nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Detection of Business Email Compromise Attacks with Writing Style Analysis

verfasst von : Alisa Vorobeva, Guldar Khisaeva, Danil Zakoldaev, Igor Kotenko

Erschienen in: Mobile Internet Security

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Phishing scams have long been used to obtain sensitive information via email. Recently, scammers have increasingly been using spear-phishing and targeting corporate employees, this type of attack is called Business Email Compromise (BEC-attacks). BEC-attacks problem is highly relevant to mobile networks, as mobile users are much more vulnerable to such types of attacks than regular users. The main methods of detecting BEC-attacks are considered and their comparative analysis is made. It is demonstrated that the most promising approach for detecting BEC-attacks is a complex analysis of email headers, content analysis, and authors writing-style analysis with machine learning algorithms. BEC-attacks detection method is proposed based on the above-mentioned analysis and its decomposed functional model is presented. A feature space includes writing-style features (words 3-grams); day of the week and time of sending the email; email’s urgency features; email headers features. To evaluate the BEC-attacks detection accuracy, the experiments on datasets, containing emails in Russian and English, were carried out. The experiments showed that the best accuracy is achieved with word n-grams and LSVC with a feature scaling method for emails in Russian and English.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Fingerprint Defender: Defense Against Browser-Based User Tracking

Nächstes Kapitel A Systematic Literature Review on the Mobile Malware Detection Methods

Symantec Corporation, Internet security threat report. https://docs.broadcom.com/docs/istr-21-2016-en. Accessed 21 July 2021

Business email compromise (BEC) attacks moving to mobile. http://www.wpcentral.com/ie9-windows-phone-7-adobe-flash-demos-and-development-videos. Accessed 21 July 2021

Encyclopedia by Kaspersky, Business email compromise (BEC-SCAM). https://encyclopedia.kaspersky.ru/glossary/bec. Accessed 21 July 2021

Discovery of European subsidiary being subject of fraud. https://www.toyota-boshoku.com/global/content/wp-content/uploads/190906e.pdf. Accessed 21 July 2021

FBI Warns Companies to Be Vigilant as COVID-19-Themed BEC Scams Continue to Grow. https://www.jdsupra.com/legalnews/fbi-warns-companies-to-be-vigilant-as-53073. Accessed 21 July 2021

Kitana, A., Traore, I., Woungang, I.: Towards an epidemic SMS-based cellular botnet. J. Internet Serv. Inf. Secur. 10(4), 38–58 (2020)

Huang, D.Y., et al.: Tracking ransomware end-to-end. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 618–631. IEEE (2018)

Whittaker, C., Ryner, B., Nazif, M.: Large-scale automatic classification of phishing pages (2010)

Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5(2), 32–39 (2007)CrossRef

10.

Johnson, C., Khadka, B., Basnet, R.B., Doleck, T.: Towards detecting and classifying malicious URLs using deep learning. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(4), 31–48 (2020)

11.

Lemay, D.J., Basnet, R.B., Doleck, T.: Examining the relationship between threat and coping appraisal in phishing detection among college students. J. Internet Serv. Inf. Secur. 10(1), 38–49 (2020)

12.

Duman, S., Kalkan-Cakmakci, K., Egele, M., Robertson, W., Kirda, E.: Email-profiler: spearphishing filtering with header and stylometric features of emails. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMP-SAC), vol. 1, pp. 408–416. IEEE (2016)

13.

Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5CrossRef

14.

Gascon, H., Ullrich, S., Stritter, B., Rieck, K.: Reading between the lines: content-agnostic detection of spear-phishing emails. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 69–91. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_4CrossRef

15.

Ho, G., Sharma, A., Javed, M., Paxson, V., Wagner, D.: Detecting credential spearphishing in enterprise settings. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 469–485 (2017)

16.

Cidon, A., Gavish, L., Bleier, I., Korshun, N., Schweighauser, M., Tsitkin, A.: High precision detection of business email compromise. In: 28th USENIXSecurity Symposium (USENIXSecurity 19), pp. 1291–1307 (2019)

17.

Business email compromise: attack that has no defense. https://habr.com/ru/company/trendmicro/blog/460941. Accessed 21 July 2021

18.

Kurematsu, M., Yamazaki, R., Ogasawara, R., Hakura, J., Fujita, H.: A study of email author identification using machine learning for business email compromise. In: Fujita, H., Selamat, A. (eds.) Advancing Technology Industrialization Through Intelligent Software Methodologies, Tools and Techniques - Proceedings of the 18th International Conference on New Trends in Intelligent Software Methodologies, Tools and Techniques (SoMeT 19), vol. 318, pp. 205–216. IOS Press (2019)

19.

Aviv, S., Levy, Y., Wang, L., Geri, N.: An expert assessment of corporate professional users to measure business email compromise detection skills and develop a knowledge and awareness training program. In: Proceedings of the 14th Pre-ICIS Workshop on Information Security and Privacy, Munich, Germany, vol. 15 (2019)

20.

Corney, M.W., Anderson, A.M., Mohay, G.M., de Vel, O.: Identifying the authors of suspect email (2001)

21.

De Vel, O., Anderson, A., Corney, M., Mohay, G.: Mining e-mail content for author identification forensics. ACM SIGMOD Rec. 30(4), 55–64 (2001)CrossRef

22.

Zheng, R., Li, J., Chen, H., Huang, Z.: A framework for authorship identification of online messages: writing-style features and classification techniques. J. Am. Soc. Inform. Sci. Technol. 57(3), 378–393 (2006)CrossRef

23.

Afroz, S., Brennan, M., Greenstadt, R.: Detecting hoaxes, frauds, and deception in writing style online. In: 2012 IEEE Symposium on Security and Privacy, pp. 461–475. IEEE (2012)

24.

Afroz, S., Islam, A.C., Stolerman, A., Greenstadt, R., McCoy, D.: Doppelganger finder: taking stylometry to the underground. In: 2014 IEEE Symposium on Security and Privacy, pp. 212–226. IEEE (2014)

25.

Abbasi, A., Chen, H.: Writeprints: a stylometric approach to identity-level identification and similarity detection in cyberspace. ACM Trans. Inf. Syst. (TOIS) 26(2), 1–29 (2008)CrossRef

26.

Luyckx, K., Daelemans, W.: Personae: a corpus for author and personality prediction from text. In: LREC (2008)

27.

Stamatatos, E.: A survey of modern authorship attribution methods. J. Am. Soc. Inform. Sci. Technol. 60(3), 538–556 (2009)CrossRef

28.

Houvardas, J., Stamatatos, E.: N-gram feature selection for authorship identification. In: Euzenat, J., Domingue, J. (eds.) AIMSA 2006. LNCS (LNAI), vol. 4183, pp. 77–86. Springer, Heidelberg (2006). https://doi.org/10.1007/11861461_10CrossRef

29.

Vorobeva, A.: Anonymous website user identification based on combined feature set (writing-style and technical features). Sci. Tech. J. Inf. Technol. Mech. Opt. 89(1), 139–144 (2014)

30.

Vorobeva, A.: Dynamic feature selection for web user identification on linguistic and stylistic features of online texts. Sci. Tech. J. Inf. Technol. Mech. Opt. 17, 117–128 (2017)

31.

Romanov, A.: Methodology and software package for identifying the author of an unknown text. Extended abstract of candidate’s thesis, Tomsk State University of Control Systems and Radioelectronics (2010)

32.

Vorobeva, A.: Technique of web-user identification based on stylistic and linguistic features of short online texts. Inf. Space 1, 127–130 (2017)

33.

Kotenko, I.V., Saenko, I., Kushnerevich, A.: Parallel big data processing system for security monitoring in internet of things networks. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 8(4), 60–74 (2017)

34.

Kotenko, I.V., Saenko, I., Branitskiy, A.: Applying big data processing and machine learning methods for mobile internet of things security monitoring. J. Internet Serv. Inf. Secur. 8(3), 54–63 (2018)

35.

Kholod, I., Shorov, A., Gorlatch, S.: Efficient distribution and processing of data for parallelizing data mining in mobile clouds. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. 11(1), 2–17 (2020)

Titel: Detection of Business Email Compromise Attacks with Writing Style Analysis
verfasst von: Alisa Vorobeva
Guldar Khisaeva
Danil Zakoldaev
Igor Kotenko
Verlag: Springer Nature Singapore
Buch: Mobile Internet Security
Print ISBN: 978-981-16-9575-9

Electronic ISBN: 978-981-16-9576-6

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-981-16-9576-6_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner