Skip to main content
SpringerLink
Log in

Multi Layer Detection Framework for Spear-Phishing Attacks

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13146))

Included in the following conference series:

Abstract

With emails becoming prime communication medium across organizations, spear-phishing has become one of the most effective medium for attackers to breach enterprise network security. Latest targeted attacks which employ compromised email accounts for sending spear-phishing emails are almost impossible to detect using conventional security solutions. Attackers use contextual information of targeted entity to make the spear-phishing emails look legitimate. Convincing the victim to either click a malicious link or download and open a malicious attachment.

The Detection of spear-phishing email becomes more challenging when it has to be done in an enterprise network scenario. Factors such as non-availability of training data, huge volumes of emails received and critical role of email in business operations makes detection a challenge. In the work presented in this paper we propose a multi-layer detection framework for the spear-phishing email detection. The proposed framework employs sentiment analysis, context-based behavior analysis along with deception technologies for the detection of spear-phishing emails.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 250ok: Global dmarc adoption (2019). https://s3.amazonaws.com/250ok-wordpress/wp-content/uploads/2019/07/09140509/Global-DMARC-Adoption-2019.pdf

  2. Abu-Nimeh, S., Nappa, D., Wang, X., Nair, S.: A comparison of machine learning techniques for phishing detection (2007)

    Google Scholar 

  3. Agten, P., Joosen, W., Piessens, F., Nikiforakis, N.: Seven months’ worth of mistakes: a longitudinal study of typosquatting abuse. In: Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). Internet Society (2015)

    Google Scholar 

  4. ieter Arntz: Lemonduck no longer settles for breadcrumbs (2021). https://blog.malwarebytes.com/botnets/2021/07/lemonduck-no-longer-settles-for-breadcrumbs/

  5. BARRACUDA: Spear phishing:top threats and trends (2019). https://assets.barracuda.com/assets/docs/dms/Spear_Phishing_Top_Threats_and_Trends.pdf

  6. Chandrasekaran, M., Narayanan, K., Upadhyaya, S.: Phishing email detection based on structural properties (2006)

    Google Scholar 

  7. Chen, J., Guo, C.: Online detection and prevention of phishing attacks. In: 2006 First International Conference on Communications and Networking in China, pp. 1–7 (2006)

    Google Scholar 

  8. Chhabra, S., Aggarwal, A., Benevenuto, F., Kumaraguru, P.: Phi.sh/\$oCiaL: the phishing landscape through short URLs (2011)

    Google Scholar 

  9. Cimpanu, C.: Spear-phishing campaign compromises executives at 150+ companies (2020). https://www.zdnet.com/article/spear-phishing-campaign-compromises-executives-at-150-companies/

  10. Crocker, D., Hansen, T., Kucherawy, M.: Domainkeys identified mail (DKIM) signatures (2011)

    Google Scholar 

  11. Dewan, P., Kashyap, A., Kumaraguru, P.: Analyzing social and stylometric features to identify spear phishing emails (2014)

    Google Scholar 

  12. Duman, S., Kalkan-Cakmakci, K., Egele, M., Robertson, W., Kirda, E.: Emailprofiler: Spearphishing filtering with header and stylometric features of emails. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 408–416. IEEE (2016)

    Google Scholar 

  13. MFPS Firm: Global Energy Cyberattacks: Night Dragon. McAfee, Incorporated (2011)

    Google Scholar 

  14. Fishbein, N., Robinson, R.: Global phishing campaign targets energy sector and its suppliers (2021). https://www.intezer.com/blog/research/global-phishing-campaign-targets-energy-sector-and-its-suppliers/

  15. Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM workshop on Recurring malcode, pp. 1–8 (2007)

    Google Scholar 

  16. Gascon, H., Ullrich, S., Stritter, B., Rieck, K.: Reading between the lines: content-agnostic detection of spear-phishing emails. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 69–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_4

    Chapter  Google Scholar 

  17. Gonzalez, T.F.: Clustering to minimize the maximum intercluster distance. Theor. Comput. Sci. 38, 293–306 (1985)

    Article  MathSciNet  Google Scholar 

  18. Granger, S.: Social engineering fundamentals, part I: hacker tactics. Secur. Focus 18 (2001)

    Google Scholar 

  19. Hacquebord, F.: Pawn storm in 2019 (2019)

    Google Scholar 

  20. Hamid, I.R.A., Abawajy, J., Kim, T.: Using feature selection and classification scheme for automating phishing email detection (2013)

    Google Scholar 

  21. Han, K., Wang, Y., Tian, Q., Guo, J., Xu, C., Xu, C.: GhostNet: more features from cheap operations. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1577–1586 (2020)

    Google Scholar 

  22. Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing attacks in enterprise settings. In: Proceedings of the 26th USENIX Conference on Security Symposium, pp. 469–485. SEC 2017, USENIX Association, USA (2017)

    Google Scholar 

  23. Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing in enterprise settings (2017)

    Google Scholar 

  24. HOSTINGTRIBUNAL: 7+ stunningly scary phishing statistics- an ever-growing threat (2020). https://hostingtribunal.com/blog/phishing-statistics/#gref

  25. Islam, R., Abawajy., J.: A multi-tier phishing detection and filtering approach (2013)

    Google Scholar 

  26. Jakobsson, M., Myers, S.: Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience, USA (2006)

    Google Scholar 

  27. Shen, K., et al.: Weak links in authentication chains: a large-scale analysis of email sender spoofing attacks. In: 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C., August 2021. https://www.usenix.org/conference/usenixsecurity21/presentation/shen-kaiwen

  28. Kitterman, S.: Sender policy framework (SPF) for authorizing use of domains in email, version 1 (2014)

    Google Scholar 

  29. Kucherawy, M., Zwicky, E.: Domain-based message authentication, reporting, and conformance (DMARC) (2015)

    Google Scholar 

  30. Laskov, P.: Static detection of malicious javascript-bearing pdf documents (2011)

    Google Scholar 

  31. Lin, E., Aycock, J., Mannan, M.: Lightweight client-side methods for detecting email forgery. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 254–269. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35416-8_18

    Chapter  Google Scholar 

  32. Ma, L., Ofoghi, B., Watters, P., Brown, S.: Detecting phishing emails using hybrid features (2009)

    Google Scholar 

  33. MalwareBytesLabs: 2019 state of malware. (2019). https://resources.malwarebytes.com/files/2019/01/Malwarebytes-Labs-2019-State-of-Malware-Report-2.pdf

  34. McClure, S., et al.: Protecting your critical assets-lessons learned from operation aurora (2010)

    Google Scholar 

  35. Montalbano, E.: Email campaign spreads strrat fake-ransomware rat (2021). https://threatpost.com/email-campaign-fake-ransomware-rat/166378/

  36. NSCS: Advisory: Apt29 targets COVID-19 vaccine development (2020). https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf

  37. Onan, A., Korukoglu, S., Bulut, H.: LDA-based topic modelling in text sentiment classification: an empirical analysis. Int. J. Comput. Linguist. Appl. 7(1), 101–119 (2016)

    Google Scholar 

  38. Paganini, P.: New intel security study shows that 97% of people can’t identify phishing emails (2015). http://securityaffairs.co/wordpress/36922/cyber-crime/study-phishing-emails-response.html

  39. Point, P.: Cyber security predictions 2017 (2016). https://www.proofpoint.com/us/threat-insight/post/cybersecurity-predictions-2017

  40. Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)

    Article  Google Scholar 

  41. Sheng, Y., Rong, J., Xiang, W.: Simulation of the users’ email behavior based on BP-BDI model. In: 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 16–22 (2015)

    Google Scholar 

  42. Shukla, S., Misra, M., Varshney, G.: Identification of spoofed emails by applying email forensics and memory forensics. In: 2020 the 10th International Conference on Communication and Network Security, pp. 109–114 (2020)

    Google Scholar 

  43. Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5

    Chapter  Google Scholar 

  44. Symantec: Internet security threat report 2019 (2019). https://docs.broadcom.com/docs/istr-24-2019-en

  45. Toolan, F., Carthy, J.: Feature selection for spam and phishing detection. In: 2010 eCrime Researchers Summit, pp. 1–12. IEEE (2010)

    Google Scholar 

  46. APT TrendLabsSM: Spear-phishing email: Most favored apt attack bait

    Google Scholar 

  47. Vandeplas, C.: Misp - open source threat intelligence platform & open standards for threat information sharing (2020). https://www.misp-project.org/

  48. Verizon: Databreach investigation report 2017 (2017). http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/

Download references

Author information

Authors and Affiliations

  1. Cyber Security Technology Division C-DAC, Mohali, India

    Shivani Arya & Saurabh Chamotra

Authors
  1. Shivani Arya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saurabh Chamotra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saurabh Chamotra .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Patna, Patna, India

    Somanath Tripathy

  2. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

  3. Newcastle University, Newcastle upon Tyne, UK

    Rajiv Ranjan

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Arya, S., Chamotra, S. (2021). Multi Layer Detection Framework for Spear-Phishing Attacks. In: Tripathy, S., Shyamasundar, R.K., Ranjan, R. (eds) Information Systems Security. ICISS 2021. Lecture Notes in Computer Science(), vol 13146. Springer, Cham. https://doi.org/10.1007/978-3-030-92571-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92571-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92570-3

  • Online ISBN: 978-3-030-92571-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation