Reading Between the Lines: Content-Agnostic Detection of Spear-Phishing Emails

@inproceedings{Gascon2018ReadingBT,
  title={Reading Between the Lines: Content-Agnostic Detection of Spear-Phishing Emails},
  author={Hugo Gascon and Steffen Ullrich and Benjamin Stritter and Konrad Rieck},
  booktitle={RAID},
  year={2018}
}
Spear-phishing is an effective attack vector for infiltrating companies and organisations. Based on the multitude of personal information available online, an attacker can craft seemingly legit emails and trick his victims into opening malicious attachments and links. Although anti-spoofing techniques exist, their adoption is still limited and alternative protection approaches are needed. In this paper, we show that a sender leaves content-agnostic traits in the structure of an email. Based on… 
CADUE: Content-Agnostic Detection of Unwanted Emails for Enterprise Security
TLDR
This paper investigates how to detect unwanted emails in a content-agnostic manner, that is, without access to the contents of emails at all, and proposes two types of novel enterprise features from enterprise email logs: sender profiling features, which capture the patterns of past emails from external senders to internal recipients; and enterprise graph features,Which capture the co-recipient and the sender-rec recipient relationships between internal users.
Email Address Mutation for Proactive Deterrence Against Lateral Spear-Phishing Attacks
TLDR
A novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing and a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients.
Spear Phishing Emails Detection Based on Machine Learning
TLDR
A new effective approach to detect spear phishing emails based on machine learning and an improvement on Synthetic Minority Oversampling Technique named KM-SMOTE to reduce the impact of unbalanced data is presented.
High Precision Detection of Business Email Compromise
TLDR
BEC-Guard is presented, a detector used at Barracuda Networks that prevents business email compromise attacks in real-time using supervised learning and achieves a precision of 98.2% and a false positive rate of less than one in five million emails.
Phishing Mitigation Techniques: A Literature Survey
TLDR
This paper reveals the different email and website phishing solutions in phishing attack detection and discusses on the limitations of the techniques, before concluding with an exploration of how phishing detection can be improved.
Evaluating user vulnerabilities vs phisher skills in spear phishing
TLDR
The relationships between the two major constructs namely ‘user vulnerabilities’ and ‘email contextualization’ are explored through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers’ bait.
RAIDER: Reinforcement-aided Spear Phishing Detector
TLDR
After extensive evaluation of RAIDER, results suggest that using reinforcement learning to automatically identify the significant features could reduce the required features dimensions by 55% in comparison to existing ML-based systems.
Security and Privacy in Communication Networks: 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I
TLDR
A novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing and a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients.
Detection of Malicious Emails through Regular Expressions and Databases
  • Omar Abahussain, Yousef Harrath
  • Computer Science
    2019 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)
  • 2019
TLDR
The paper aims to find an optimal logical method of reducing the probability of falling victim to malicious emails by filtering them out.
Classification of malicious emails
TLDR
The main aim of this paper is to analyze existing approaches to classification of malicious emails and implement a system, which is able to distinguish between legitimate and malicious emails.
...
...

References

SHOWING 1-10 OF 34 REFERENCES
Lightweight Client-Side Methods for Detecting Email Forgery
TLDR
Two methods are proposed, geolocation and stylometry analysis, which are complementary to existing anti-spam techniques and lightweight in the sense that they leverage existing information and software in new ways, instead of needing massive deployments of untried applications.
Accurate spear phishing campaign attribution and early detection
TLDR
Four categories of email profiling features are introduced that capture various characteristics of spear phishing emails and an affinity graph based semi-supervised learning model is implemented and evaluated for campaign attribution and detection.
Detecting targeted malicious email through supervised classification of persistent threat and recipient oriented features
TLDR
This dissertation surveys and categorizes existing email filtering techniques, proposes and implements new methods for detecting targeted malicious email and compares these newly developed techniques to traditional detection methods.
That Ain't You: Blocking Spearphishing Through Behavioral Modelling
TLDR
This work proposes a change of focus in the techniques that are used for detecting malicious emails: instead of looking for features that are indicative of attack emails, they look for emails that claim to have been written by a certain person within a company, but were actually authored by an attacker.
A literature survey on social engineering attacks: Phishing attack
TLDR
The paper gives a thorough analysis of various Phishing attacks along with their advantages and disadvantages and provides different techniques to detect these attacks so that they can be easily dealt with in case one of them occurs.
Security by Any Other Name: On the Effectiveness of Provider Based Email Security
TLDR
The findings show that the global email system provides some protection against passive eavesdropping, limited protection against unprivileged peer message forgery, and no protection against active network-based attacks.
How is e-mail sender authentication used and misused?
TLDR
This paper addresses the question "How is the DNS Sender Policy Framework (SPF), which is the most popular e-mail sender authentication mechanism, used and misused in the wild?", in the first extensive study addressing the fundamental question.
A Look at Targeted Attacks Through the Lense of an NGO
TLDR
It is found that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs.
Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware
TLDR
The Targeted Threat Index (TTI) is developed, a metric which incorporates both social engineering and technical sophistication when assessing the risk of malware threats and is demonstrated to be more effective than simple technical sophistication for identifying malware threats with the highest potential to successfully compromise victims.
Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email
TLDR
This study examines how users' attention to “visual triggers” and “phishing deception indicators” influence their decision-making processes and consequently their decisions, and suggests that overall cognitive effort expended in email processing decreases with attention to visual triggers and phishing deceived indicators.
...
...