The tremendously growing problem of phishing e-mail, also known as spam including spear phishing or spam borne malware, has demanded a need for reliable intelligent anti-spam e-mail filters. This ...survey paper describes a focused literature survey of Artificial Intelligence (AI) and Machine Learning (ML) methods for intelligent spam email detection, which we believe can help in developing appropriate countermeasures. In this paper, we considered 4 parts in the email's structure that can be used for intelligent analysis: (A) Headers Provide Routing Information, contain mail transfer agents (MTA) that provide information like email and IP address of each sender and recipient of where the email originated and what stopovers, and final destination. (B) The SMTP Envelope, containing mail exchangers' identification, originating source and destination domains\users. (C) First part of SMTP Data, containing information like from, to, date, subject - appearing in most email clients (D) Second part of SMTP Data, containing email body including text content, and attachment. Based on the number the relevance of an emerging intelligent method, papers representing each method were identified, read, and summarized. Insightful findings, challenges and research problems are disclosed in this paper. This comprehensive survey paves the way for future research endeavors addressing theoretical and empirical aspects related to intelligent spam email detection.
•SNS phishing attack is one of social engineering attacks.•Formalized SNS phishing attack phases based on social engineering attack cycles.•Generated SNS phishing attack phase classifiers by using ...Text-CNN ML model.•Proposed an Intelligent Security Chatbot Assistant (ISCA) against the attack.•Constructed Telegram Chatbot by using Google Dialogflow and AWS server.
SNS phishing attack is one of the representative social engineering attacks exploiting humans’ emotions and trust and thus usually proceeds in multi-phases such that the attacker first forms an intimate bond with victims emotionally and then forces victims to conduct serious actions according to the attacker’s malicious intents. Meanwhile, according to our extensive survey, we observed that existing works on defending against SNS phishing attacks are inefficient in that they detect the attack mostly in the final stage of the attack or after the incident is reported. This is mainly because they neglect the characteristics of SNS phishing attacks following social engineering attack cycles. By this motivation, we first formalize SNS phishing attack phases based on the existing social engineering attack cycles and propose an Intelligent Chatbot Security Assistant (ICSA) that detects the progress phase of an SNS phishing attack by using Text-CNN-based attack phase classifiers and AI Chatbot technology. ICSA provides appropriate suggestions to victims and conducts necessary actions according to pre-defined defense produces designed by security experts. In addition, we implement ICSA as Telegram Chatbot by using Google Dialogflow and AWS (Amazon Web Services) server in the Telegram messenger. To validate our idea, we conduct extensive experiments to show our Telegram Chatbot works properly in real-time according to its design purpose and also we compare two representative ML models (Text-CNN and LSTM) in terms of the training and test accuracy to show why we choose the Text-CNN model to generate attack phase classifiers.
The existing anti-phishing approaches use the blacklist methods or features based machine learning techniques. Blacklist methods fail to detect new phishing attacks and produce high false positive ...rate. Moreover, existing machine learning based methods extract features from the third party, search engine, etc. Therefore, they are complicated, slow in nature, and not fit for the real-time environment. To solve this problem, this paper presents a machine learning based novel anti-phishing approach that extracts the features from client side only. We have examined the various attributes of the phishing and legitimate websites in depth and identified nineteen outstanding features to distinguish phishing websites from legitimate ones. These nineteen features are extracted from the URL and source code of the website and do not depend on any third party, which makes the proposed approach fast, reliable, and intelligent. Compared to other methods, the proposed approach has relatively high accuracy in detection of phishing websites as it achieved 99.39% true positive rate and 99.09% of overall detection accuracy.
This paper presents a novel approach that can detect phishing attack by analysing the hyperlinks found in the HTML source code of the website. The proposed approach incorporates various new ...outstanding hyperlink specific features to detect phishing attack. The proposed approach has divided the hyperlink specific features into 12 different categories and used these features to train the machine learning algorithms. We have evaluated the performance of our proposed phishing detection approach on various classification algorithms using the phishing and non-phishing websites dataset. The proposed approach is an entirely client-side solution, and does not require any services from the third party. Moreover, the proposed approach is language independent and it can detect the website written in any textual language. Compared to other methods, the proposed approach has relatively high accuracy in detection of phishing websites as it achieved more than 98.4% accuracy on logistic regression classifier.
Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and ...training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals' behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.
In recent years, phishing email-mediated attacks are proliferating. When victims are enterprise employees, internal security of the enterprise systems will also be threatened. Currently, blockchain ...technology can effectively improve the security and privacy of traditional email, but attacks initiated from within are still fatal. Therefore, we propose a double-layer detection framework in this paper. Firstly, from the perspective of individual security, Long Short-Term Memory (LSTM) and extreme gradient boosting tree (XGBoost) are used to build a phishing email detection model. The model generalization ability and precision rate are improved by adding a custom loss function in the training process. Then, from the perspective of group security, Bidirectional LSTM and Attention mechanism are used to build an insider threat detection model. Our model has better results for multi-domain time series and anomaly detection in comparison to different models and existing insider threat detection models. We test the effectiveness of the proposed framework through real phishing email cases and insider threat attack events on our simulation verification platform. The experimental results demonstrate that our proposed framework can protect enterprise systems from phishing attacks and insider threats. We also point out that this framework can be applied to mitigate the increasingly serious blockchain security threats.
Throughout the past few years, phishing attacks have become an increasingly substantial problem for individuals and organizations. In this non-technical attack, the victim is deceived into accessing ...a malicious URL that downloads a malicious program to access the network or redirects the victim to a page that requests sensitive information. The literature is filled with many research proposals to mitigate this problem however, the dynamic nature and the creativity of the attacker have made it difficult and reoccurring. In this paper, we proposed to use novel deep learning techniques, namely the Temporal convolutional network (TCN) with word embedding, to detect phishing URLs. As a result of our experiments, we found that our model can detect phishing URLs with 98.95% accuracy, 98% precision, 98% recall, and 98% f1-score. This result indicates that our model is effective against phishing attacks.