Umer Ahmed Butt,Rashid Amin,Hamza Aldabbas,Senthilkumar Mohan,Bader Alouffi,Ali Ahmadian

DOI: https://doi.org/10.1007/s40747-022-00760-3

IF: 6.7

2022-06-02

Complex & Intelligent Systems

Abstract:Abstract Cloud computing refers to the on-demand availability of personal computer system assets, specifically data storage and processing power, without the client's input. Emails are commonly used to send and receive data for individuals or groups. Financial data, credit reports, and other sensitive data are often sent via the Internet. Phishing is a fraudster's technique used to get sensitive data from users by seeming to come from trusted sources. The sender can persuade you to give secret data by misdirecting in a phished email. The main problem is email phishing attacks while sending and receiving the email. The attacker sends spam data using email and receives your data when you open and read the email. In recent years, it has been a big problem for everyone. This paper uses different legitimate and phishing data sizes, detects new emails, and uses different features and algorithms for classification. A modified dataset is created after measuring the existing approaches. We created a feature extracted comma-separated values (CSV) file and label file, applied the support vector machine (SVM), Naive Bayes (NB), and long short-term memory (LSTM) algorithm. This experimentation considers the recognition of a phished email as a classification issue. According to the comparison and implementation, SVM, NB and LSTM performance is better and more accurate to detect email phishing attacks. The classification of email attacks using SVM, NB, and LSTM classifiers achieve the highest accuracy of 99.62%, 97% and 98%, respectively.

computer science, artificial intelligence

M. Chathar Singh,P. Sumanth,S. Bala Sathyanarayana,G. Rithika

DOI: https://doi.org/10.53730/ijhs.v6ns3.7944

2022-05-26

International Journal of Health Sciences

Abstract:E-mail is one of the most widely recognised channels of communication, whether for personal or corporate purposes. The worst part about spam emails is that they intrude on user’s privacy without their consent, and the constant bombardment of spam mails fills up the user's entire email space. Additionally, the issue of wasting network capacity and time checking and deleting spam mails makes it an even more concerning issue. Although confrontation tactics are constantly being upgraded, the results of those methods are now unsatisfactory. Furthermore, phishing emails have been on the rise in recent years. To combat the issue of phishing emails, more effective phishing detection technology is required. We intend to create a phishing email detection tool that analyses the email structure first, using an upgraded Convolutional Neural Networks model with multilayer vectors and Long Short-Term Neural Network (LSTM) to model emails at the email header, character level, email content, and word level all at the same time. To assess the efficacy, we'll use an unbalanced dataset with actual phishing and genuine email ratios. The total accuracy of the experiment achieves a high percentage.

Fatima Salahdine,Zakaria El Mrabet,Naima Kaabouch

DOI: https://doi.org/10.1109/UEMCON53757.2021.9666627

2022-01-26

Abstract:Phishing attacks are one of the most common social engineering attacks targeting users emails to fraudulently steal confidential and sensitive information. They can be used as a part of more massive attacks launched to gain a foothold in corporate or government networks. Over the last decade, a number of anti-phishing techniques have been proposed to detect and mitigate these attacks. However, they are still inefficient and inaccurate. Thus, there is a great need for efficient and accurate detection techniques to cope with these attacks. In this paper, we proposed a phishing attack detection technique based on machine learning. We collected and analyzed more than 4000 phishing emails targeting the email service of the University of North Dakota. We modeled these attacks by selecting 10 relevant features and building a large dataset. This dataset was used to train, validate, and test the machine learning algorithms. For performance evaluation, four metrics have been used, namely probability of detection, probability of miss-detection, probability of false alarm, and accuracy. The experimental results show that better detection can be achieved using an artificial neural network.

Cryptography and Security,Machine Learning

Trivikram Muralidharan,Nir Nissim

DOI: https://doi.org/10.1016/j.neunet.2022.09.002

Abstract:In today's email dependent world, cyber criminals often target organizations using a variety of social engineering techniques and specially crafted malicious emails. When successful, such attacks can result in significant harm to physical and digital systems and assets, the leakage of sensitive information, reputation damage, and financial loss. Despite the plethora of studies on the detection of phishing attacks and malicious links in emails, there are no solutions capable of effectively, quickly, and accurately coping with more complex email-based attacks, such as malicious email attachments. This paper presents the first fully automated malicious email detection framework using deep ensemble learning to analyze all email segments (body, header, and attachments); this eliminates the need for human expert intervention for feature engineering. In this paper, we also demonstrate how an ensemble framework of deep learning classifiers each of which are trained on specific portions of an email (thereby independently utilizing the entire email) can generalize better than popular email analysis methods that analyze just a specific portion of the email for analysis. The proposed framework is evaluated comprehensively and with an AUC of 0.993, the proposed framework's results surpass state-of-the-art malicious email detection methods, including human expert feature-based machine learning models by a TPR of 5%.

Gaurav Ojha,Gaurav Kumar Tak

DOI: https://doi.org/10.48550/arXiv.1209.2557

2012-09-12

Abstract:A large part of modern day communications are carried out through the medium of E-mails, especially corporate communications. More and more people are using E-mail for personal uses too. Companies also send notifications to their customers in E-mail. In fact, in the Multinational business scenario E-mail is the most convenient and sought-after method of communication. Important features of E-mail such as its speed, reliability, efficient storage options and a large number of added facilities make it highly popular among people from all sectors of business and society. But being largely popular has its negative aspects too. E-mails are the preferred medium for a large number of attacks over the internet. Some of the most popular attacks over the internet include spams, and phishing mails. Both spammers and phishers utilize E-mail services quite efficiently in spite of a large number of detection and prevention techniques already in place. Very few methods are actually good in detection/prevention of spam/phishing related mails but they have higher false positives. These techniques are implemented at the server and in addition to giving higher number of false positives, they add to the processing load on the server. This paper outlines a novel approach to detect not only spam, but also scams, phishing and advertisement related mails. In this method, we overcome the limitations of server-side detection techniques by utilizing some intelligence on the part of users. Keywords parsing, token separation and knowledge bases are used in the background to detect almost all E-mail attacks. The proposed methodology, if implemented, can help protect E-mail users from almost all kinds of unwanted mails with enhanced efficiency, reduced number of false positives while not increasing the load on E-mail servers.

Cryptography and Security

Sachin Shukla,Omid Mirzaei

DOI: https://doi.org/10.1145/3658644.3691381

2024-09-04

Abstract:In the pursuit of an effective spam detection system, the focus has often been on identifying known spam patterns either through rule-based detection systems or machine learning (ML) solutions that rely on keywords. However, both systems are susceptible to evasion techniques and zero-day attacks that can be achieved at low cost. Therefore, an email that bypassed the defense system once can do it again in the following days, even though rules are updated or the ML models are retrained. The recurrence of failures to detect emails that exhibit layout similarities to previously undetected spam is concerning for customers and can erode their trust in a company. Our observations show that threat actors reuse email kits extensively and can bypass detection with little effort, for example, by making changes to the content of emails. In this work, we propose an email visual similarity detection approach, named Pisco, to improve the detection capabilities of an email threat defense system. We apply our proof of concept to some real-world samples received from different sources. Our results show that email kits are being reused extensively and visually similar emails are sent to our customers at various time intervals. Therefore, this method could be very helpful in situations where detection engines that rely on textual features and keywords are bypassed, an occurrence our observations show happens frequently.

Cryptography and Security,Artificial Intelligence,Machine Learning

R. Vinayakumar,K. P. Soman,Prabaharan Poornachandran,S. Akarsh,Mohamed Elhoseny

DOI: https://doi.org/10.1007/978-3-030-16837-7_6

2019-01-01

Abstract:Spamming and Phishing attacks are the most common security challenges we face in today’s cyber world. The existing methods for the Spam and Phishing detection are based on blacklisting and heuristics technique. These methods require human intervention to update if any new Spam and Phishing activity occurs. Moreover, these are completely inefficient in detecting new Spam and Phishing activities. These techniques can detect malicious activity only after the attack has occurred. Machine learning has the capability to detect new Spam and Phishing activities. This requires extensive domain knowledge for feature learning and feature representation. Deep learning is a method of machine learning which has the capability to extract optimal feature representation from various samples of benign, Spam and Phishing activities by itself. To leverage, this work uses various deep learning architectures for both Spam and Phishing detection with electronic mail (Email) and uniform resource locator (URL) data sources. Because in recent years both Email and URL resources are the most commonly used by the attackers to spread malware. Various datasets are used for conducting experiments with deep learning architectures. For comparative study, classical machine learning algorithms are used. These datasets are collected using public and private data sources. All experiments are run till 1,000 epochs with varied learning rate 0.01–0.5. For comparative study various classical machine learning classifiers are used with domain level feature extraction. For deep learning architectures and classical machine learning algorithms to convert text data into numeric representation various natural language processing text representation methods are used. As far as anyone is concerned, this is the first attempt, a framework that can examine and connect the occasions of Spam and Phishing activities from Email and URL sources at scale to give cyber threat situational awareness. The created framework is exceptionally versatile and fit for distinguishing the malicious activities in close constant. In addition, the framework can be effectively reached out to deal with vast volume of other cyber security events by including extra resources. These qualities have made the proposed framework emerge from some other arrangement of comparative kind.

Azadeh Golduzian

DOI: https://doi.org/10.48550/arXiv.2308.15674

2023-08-30

Abstract:A malicious attempt to exhaust a victim's resources to cause it to crash or halt its services is known as a distributed denial-of-service (DDoS) attack. DDOS attacks stop authorized users from accessing specific services available on the Internet. It targets varying components of a network layer and it is better to stop into layer 4 (transport layer) of the network before approaching a higher layer. This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. In addition, data preprocessing was performed using three methods to identify the most relevant features. This paper explores the issue of improving the DDOS attack detection accuracy using the latest dataset named CICDDoS2019, which has over 50 million records. Because we employed an extensive dataset for this investigation, our findings are trustworthy and practical. Our target class (attack class) was imbalanced. Therefore, we used two techniques to deal with imbalanced data in machine learning. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class, outperforming recently developed DDoS detection systems. To the best of our knowledge, no other research has worked on the most recent dataset with over 50 million records, addresses the statistical technique to select the most significant feature, has this high accuracy, and suggests ways to avoid DDOS attackI.

Cryptography and Security

Naveen Palanichamy,Yoga Shri Murti

DOI: https://doi.org/10.18080/jtde.v11n3.778

2023-09-30

Journal of Telecommunications and the Digital Economy

Abstract:Phishing emails pose a severe risk to online users, necessitating effective identification methods to safeguard digital communication. Detection techniques are continuously researched to address the evolution of phishing strategies. Machine learning (ML) is a powerful tool for automated phishing email detection, but existing techniques like support vector machines and Naive Bayes have proven slow or ineffective in handling spam filtering. This study attempts to provide a phishing email detector and reliable classifier using a hybrid machine classifier with term frequency-inverse document frequency (TF-IDF) and an effective feature extraction technique (FET) on a real-world dataset from Kaggle. Exploratory data analysis is conducted to enhance understanding of the dataset and identify any conspicuous errors and outliers to facilitate the detection process. The FET converts the data text into a numerical representation that can be used for ML algorithms. The model’s performance is evaluated using accuracy, precision, recall, F1 score, receiver operating characteristic (ROC) curve and area under the ROC curve metrics. The research findings indicate that the hybrid model utilising TF-IDF achieved superior performance, with an accuracy of 87.5%. The paper offers valuable knowledge on using ML to identify phishing emails and highlights the importance of combining various models.

Prateek Dewan,Anand Kashyap,Ponnurangam Kumaraguru

DOI: https://doi.org/10.48550/arXiv.1406.3692

2014-06-14

Abstract:Spear phishing is a complex targeted attack in which, an attacker harvests information about the victim prior to the attack. This information is then used to create sophisticated, genuine-looking attack vectors, drawing the victim to compromise confidential information. What makes spear phishing different, and more powerful than normal phishing, is this contextual information about the victim. Online social media services can be one such source for gathering vital information about an individual. In this paper, we characterize and examine a true positive dataset of spear phishing, spam, and normal phishing emails from Symantec's enterprise email scanning service. We then present a model to detect spear phishing emails sent to employees of 14 international organizations, by using social features extracted from LinkedIn. Our dataset consists of 4,742 targeted attack emails sent to 2,434 victims, and 9,353 non targeted attack emails sent to 5,912 non victims; and publicly available information from their LinkedIn profiles. We applied various machine learning algorithms to this labeled data, and achieved an overall maximum accuracy of 97.76% in identifying spear phishing emails. We used a combination of social features from LinkedIn profiles, and stylometric features extracted from email subjects, bodies, and attachments. However, we achieved a slightly better accuracy of 98.28% without the social features. Our analysis revealed that social features extracted from LinkedIn do not help in identifying spear phishing emails. To the best of our knowledge, this is one of the first attempts to make use of a combination of stylometric features extracted from emails, and social features extracted from an online social network to detect targeted spear phishing emails.

Computers and Society,Machine Learning,Social and Information Networks

Amir Kashapov,Tingmin Wu,Alsharif Abuadbba,Carsten Rudolph

DOI: https://doi.org/10.48550/arXiv.2203.13380

2022-03-25

Abstract:Cyber-phishing attacks recently became more precise, targeted, and tailored by training data to activate only in the presence of specific information or cues. They are adaptable to a much greater extent than traditional phishing detection. Hence, automated detection systems cannot always be 100% accurate, increasing the uncertainty around expected behavior when faced with a potential phishing email. On the other hand, human-centric defence approaches focus extensively on user training but face the difficulty of keeping users up to date with continuously emerging patterns. Therefore, advances in analyzing the content of an email in novel ways along with summarizing the most pertinent content to the recipients of emails is a prospective gateway to furthering how to combat these threats. Addressing this gap, this work leverages transformer-based machine learning to (i) analyze prospective psychological triggers, to (ii) detect possible malicious intent, and (iii) create representative summaries of emails. We then amalgamate this information and present it to the user to allow them to (i) easily decide whether the email is "phishy" and (ii) self-learn advanced malicious patterns.

Cryptography and Security,Machine Learning

Syed Md. Minhaz Hossain,Iqbal H. Sarker

DOI: https://doi.org/10.20944/preprints202109.0236.v1

2021-09-14

Abstract:Recently, spam emails have become a significant problem with the expanding usage of the Internet. It is to some extend obvious to filter emails. A spam filter is a system that detects undesired and malicious emails and blocks them from getting into the users' inboxes. Spam filters check emails for something "suspicious" in terms of text, email address, header, attachments, and language. However, we have used different features such as word2vec, word n-grams, character n-grams, and a combination of variable length n-grams for comparative analysis in our proposed approach. Different machine learning models such as support vector machine (SVM), decision tree (DT), logistic regression (LR), and multinomial naïve bayes (MNB) are applied to train the extracted features. We use different evaluation metrics such as precision, recall, f1-score, and accuracy to evaluate the experimental results. Among them, SVM provides 97.6 \% of accuracy, 98.8\% of precision, and 94.9\% of f1-score using a combination of n-gram features.

Markus Jakobsson,Filippo Menczer

DOI: https://doi.org/10.48550/arXiv.cs/0305042

2003-05-24

Abstract:We uncover a vulnerability that allows for an attacker to perform an email-based attack on selected victims, using only standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner -- as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during on-line auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; cheat in SMS-based games; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner.

Computers and Society,Networking and Internet Architecture

Nebojsa Bacanin,Miodrag Zivkovic,Catalin Stoean,Milos Antonijevic,Stefana Janicijevic,Marko Sarac,Ivana Strumberger

DOI: https://doi.org/10.3390/math10224173

IF: 2.4

2022-11-09

Mathematics

Abstract:Spam represents a genuine irritation for email users, since it often disturbs them during their work or free time. Machine learning approaches are commonly utilized as the engine of spam detection solutions, as they are efficient and usually exhibit a high degree of classification accuracy. Nevertheless, it sometimes happens that good messages are labeled as spam and, more often, some spam emails enter into the inbox as good ones. This manuscript proposes a novel email spam detection approach by combining machine learning models with an enhanced sine cosine swarm intelligence algorithm to counter the deficiencies of the existing techniques. The introduced novel sine cosine was adopted for training logistic regression and for tuning XGBoost models as part of the hybrid machine learning-metaheuristics framework. The developed framework has been validated on two public high-dimensional spam benchmark datasets (CSDMC2010 and TurkishEmail), and the extensive experiments conducted have shown that the model successfully deals with high-degree data. The comparative analysis with other cutting-edge spam detection models, also based on metaheuristics, has shown that the proposed hybrid method obtains superior performance in terms of accuracy, precision, recall, f1 score, and other relevant classification metrics. Additionally, the empirically established superiority of the proposed method is validated using rigid statistical tests.

mathematics

Nematullah Noori,Vyenkatesh Bawanthad,Mayur Pakhare,Ramashray Agrawal,Vinod Kimbahune

DOI: https://doi.org/10.22214/ijraset.2023.52342

2023-05-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Phishing attacks continue to pose a major threat for computer system defenders, often forming the first step in a multistage attack. There have been great strides made in phishing detection; however,some phishing emails appear to pass through filters by making simple structural and semantic changes to the messages. We tackle this problem through the use of a machine learning classifier operating on a large corpus of phishing and legitimate emails. We design a system to extract features, elevating some to higherlevel feature, that are meant to defeat common phishing email detection strategies. This paper presents an approach to detect phishing URLs in an efficient way based on URL features only. For detecting the phishing URLs SVM classifier is used. The performances are evaluated for different size of datasets using different number of features. The results are compared with other machine learning classification techniques. The proposed system is able to detect phishing websites using URL features only.

Craig Beaman,Haruna Isah

DOI: https://doi.org/10.48550/arXiv.2203.10408

2022-03-20

Abstract:Anomalies in emails such as phishing and spam present major security risks such as the loss of privacy, money, and brand reputation to both individuals and organizations. Previous studies on email anomaly detection relied on a single type of anomaly and the analysis of the email body and subject content. A drawback of this approach is that it takes into account the written language of the email content. To overcome this deficit, this study conducted feature extraction and selection on email header datasets and leveraged both multi and one-class anomaly detection approaches. Experimental analysis results obtained demonstrate that email header information only is enough to reliably detect spam and phishing emails. Supervised learning algorithms such as Random Forest, SVM, MLP, KNN, and their stacked ensembles were found to be very successful, achieving high accuracy scores of 97% for phishing and 99% for spam emails. One-class classification with One-Class SVM achieved accuracy scores of 87% and 89% with spam and phishing emails, respectively. Real-world email filtering applications will benefit from the use of only the header information in terms of resources utilization and efficiency.

Cryptography and Security,Artificial Intelligence,Machine Learning,Social and Information Networks

Samer Atawneh,Hamzah Aljehani

DOI: https://doi.org/10.3390/electronics12204261

IF: 2.9

2023-10-15

Electronics

Abstract:Email phishing is a widespread cyber threat that can result in the theft of sensitive information and financial loss. It uses malicious emails to trick recipients into providing sensitive information or transferring money, often by disguising themselves as legitimate organizations or individuals. As technology advances and attackers become more sophisticated, the problem of email phishing becomes increasingly challenging to detect and prevent. In this research paper, the use of deep learning techniques, including convolutional neural networks (CNNs), long short-term memory (LSTM) networks, recurrent neural networks (RNNs), and bidirectional encoder representations from transformers (BERT), are explored for detecting email phishing attacks. A dataset of phishing and benign emails was utilized, and a set of relevant features was extracted using natural language processing (NLP) techniques. The proposed deep learning model was trained and tested using the dataset, and it was found that it can achieve high accuracy in detecting email phishing compared to other state-of-the-art research, where the best performance was seen when using BERT and LSTM with an accuracy of 99.61%. The results demonstrate the potential of deep learning for improving email phishing detection and protecting against this pervasive threat.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kingshuk Debnath,Dr. Nirmalya Kar

DOI: https://doi.org/10.1109/com-it-con54601.2022.9850588

2022-05-26

Abstract:Email is one of the most popular and efficient methods of internet communication and data or message sharing. Considering the significance and high usage of emails, the number of spam emails has also increased rapidly. Spam emails are unwanted emails that contains various contents like advertisements, offers, malicious links, malware, trojan, etc. Spammers send junk mails with an intention of committing email fraud, thus it is important to filter spam emails from emails. The motivation of this research is to build email spam detection models by using machine learning and deep learning techniques so that spam emails can be distinguished from legitimate emails with high accuracy. The Enron email dataset has been used and deep learning models are developed to detect and classify new email spam using LSTM and BERT. NLP approach was applied to analyze and perform data preprocessing of the text of the email. The results are compared to the previous models in email spam detection. The proposed deep learning approach obtained the highest accuracy of 99.14% using BERT, 98.34% using BiLSTM and 97.15% using LSTM. Python is utilized for all implementations.

Computer Science

Sanjay Sharma,C. Rama Krishna,Sanjay K. Sahay

DOI: https://doi.org/10.48550/arXiv.1903.02966

2019-03-07

Abstract:In today's digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. metamorphic malware. In this paper, we study the frequency of opcode occurrence to detect unknown malware by using machine learning technique. For the purpose, we have used kaggle Microsoft malware classification challenge dataset. The top 20 features obtained from fisher score, information gain, gain ratio, chi-square and symmetric uncertainty feature selection methods are compared. We also studied multiple classifier available in WEKA GUI based machine learning tool and found that five of them (Random Forest, LMT, NBT, J48 Graft and REPTree) detect malware with almost 100% accuracy.

Cryptography and Security,Machine Learning

Anupama Mishra

DOI: https://doi.org/10.48550/arXiv.2204.12855

2022-04-27

Abstract:DDoS attacks, also known as distributed denial of service (DDoS) attacks, have emerged as one of the most serious and fastest-growing threats on the Internet. Denial-of-service (DDoS) attacks are an example of cyber attacks that target a specific system or network in an attempt to render it inaccessible or unusable for a period of time. As a result, improving the detection of diverse types of DDoS cyber threats with better algorithms and higher accuracy while keeping the computational cost under control has become the most significant component of detecting DDoS cyber threats. In order to properly defend the targeted network or system, it is critical to first determine the sort of DDoS assault that has been launched against it. A number of ensemble classification techniques are presented in this paper, which combines the performance of various algorithms. They are then compared to existing Machine Learning Algorithms in terms of their effectiveness in detecting different types of DDoS attacks using accuracy, F1 scores, and ROC curves. The results show high accuracy and good performance.

Cryptography and Security