What is it about?
Lateral Spear Phishing attack is a powerful class of social engineering attack carried out using compromised email account(s) within the target organization. Spear phishing attacks are difficult to detect due to the nature of these attacks. The inclusion of lateral attack vector makes detection more challenging. We present an approach to detect Lateral Spear Phishing attacks in organizations in real-time. Our approach uses features derived from domain knowledge and analysis of characteristics pertaining to such attacks, combined with our scoring technique which works on non-labelled dataset. We evaluate our approach on several years’ worth of real-world email dataset collected from volunteers in our institute. We were able to achieve false positive rate of below 1%, and also detected two instances of compromised accounts which were not known earlier. Comparison of our scoring technique with machine learning based anomaly detection techniques shows our technique to be more suited for practical use. The proposed approach is primarily aimed to complement existing detection techniques on email servers. However, we also developed a Chrome browser extension to demonstrate that such system can also be used independently by organizations within their network.
Featured Image
Why is it important?
Spear phishing attacks are difficult to detect due to the nature of these attacks. We present an approach to detect Lateral Spear Phishing attacks in organizations in real-time. Our approach uses features derived from domain knowledge and analysis of characteristics pertaining to such attacks, combined with our scoring technique which works on non-labelled dataset. We evaluate our approach on several years’ worth of real-world email dataset collected from volunteers in our institute. We were able to achieve false positive rate of below 1%, and also detected two instances of compromised accounts which were not known earlier. Comparison of our scoring technique with machine learning based anomaly detection techniques shows our technique to be more suited for practical use.
Perspectives
In this paper, we proposed a scoring technique to detect Lateral Spear Phishing emails using combination of various features. Our aim was to create a practical, deployable and real-time detection system for such attacks. We evaluated our scoring technique on 3.5 years’ worth of email dataset collected from 40 volunteers in our organization. The results show that the scoring technique achieved an accuracy of 98.79% and false positive rate of 0.88%. Also, we were able to detect 2 attack instances which were not known to us earlier.
Sunil Mane
College of Engineering Pune
Read the Original
This page is a summary of: Detecting Lateral Spear Phishing Attacks in Organizations, IET Information Security, December 2018, the Institution of Engineering and Technology (the IET),
DOI: 10.1049/iet-ifs.2018.5090.
You can read the full text:
Contributors
The following have contributed to this page
