File(s) under permanent embargo
Profiling phishing emails based on hyperlink information
conference contribution
posted on 2010-10-28, 00:00 authored by John YearwoodJohn Yearwood, Musa MammadovMusa Mammadov, A BanerjeeIn this paper, a novel method for profiling phishing activity from an analysis of phishing emails is proposed. Profiling is useful in determining the activity of an individual or a particular group of phishers. Work in the area of phishing is usually aimed at detection of phishing emails. In this paper, we concentrate on profiling as distinct from detection of phishing emails. We formulate the profiling problem as a multi-label classification problem using the hyperlinks in the phishing emails as features and structural properties of emails along with whois (i.e.DNS) information on hyperlinks as profile classes. Further, we generate profiles based on classifier predictions. Thus, classes become elements of profiles. We employ a boosting algorithm (AdaBoost) as well as SVM to generate multi-label class predictions on three different datasets created from hyperlink information in phishing emails. These predictions are further utilized to generate complete profiles of these emails. Results show that profiling can be done with quite high accuracy using hyperlink information. © 2010 Crown Copyright.
History
Pagination
120-127Location
Odense, DenmarkPublisher DOI
Start date
2010-08-09End date
2010-08-11ISBN-13
9780769541389Publication classification
EN.1 Other conference paperTitle of proceedings
Proceedings - 2010 International Conference on Advances in Social Network Analysis and Mining, ASONAM 2010Publisher
IEEEPlace of publication
Piscataway, N.J.Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC