论文信息 - A Sender-Centric Approach to Detecting Phishing Emails

A Sender-Centric Approach to Detecting Phishing Emails

Email-based online phishing is a critical security threat on the Internet. Although phishers have great flexibility in manipulating both the content and structure of phishing emails, phishers have much less flexibility in completely concealing the sender information of a phishing message. Importantly, such sender information is often inconsistent with the target institution of a phishing email. Based on this observation, in this paper we advocate and develop a sender-centric approach to detecting phishing emails by focusing on the sender information of a message instead of the content or structure of the message. Our evaluation studies based on real-world email traces show that the sender-centric approach is a feasible and effective method in detecting phishing emails. For example, using an email trace containing both phishing and legitimate messages, we show that the sender-centric approach can detect 98.7% of phishing emails while correctly classifying all legitimate messages.

Zhenhai Duan | Fernando Sanchez | Fernando Sanchez | Z. Duan

[1] Meng Weng Wong,et al. Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1 , 2006, RFC.

[2] Anthony Widjaja,et al. Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond , 2003, IEEE Transactions on Neural Networks.

[3] Zhenhai Duan,et al. MDMap: Assisting Users in Identifying Phishing Emails , 2010 .

[4] Chih-Jen Lin,et al. LIBSVM: A library for support vector machines , 2011, TIST.

[5] Norman M. Sadeh,et al. Learning to detect phishing emails , 2007, WWW '07.

[6] Kurt Hornik,et al. Support Vector Machines in R , 2006 .

[7] Shabbir Ahmed,et al. Word Stemming to Enhance Spam Filtering , 2004, CEAS.

[8] Vladimir I. Levenshtein,et al. Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[9] Lorrie Faith Cranor,et al. Phinding Phish: An Evaluation of Anti-Phishing Toolbars , 2007, NDSS.

[10] John C. Klensin,et al. Simple Mail Transfer Protocol , 2001, RFC.

[11] Geoff Hulten,et al. Spamming botnets: signatures and characteristics , 2008, SIGCOMM '08.

[12] Gordon V. Cormack,et al. Spam and the ongoing battle for the inbox , 2007, CACM.