Abstract
With emails becoming prime communication medium across organizations, spear-phishing has become one of the most effective medium for attackers to breach enterprise network security. Latest targeted attacks which employ compromised email accounts for sending spear-phishing emails are almost impossible to detect using conventional security solutions. Attackers use contextual information of targeted entity to make the spear-phishing emails look legitimate. Convincing the victim to either click a malicious link or download and open a malicious attachment.
The Detection of spear-phishing email becomes more challenging when it has to be done in an enterprise network scenario. Factors such as non-availability of training data, huge volumes of emails received and critical role of email in business operations makes detection a challenge. In the work presented in this paper we propose a multi-layer detection framework for the spear-phishing email detection. The proposed framework employs sentiment analysis, context-based behavior analysis along with deception technologies for the detection of spear-phishing emails.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
250ok: Global dmarc adoption (2019). https://s3.amazonaws.com/250ok-wordpress/wp-content/uploads/2019/07/09140509/Global-DMARC-Adoption-2019.pdf
Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S.: A comparison of machine learning techniques for phishing detection (2007)
Agten, P., Joosen, W., Piessens, F., Nikiforakis, N.: Seven months’ worth of mistakes: a longitudinal study of typosquatting abuse. In: Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). Internet Society (2015)
ieter Arntz: Lemonduck no longer settles for breadcrumbs (2021). https://blog.malwarebytes.com/botnets/2021/07/lemonduck-no-longer-settles-for-breadcrumbs/
BARRACUDA: Spear phishing:top threats and trends (2019). https://assets.barracuda.com/assets/docs/dms/Spear_Phishing_Top_Threats_and_Trends.pdf
Chandrasekaran, M., Narayanan, K., Upadhyaya, S.: Phishing email detection based on structural properties (2006)
Chen, J., Guo, C.: Online detection and prevention of phishing attacks. In: 2006 First International Conference on Communications and Networking in China, pp. 1–7 (2006)
Chhabra, S., Aggarwal, A., Benevenuto, F., Kumaraguru, P.: Phi.sh/\$oCiaL: the phishing landscape through short URLs (2011)
Cimpanu, C.: Spear-phishing campaign compromises executives at 150+ companies (2020). https://www.zdnet.com/article/spear-phishing-campaign-compromises-executives-at-150-companies/
Crocker, D., Hansen, T., Kucherawy, M.: Domainkeys identified mail (DKIM) signatures (2011)
Dewan, P., Kashyap, A., Kumaraguru, P.: Analyzing social and stylometric features to identify spear phishing emails (2014)
Duman, S., Kalkan-Cakmakci, K., Egele, M., Robertson, W., Kirda, E.: Emailprofiler: Spearphishing filtering with header and stylometric features of emails. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 408–416. IEEE (2016)
MFPS Firm: Global Energy Cyberattacks: Night Dragon. McAfee, Incorporated (2011)
Fishbein, N., Robinson, R.: Global phishing campaign targets energy sector and its suppliers (2021). https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers/
Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM workshop on Recurring malcode, pp. 1–8 (2007)
Gascon, H., Ullrich, S., Stritter, B., Rieck, K.: Reading between the lines: content-agnostic detection of spear-phishing emails. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 69–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_4
Gonzalez, T.F.: Clustering to minimize the maximum intercluster distance. Theor. Comput. Sci. 38, 293–306 (1985)
Granger, S.: Social engineering fundamentals, part I: hacker tactics. Secur. Focus 18 (2001)
Hacquebord, F.: Pawn storm in 2019 (2019)
Hamid, I.R.A., Abawajy, J., Kim, T.: Using feature selection and classification scheme for automating phishing email detection (2013)
Han, K., Wang, Y., Tian, Q., Guo, J., Xu, C., Xu, C.: GhostNet: more features from cheap operations. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1577–1586 (2020)
Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing attacks in enterprise settings. In: Proceedings of the 26th USENIX Conference on Security Symposium, pp. 469–485. SEC 2017, USENIX Association, USA (2017)
Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing in enterprise settings (2017)
HOSTINGTRIBUNAL: 7+ stunningly scary phishing statistics- an ever-growing threat (2020). https://hostingtribunal.com/blog/phishing-statistics/#gref
Islam, R., Abawajy., J.: A multi-tier phishing detection and filtering approach (2013)
Jakobsson, M., Myers, S.: Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience, USA (2006)
Shen, K., et al.: Weak links in authentication chains: a large-scale analysis of email sender spoofing attacks. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C., August 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/shen-kaiwen
Kitterman, S.: Sender policy framework (SPF) for authorizing use of domains in email, version 1 (2014)
Kucherawy, M., Zwicky, E.: Domain-based message authentication, reporting, and conformance (DMARC) (2015)
Laskov, P.: Static detection of malicious javascript-bearing pdf documents (2011)
Lin, E., Aycock, J., Mannan, M.: Lightweight client-side methods for detecting email forgery. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 254–269. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35416-8_18
Ma, L., Ofoghi, B., Watters, P., Brown, S.: Detecting phishing emails using hybrid features (2009)
MalwareBytesLabs: 2019 state of malware. (2019). https://resources.malwarebytes.com/files/2019/01/Malwarebytes-Labs-2019-State-of-Malware-Report-2.pdf
McClure, S., et al.: Protecting your critical assets-lessons learned from operation aurora (2010)
Montalbano, E.: Email campaign spreads strrat fake-ransomware rat (2021). https://threatpost.com/email-campaign-fake-ransomware-rat/166378/
NSCS: Advisory: Apt29 targets COVID-19 vaccine development (2020). https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf
Onan, A., Korukoglu, S., Bulut, H.: LDA-based topic modelling in text sentiment classification: an empirical analysis. Int. J. Comput. Linguist. Appl. 7(1), 101–119 (2016)
Paganini, P.: New intel security study shows that 97% of people can’t identify phishing emails (2015). http://securityaffairs.co/wordpress/36922/cyber-crime/study-phishing-emails-response.html
Point, P.: Cyber security predictions 2017 (2016). https://www.proofpoint.com/us/threat-insight/post/cybersecurity-predictions-2017
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Sheng, Y., Rong, J., Xiang, W.: Simulation of the users’ email behavior based on BP-BDI model. In: 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 16–22 (2015)
Shukla, S., Misra, M., Varshney, G.: Identification of spoofed emails by applying email forensics and memory forensics. In: 2020 the 10th International Conference on Communication and Network Security, pp. 109–114 (2020)
Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5
Symantec: Internet security threat report 2019 (2019). https://docs.broadcom.com/docs/istr-24-2019-en
Toolan, F., Carthy, J.: Feature selection for spam and phishing detection. In: 2010 eCrime Researchers Summit, pp. 1–12. IEEE (2010)
APT TrendLabsSM: Spear-phishing email: Most favored apt attack bait
Vandeplas, C.: Misp - open source threat intelligence platform & open standards for threat information sharing (2020). https://www.misp-project.org/
Verizon: Databreach investigation report 2017 (2017). http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Arya, S., Chamotra, S. (2021). Multi Layer Detection Framework for Spear-Phishing Attacks. In: Tripathy, S., Shyamasundar, R.K., Ranjan, R. (eds) Information Systems Security. ICISS 2021. Lecture Notes in Computer Science(), vol 13146. Springer, Cham. https://doi.org/10.1007/978-3-030-92571-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-92571-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92570-3
Online ISBN: 978-3-030-92571-0
eBook Packages: Computer ScienceComputer Science (R0)