Abstract
Generally, most strategy prefers to use fake tokens to detect phishing activity. However, using fake tokens is limited to static feature selection that needs to be pre-determined. In this paper, a tokenless trackback strategy for email-born phishing is presented, which makes the strategy dynamic. Initially, the selected features were tested on the trackback system to generate phishing profile using Maximum Dependency Algorithm (MDA). Phishing emails are split into group of phishers constructed by the MDA algorithm. Then, the forensic analysis is implemented to identify the type of phisher against already assumed group of attacker either single or collaborative attacker. The performance of the proposed strategy is tested on email-born phishing. The result shows that the dynamic strategy could be used for tracking and classifying the attacker.
Keywords
This is a preview of subscription content, log in via an institution.
References
Abawajy, J., Kelarev, A.: A multi-tier ensemble construction of classifiers for phishing email detection and filtering. Cyberspace Saf. Secur. 7672, 48–56 (2012)
Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, p. 649 (2007)
Gajek, S., Sadeghi, A.-R.: A forensic framework for tracing phishers. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds.) Privacy and Identity 2007. ITIFIP, vol. 262, pp. 23–35. Springer, Heidelberg (2008). doi:10.1007/978-0-387-79026-8_2
Hamid, I.R.A., Abawajy, J., Kim, T.: Using feature selection and classification scheme for automating phishing email detection. Stud. Inf. Control 22(1), 61–70 (2013)
Ma, L., Ofoghi, B., Watters, P., Brown, S.: Detecting phishing emails using hybrid features. In: Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, UIC-ATC 2009, pp. 493–497 (2009)
State of the Net 2010: Consumer Reports National Research Center (2010)
Yearwood, J., Mammadov, M., Webb, D.: Profiling phishing activity based on hyperlinks extracted from phishing emails. Soc. Netw. Anal. Min. 2(1), 5–16 (2012)
Yearwood, J., Webb, D., Ma, L., Vamplew, P., Ofoghi, B., Kelarev, A.: Applying clustering and ensemble clustering approaches to phishing profiling. In: 8th Australasian Data Mining Conference, AusDM 2009, vol. 101, pp. 25–34 (2009)
Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 1–8 (2007)
Wong, M.W.: SPF overview. Linux J. 2004(120), 2 (2004)
Herawan, T., Deris, M.M., Abawajy, J.H.: A rough set approach for selecting clustering attribute. Knowl.-Based Syst. 23(3), 220–231 (2010)
Herawan, T., Yanto, I.T.R., Mat Deris, M.: Rough set approach for categorical data clustering. In: Ślęzak, D., Kim, T.-h., Zhang, Y., Ma, J., Chung, K.-i. (eds.) DTA 2009. CCIS, vol. 64, pp. 179–186. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10583-8_21
Hamid, I.R.A., Abawajy, J.: Hybrid feature selection for phishing email detection. In: Xiang, Y., Cuzzocrea, A., Hobbs, M., Zhou, W. (eds.) ICA3PP 2011. LNCS, vol. 7017, pp. 266–275. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24669-2_26
Hamid, I.R.A., Abawajy, J.: Phishing email feature selection approach. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 916–921 (2011)
Chandrasekaran, M., Chinchani, R., Upadhyaya, S.: PHONEY: mimicking user response to detect phishing attacks. In: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2006, vol. 2006, pp. 668–769 (2006)
Li, S., Schmitz, R.: A novel anti-phishing framework based on honeypots. In: eCrime Researchers Summit, eCRIME 2009, pp. 1–13 (2009)
Hamid, I.R.A., Abawajy, J.H.: An approach for profiling phishing activities. Comput. Secur. 45, 27–41 (2014)
Nazario, J.: Phishing corpus. http://monkey.org/~jose/wiki/doku.php
Hamid, I.R.A., Abawajy, J.H.: Profiling phishing email based on clustering approach. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 628–635 (2013)
Yao, Y.Y.: Two views of the theory of rough sets in finite universes. Int. J. Approx. Reason. 15(4), 291–317 (1996)
Yao, Y.Y.: Constructive and algebraic methods of the theory of rough sets. Inf. Sci. (Ny) 109(1–4), 21–47 (1998)
Yao, Y.Y.: Information granulation and rough set approximation. Int. J. Intell. Syst. 16, 87–104 (2001)
Acknowledgement
The authors express appreciation to the University Tun Hussein Onn Malaysia (UTHM), Research and Innovation Fund (ORICC Fund), Short Term Grant Vot U653 and also supported by Gates IT Solution Sdn. Bhd. under its publication scheme.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hamid, I.R.A., Samsudin, N.A., Mustapha, A., Arbaiy, N. (2017). Dynamic Trackback Strategy for Email-Born Phishing Using Maximum Dependency Algorithm (MDA). In: Herawan, T., Ghazali, R., Nawi, N.M., Deris, M.M. (eds) Recent Advances on Soft Computing and Data Mining. SCDM 2016. Advances in Intelligent Systems and Computing, vol 549. Springer, Cham. https://doi.org/10.1007/978-3-319-51281-5_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-51281-5_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51279-2
Online ISBN: 978-3-319-51281-5
eBook Packages: EngineeringEngineering (R0)