Deakin University
Browse

File(s) under permanent embargo

Profiling phishing emails based on hyperlink information

conference contribution
posted on 2010-10-28, 00:00 authored by John YearwoodJohn Yearwood, Musa MammadovMusa Mammadov, A Banerjee
In this paper, a novel method for profiling phishing activity from an analysis of phishing emails is proposed. Profiling is useful in determining the activity of an individual or a particular group of phishers. Work in the area of phishing is usually aimed at detection of phishing emails. In this paper, we concentrate on profiling as distinct from detection of phishing emails. We formulate the profiling problem as a multi-label classification problem using the hyperlinks in the phishing emails as features and structural properties of emails along with whois (i.e.DNS) information on hyperlinks as profile classes. Further, we generate profiles based on classifier predictions. Thus, classes become elements of profiles. We employ a boosting algorithm (AdaBoost) as well as SVM to generate multi-label class predictions on three different datasets created from hyperlink information in phishing emails. These predictions are further utilized to generate complete profiles of these emails. Results show that profiling can be done with quite high accuracy using hyperlink information. © 2010 Crown Copyright.

History

Pagination

120-127

Location

Odense, Denmark

Start date

2010-08-09

End date

2010-08-11

ISBN-13

9780769541389

Publication classification

EN.1 Other conference paper

Title of proceedings

Proceedings - 2010 International Conference on Advances in Social Network Analysis and Mining, ASONAM 2010

Publisher

IEEE

Place of publication

Piscataway, N.J.

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC