Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.Comment: Detection of spear phishing using social media feature

A review of phishing email detection approaches with deep learning algorithm implementation

Phishing email is designed to mimics the legitimate emails to fool the victim into revealing their confidential information for the phisher's benefit. There have been many approaches in detecting phishing emails but the whole solution is still needed as the weaknesses of the previous and current approaches are being manipulated by phishers to make phishing attack works. This paper provides an organized guide to present the wide state of phishing attack generally and phishing email specifically. This paper also categorizes machine learning into shallow learning and deep learning, followed by related works in each category with their contributions and drawbacks. The main objective of this review is to uncover the utility of machine learning in general, and deep learning in particular, in order to detect phishing email by studying the literature. This will provide an insight of the phishing issue, the alternatives prior to the phishing email detection and the contrast of machine learning and deep learning approaches in detecting phishing emails

RAIDER: Reinforcement-aided Spear Phishing Detector

Spear Phishing is a harmful cyber-attack facing business and individuals worldwide. Considerable research has been conducted recently into the use of Machine Learning (ML) techniques to detect spear-phishing emails. ML-based solutions may suffer from zero-day attacks; unseen attacks unaccounted for in the training data. As new attacks emerge, classifiers trained on older data are unable to detect these new varieties of attacks resulting in increasingly inaccurate predictions. Spear Phishing detection also faces scalability challenges due to the growth of the required features which is proportional to the number of the senders within a receiver mailbox. This differs from traditional phishing attacks which typically perform only a binary classification between phishing and benign emails. Therefore, we devise a possible solution to these problems, named RAIDER: Reinforcement AIded Spear Phishing DEtectoR. A reinforcement-learning based feature evaluation system that can automatically find the optimum features for detecting different types of attacks. By leveraging a reward and penalty system, RAIDER allows for autonomous features selection. RAIDER also keeps the number of features to a minimum by selecting only the significant features to represent phishing emails and detect spear-phishing attacks. After extensive evaluation of RAIDER over 11,000 emails and across 3 attack scenarios, our results suggest that using reinforcement learning to automatically identify the significant features could reduce the dimensions of the required features by 55% in comparison to existing ML-based systems. It also improves the accuracy of detecting spoofing attacks by 4% from 90% to 94%. In addition, RAIDER demonstrates reasonable detection accuracy even against a sophisticated attack named Known Sender in which spear-phishing emails greatly resemble those of the impersonated sender.Comment: 16 page

Phishing-Attack, Detection and Prevention

Social Engineering is the process of deceiving people to reveal confidential information about themselves. There are various categories of Social Engineering, among which Phishing is the most frequently used attack nowadays; a new phishing site is created on the internet every 20 seconds and more than seventy percent of phishing emails are opened by their targets. From fraudulent emails to deploying malicious softwares on people\u27s computers, phishing has become one of the main concerns that bothers the common people. There are various types of phishing such as Vishing (voice phishing), Email phishing, Smishing (SMS phishing) and many more, out of which we are going to deal with the email phishing. Email phishing is the practice of getting emails with malicious intents. The initial effort involved simulating potential phishing attacks within a controlled setup leading to devising a solution on how to detect and prevent clicking on the malicious links by common netizens like us. The developed Machine Learning (ML) model was able to classify the vulnerable links with 97.88% training and 96.4% testing accuracies respectively. Overall, the work provides a comprehensive overview of the state-of-the-art in ML based phishing email detection, and highlights the potential of ML techniques to enhance the security of individuals and organizations against phishing attacks. Keywords : Social Engineering, Natural Language Processing, Sentimental analysis, Email Scams, CyberSecurity Automation, Individuals, Organizationshttps://ecommons.udayton.edu/stander_posters/3904/thumbnail.jp

Intelligent Security for Phishing Online using Adaptive Neuro Fuzzy Systems

Anti-phishing detection solutions employed in industry use blacklist-based approaches to achieve low false-positive rates, but blacklist approaches utilizes website URLs only. This study analyses and combines phishing emails and phishing web-forms in a single framework, which allows feature extraction and feature model construction. The outcome should classify between phishing, suspicious, legitimate and detect emerging phishing attacks accurately. The intelligent phishing security for online approach is based on machine learning techniques, using Adaptive Neuro-Fuzzy Inference System and a combination sources from which features are extracted. An experiment was performed using two-fold cross validation method to measure the system’s accuracy. The intelligent phishing security approach achieved a higher accuracy. The finding indicates that the feature model from combined sources can detect phishing websites with a higher accuracy. This paper contributes to phishing field a combined feature which sources in a single framework. The implication is that phishing attacks evolve rapidly; therefore, regular updates and being ahead of phishing strategy is the way forward

Framework for Phishing Detection in Email under Heave Using Conceptual Similarity

Today everything is available in online. Every day so many users start their online transactions. The main reason behind thisis number of alternatives and best deals are available there. They can choose according to their taste with cost effective manner. This is one side of a coin. The other side fully dealt with security problems and frauds in the online transactions. Among most of the online transactions email is the shortcut and flexible for both communication as well as for attack. So this paper mainly focuses on detection of phishing attacks and categorizes the emails based on specified and critical properties which give more information about the source of the phishing. In general most of the existing systems focus on email classification based on header part or body part. Most of the filters available today focus mainly on mail headers only. Sometimes this is not enough to detect the fraud. Some more studies focus on body part also. But they follow document clustering with term intensive similarity. First, to identify advanced phishing attacks blind term intensive similarity is not sufficient. Second, emails system is like online stream. So the nature of the phishing behavior may change time to time. In that case online learning is also required to handle concept drifts. This paper focuses on conceptual similarity along with term intensive similarity. We introduced a novel procedure named as “Framework for Phishing detection in email under heave using conceptual similarity†to adaptively classify the emails. Simulation results shows that our proposed approach effectively detect and isolate the emails with phishing attack by comparing underlying concept

Visual match of emails or landing pages to detect phishing

In a phishing attack, a perpetrator attempts to obtain the online credentials of a user by impersonating a trusted entity such as a bank, email service provider, etc. Sophisticated phishers attempt to deceive spam filters by structuring the visual look-and-feel of their fake emails to be nearly but not precisely identical to emails sent by a trusted entity, such that the spam filter allows the fake email to reach a user’s inbox. This disclosure applies machine-learning based techniques to assess the visual similarity of genuine and phished emails (or landing pages) for a given brand. The techniques detect visual near-duplicates of a trusted entity’s email and thereby achieve resilience against adversarial attacks. The need for use of hand-crafted features to achieve visual-similarity match is eliminated, enabling accurate detection of new genres of phishing email as they surface