Using Clustering Algorithms to Automatically Identify Phishing Campaigns

Attackers attempt to create successful phishing campaigns by sending out trustworthy-looking emails with a range of variations, such as adding the recipient name in the subject line or changing URLs in email body. These tactics are used to bypass filters and make it difficult for the information sys...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE access Ročník 11; s. 96502 - 96513
Hlavní autoři: Althobaiti, Kholoud, Wolters, Maria K., Alsufyani, Nawal, Vaniea, Kami
Médium: Journal Article
Jazyk:angličtina
Vydáno: Piscataway IEEE 2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Algorithms
Clustering
Clustering algorithms
Cybercrime
Electronic mail
Electronic mail systems
email clustering
Homogeneity
incident response handling
Phishing
phishing campaign
phishing clustering
Security
Servers
Uniform resource locators
ISSN:2169-3536, 2169-3536
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Attackers attempt to create successful phishing campaigns by sending out trustworthy-looking emails with a range of variations, such as adding the recipient name in the subject line or changing URLs in email body. These tactics are used to bypass filters and make it difficult for the information system teams to block all emails even when they are aware of an ongoing attack. Little is done about grouping emails into campaigns with the goal of better supporting staff who mitigate phishing using reported phishing. This paper explores the feasibility of using clustering algorithms to group emails into campaigns that IT staff would interpret as being similar. First, we applied Meanshift and DBSCAN algorithms with seven feature sets. Then, we evaluated the solutions with the Silhouette coefficient and homogeneity score and find that Mean Shift outperforms DBSCAN with email origin and URLs based features. We then run a user study to validate our clustering solution and find that clustering is a promising approach for campaign identification.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3310810