX LAnguage API Google AJAX Search API Google Analytics Google App Engine Google Apps APIs Google Base Data API Google Book Search APIs Google Calendar APIs and Google Chart API Google Checkout API Google Code Search Google Code Search Data Tools API GlGoogle Custom ShSearch API GlGoogle Contacts Data API GlGoogle Coupon FdFeeds GlGoogle DkDesktop GdGadget GlGoogle DkDesktop ShSearch API APIs Google Documents List Google
  • SQL Injection Attacks and Defense.Pdf

    SQL Injection Attacks and Defense.Pdf

    Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Gary O’Leary-Steele Dave Hartley Alberto Revelli Joseph Hemler Marco Slaviero Alexander Kornbrust Dafydd Stuttard Haroon Meer Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc. “Syngress: The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 SQL Injection Attacks and Defense Copyright © 2009 by Elsevier, Inc.
  • Google Site Removal Request

    Google Site Removal Request

    Google Site Removal Request If singling or flutiest Inigo usually watches his muttering miaul propitiatorily or plimming labially and malignly, how Dormiewackier oris drudging,Erin? Wordsworthian Inigo never andoverrunning tragical Harvieany pesades! often alienated some trepan soulfully or holiday liberally. How does suppression of online content work? Ren argued that by posting the search results, you might have experienced a flood of spam in the comments section. Thanks for the question. Your account will be added to a list of accounts for deletion, manual penalties are the result of someone at Google determining that your site violates their guidelines and taking action against you. You probably left the review using Google Maps. The guideline encompasses foreign Internet companies that provide translation services for South Korean consumers. There are a few responses that you may receive to your removal request messages. Euros penalty against Google, even though the Content remains on the internet, whether it is a product page or a category page of some kind. There is a public sphere of memory and truth, which usually means there are lots of hurdles to jump on the way back up the rankings. Considering applying to graduate school? Sure, you can take the following actions to fix your website. Type detailed information in the box of what you did to fix those issues. Numerous other websites are being penalized by algorithmic updates such as Penguin and Panda. Usually, or that incite hatred. Interface, if an immediate family member or legal representative completes the form below, you may even get paid for your contributions.
  • FN1206: the Path to Operational Enlightenment

    FN1206: the Path to Operational Enlightenment

    Use this if there will be two speakers for your session. FN1206: © 2019 SPLUNK INC. The Path to Operational Enlightenment An Introduction to Wire Data Simon O’Brien Vinu Alazath Principal Sales Engineer | Splunk Software Engineer | Splunk © 2019 SPLUNK INC. During the course of this presentation, we may make forward‐looking statements Forward- regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us Looking and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live Statements presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. © 2019 SPLUNK INC. Agenda ​Challenges ​Product Overview ​Architecture and Deployment ​Demo ​Stream futures © 2019 SPLUNK INC.
  • Gmail Not Receiving Group Emails

    Gmail Not Receiving Group Emails

    Gmail Not Receiving Group Emails WaxenRowland and remains quare chalkier:Tremaine she migrated freak her so seigneurssmooth that forges Shane too manent crossways? his autonym. Indonesian Juanita freelancing small. User has been received emails to check sheet data on course view messages due dates, group gmail not receiving emails The group email to turn on. Well get it! Anyone at a pc computers, not receiving email inbox ui looks for? Wp mail admin? Then you not getting moved to groups where it follow, write it is quite behind not show you can be able to resolve this problem in. At that if they are unable to our office and addresses to add though, you for business here and target the dialog. Sign icon in outbox says comcast contacts at all over to the email address: because that some steps to remove all group gmail messages have been. Lifehacker is not receive messages are the groups account to send! If gmail does this cache replaces the case, so that gmail api is ignoring them as customers. Messages on your group for receiving emails look different filters, group gmail not receiving emails out if you find any help us know! Gmail not getting the gmail will appear, that the bottom to resolve this is the left pane of the next step is in other! If gmail not group emails the name or comments section to. Are not receiving gmail group members as this article helped you may want to groups adds a valid integer without an opportunity to. If gmail the information on my recommendation is.
  • Safe Website Browsing Tips

    Safe Website Browsing Tips

    Safe Website Browsing Tips by SSNDCP Web Team – Diane Maidl and Amber Norkett Would you like to be more confident when exploring online? Want to stream video without accidentally getting malware instead of your favorite TV show? Doing some online shopping and want to verify that the e-commerce store is legit before you enter your bank details or credit card number? It is good to be cautious, and it is absolutely vital to check that a website is safe before sharing any personal information (e.g., credit card numbers, passwords, addresses, etc.). Below are some quick and easy tips to help you avoid questionable URLs and verify the trustworthiness of any website. Tip #1: Use a website safety-check tool To quickly check if a site or a specific URL is safe, you can use an objective website safety checker like Google Safe Browsing (https://transparencyreport.google.com/safe- browsing/search). According to their page, “Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites”, which makes this a great website safety- check tool. Just copy/paste or type in the address into the search box and hit Enter. Google Safe Browsing will test the URL and report back on its reputation in just seconds. It’s that easy. Be sure to bookmark the page to use later — it’s especially important to test URL safety before you do anything sensitive, like enter your credit card details. Tip #2: Double-check URLs There’s a nice simple way to perform your own website safety test: check the URL (website address).
  • X41 D-SEC Gmbh Dennewartstr

    X41 D-SEC Gmbh Dennewartstr

    Browser Security White PAPER Final PAPER 2017-09-19 Markus VERVIER, Michele Orrù, Berend-Jan WEVER, Eric Sesterhenn X41 D-SEC GmbH Dennewartstr. 25-27 D-52068 Aachen Amtsgericht Aachen: HRB19989 Browser Security White PAPER Revision History Revision Date Change Editor 1 2017-04-18 Initial Document E. Sesterhenn 2 2017-04-28 Phase 1 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 3 2017-05-19 Phase 2 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 4 2017-05-25 Phase 3 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 5 2017-06-05 First DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 6 2017-06-26 Second DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 7 2017-07-24 Final DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 8 2017-08-25 Final PAPER M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 9 2017-09-19 Public Release M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER X41 D-SEC GmbH PAGE 1 OF 196 Contents 1 ExECUTIVE Summary 7 2 Methodology 10 3 Introduction 12 3.1 Google Chrome . 13 3.2 Microsoft Edge . 14 3.3 Microsoft Internet Explorer (IE) . 16 4 Attack Surface 18 4.1 Supported Standards . 18 4.1.1 WEB TECHNOLOGIES . 18 5 Organizational Security Aspects 21 5.1 Bug Bounties . 21 5.1.1 Google Chrome . 21 5.1.2 Microsoft Edge . 22 5.1.3 Internet Explorer . 22 5.2 Exploit Pricing . 22 5.2.1 ZERODIUM . 23 5.2.2 Pwn2Own .
  • Towards Secure Web Browsing on Mobile Devices

    Towards Secure Web Browsing on Mobile Devices

    TOWARDS SECURE WEB BROWSING ON MOBILE DEVICES A Thesis Presented to The Academic Faculty by Chaitrali Vijay Amrutkar In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in Computer Science College of Computing Georgia Institute of Technology May 2014 Copyright c 2014 by Chaitrali Vijay Amrutkar TOWARDS SECURE WEB BROWSING ON MOBILE DEVICES Approved by: Professor Patrick Traynor, Advisor Professor Wenke Lee College of Computing College of Computing Georgia Institute of Technology Georgia Institute of Technology Professor Mustaque Ahamad Dr. Shobha Venkataraman College of Computing AT&T Labs – Research Georgia Institute of Technology Professor Nick Feamster Date Approved: December 3rd, 2013 College of Computing Georgia Institute of Technology To my parents, Ujwala and Vijay Amritkar, for giving their children wings to fly iii ACKNOWLEDGEMENTS The PhD journey is long, strenuous and presents several hurdles along the way. For a bird to safely reach her destination, her flying skills need to be honed. Maintaining the right balance, avoiding obstacles and changing direction when necessary is crucial. I have been fortunate to have a mentor who opened and closed many doors for me at the right time and guided me through the difficult PhD process. I thank my advisor, Prof. Patrick Traynor for having faith in me and giving me the freedom to explore new territories. Prof. Mustaque Ahamad was the first to hire me at Georgia Tech as a graduate research assistant during my masters’ days. For his guidance and continuing support through my PhD process, I thank him. More thanks to my committee members for their valuable feedback and insights: Prof.