Abstract
Phishing scams have long been used to obtain sensitive information via email. Recently, scammers have increasingly been using spear-phishing and targeting corporate employees, this type of attack is called Business Email Compromise (BEC-attacks). BEC-attacks problem is highly relevant to mobile networks, as mobile users are much more vulnerable to such types of attacks than regular users. The main methods of detecting BEC-attacks are considered and their comparative analysis is made. It is demonstrated that the most promising approach for detecting BEC-attacks is a complex analysis of email headers, content analysis, and authors writing-style analysis with machine learning algorithms. BEC-attacks detection method is proposed based on the above-mentioned analysis and its decomposed functional model is presented. A feature space includes writing-style features (words 3-grams); day of the week and time of sending the email; email’s urgency features; email headers features. To evaluate the BEC-attacks detection accuracy, the experiments on datasets, containing emails in Russian and English, were carried out. The experiments showed that the best accuracy is achieved with word n-grams and LSVC with a feature scaling method for emails in Russian and English.
The research is supported by the grant of RSF 21-71-20078 in SPC RAS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec Corporation, Internet security threat report. https://docs.broadcom.com/docs/istr-21-2016-en. Accessed 21 July 2021
Business email compromise (BEC) attacks moving to mobile. http://www.wpcentral.com/ie9-windows-phone-7-adobe-flash-demos-and-development-videos. Accessed 21 July 2021
Encyclopedia by Kaspersky, Business email compromise (BEC-SCAM). https://encyclopedia.kaspersky.ru/glossary/bec. Accessed 21 July 2021
Discovery of European subsidiary being subject of fraud. https://www.toyota-boshoku.com/global/content/wp-content/uploads/190906e.pdf. Accessed 21 July 2021
FBI Warns Companies to Be Vigilant as COVID-19-Themed BEC Scams Continue to Grow. https://www.jdsupra.com/legalnews/fbi-warns-companies-to-be-vigilant-as-53073. Accessed 21 July 2021
Kitana, A., Traore, I., Woungang, I.: Towards an epidemic SMS-based cellular botnet. J. Internet Serv. Inf. Secur. 10(4), 38–58 (2020)
Huang, D.Y., et al.: Tracking ransomware end-to-end. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 618–631. IEEE (2018)
Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages (2010)
Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5(2), 32–39 (2007)
Johnson, C., Khadka, B., Basnet, R.B., Doleck, T.: Towards detecting and classifying malicious URLs using deep learning. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(4), 31–48 (2020)
Lemay, D.J., Basnet, R.B., Doleck, T.: Examining the relationship between threat and coping appraisal in phishing detection among college students. J. Internet Serv. Inf. Secur. 10(1), 38–49 (2020)
Duman, S., Kalkan-Cakmakci, K., Egele, M., Robertson, W., Kirda, E.: Email-profiler: spearphishing filtering with header and stylometric features of emails. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMP-SAC), vol. 1, pp. 408–416. IEEE (2016)
Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5
Gascon, H., Ullrich, S., Stritter, B., Rieck, K.: Reading between the lines: content-agnostic detection of spear-phishing emails. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 69–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_4
Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing in enterprise settings. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 469–485 (2017)
Cidon, A., Gavish, L., Bleier, I., Korshun, N., Schweighauser, M., Tsitkin, A.: High precision detection of business email compromise. In: 28th USENIXSecurity Symposium (USENIXSecurity 19), pp. 1291–1307 (2019)
Business email compromise: attack that has no defense. https://habr.com/ru/company/trendmicro/blog/460941. Accessed 21 July 2021
Kurematsu, M., Yamazaki, R., Ogasawara, R., Hakura, J., Fujita, H.: A study of email author identification using machine learning for business email compromise. In: Fujita, H., Selamat, A. (eds.) Advancing Technology Industrialization Through Intelligent Software Methodologies, Tools and Techniques - Proceedings of the 18th International Conference on New Trends in Intelligent Software Methodologies, Tools and Techniques (SoMeT 19), vol. 318, pp. 205–216. IOS Press (2019)
Aviv, S., Levy, Y., Wang, L., Geri, N.: An expert assessment of corporate professional users to measure business email compromise detection skills and develop a knowledge and awareness training program. In: Proceedings of the 14th Pre-ICIS Workshop on Information Security and Privacy, Munich, Germany, vol. 15 (2019)
Corney, M.W., Anderson, A.M., Mohay, G.M., de Vel, O.: Identifying the authors of suspect email (2001)
De Vel, O., Anderson, A., Corney, M., Mohay, G.: Mining e-mail content for author identification forensics. ACM SIGMOD Rec. 30(4), 55–64 (2001)
Zheng, R., Li, J., Chen, H., Huang, Z.: A framework for authorship identification of online messages: writing-style features and classification techniques. J. Am. Soc. Inform. Sci. Technol. 57(3), 378–393 (2006)
Afroz, S., Brennan, M., Greenstadt, R.: Detecting hoaxes, frauds, and deception in writing style online. In: 2012 IEEE Symposium on Security and Privacy, pp. 461–475. IEEE (2012)
Afroz, S., Islam, A.C., Stolerman, A., Greenstadt, R., McCoy, D.: Doppelganger finder: taking stylometry to the underground. In: 2014 IEEE Symposium on Security and Privacy, pp. 212–226. IEEE (2014)
Abbasi, A., Chen, H.: Writeprints: a stylometric approach to identity-level identification and similarity detection in cyberspace. ACM Trans. Inf. Syst. (TOIS) 26(2), 1–29 (2008)
Luyckx, K., Daelemans, W.: Personae: a corpus for author and personality prediction from text. In: LREC (2008)
Stamatatos, E.: A survey of modern authorship attribution methods. J. Am. Soc. Inform. Sci. Technol. 60(3), 538–556 (2009)
Houvardas, J., Stamatatos, E.: N-gram feature selection for authorship identification. In: Euzenat, J., Domingue, J. (eds.) AIMSA 2006. LNCS (LNAI), vol. 4183, pp. 77–86. Springer, Heidelberg (2006). https://doi.org/10.1007/11861461_10
Vorobeva, A.: Anonymous website user identification based on combined feature set (writing-style and technical features). Sci. Tech. J. Inf. Technol. Mech. Opt. 89(1), 139–144 (2014)
Vorobeva, A.: Dynamic feature selection for web user identification on linguistic and stylistic features of online texts. Sci. Tech. J. Inf. Technol. Mech. Opt. 17, 117–128 (2017)
Romanov, A.: Methodology and software package for identifying the author of an unknown text. Extended abstract of candidate’s thesis, Tomsk State University of Control Systems and Radioelectronics (2010)
Vorobeva, A.: Technique of web-user identification based on stylistic and linguistic features of short online texts. Inf. Space 1, 127–130 (2017)
Kotenko, I.V., Saenko, I., Kushnerevich, A.: Parallel big data processing system for security monitoring in internet of things networks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 8(4), 60–74 (2017)
Kotenko, I.V., Saenko, I., Branitskiy, A.: Applying big data processing and machine learning methods for mobile internet of things security monitoring. J. Internet Serv. Inf. Secur. 8(3), 54–63 (2018)
Kholod, I., Shorov, A., Gorlatch, S.: Efficient distribution and processing of data for parallelizing data mining in mobile clouds. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(1), 2–17 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Vorobeva, A., Khisaeva, G., Zakoldaev, D., Kotenko, I. (2022). Detection of Business Email Compromise Attacks with Writing Style Analysis. In: You, I., Kim, H., Youn, TY., Palmieri, F., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2021. Communications in Computer and Information Science, vol 1544. Springer, Singapore. https://doi.org/10.1007/978-981-16-9576-6_18
Download citation
DOI: https://doi.org/10.1007/978-981-16-9576-6_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-9575-9
Online ISBN: 978-981-16-9576-6
eBook Packages: Computer ScienceComputer Science (R0)