Spoofed Email Based Cyberattack Detection Using Machine Learning

IF 2.5 4区管理学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Information Systems Pub Date : 2023-10-20 DOI:10.1080/08874417.2023.2270452

Sanjeev Shukla, Manoj Misra, Gaurav Varshney

{"title":"Spoofed Email Based Cyberattack Detection Using Machine Learning","authors":"Sanjeev Shukla, Manoj Misra, Gaurav Varshney","doi":"10.1080/08874417.2023.2270452","DOIUrl":null,"url":null,"abstract":"ABSTRACTCyberattacks on e-mails are of different types, but the most pervasive and ubiquitous are spoofing attacks. Our approach uses memory forensics to extract e-mail headers from live memory to perform an e-mail header investigation to identify spoofing attacks. We have identified the research gaps and advanced our work to achieve better results. In this paper, we have made two significant improvements. First is URL validation module that uses a novel technique of checking each captured URL with an MX record and e-mail URL features. This scheme is fast, and reduces the total time from 35 sec to 27 sec. Second, spoofed e-mail detection is ameliorated by applying an ML model built using two novel e-mail header fields (BIMI and X-FraudScore) and four authentication header fields (SPF, DKIM, DMARC, and ARC). This enhances the spoofed e-mail detection accuracy from 96.15% to 97.57% with low false positives.KEYWORDS: Email spoofingemail attacksmemory forensicsemail forensicscyber-security Disclosure statementNo potential conflict of interest was reported by the author(s).Data availability statementThe datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request through email.","PeriodicalId":54855,"journal":{"name":"Journal of Computer Information Systems","volume":"6 12","pages":"0"},"PeriodicalIF":2.5000,"publicationDate":"2023-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/08874417.2023.2270452","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

ABSTRACTCyberattacks on e-mails are of different types, but the most pervasive and ubiquitous are spoofing attacks. Our approach uses memory forensics to extract e-mail headers from live memory to perform an e-mail header investigation to identify spoofing attacks. We have identified the research gaps and advanced our work to achieve better results. In this paper, we have made two significant improvements. First is URL validation module that uses a novel technique of checking each captured URL with an MX record and e-mail URL features. This scheme is fast, and reduces the total time from 35 sec to 27 sec. Second, spoofed e-mail detection is ameliorated by applying an ML model built using two novel e-mail header fields (BIMI and X-FraudScore) and four authentication header fields (SPF, DKIM, DMARC, and ARC). This enhances the spoofed e-mail detection accuracy from 96.15% to 97.57% with low false positives.KEYWORDS: Email spoofingemail attacksmemory forensicsemail forensicscyber-security Disclosure statementNo potential conflict of interest was reported by the author(s).Data availability statementThe datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request through email.

查看原文本刊更多论文

基于欺骗电子邮件的机器学习网络攻击检测

摘要针对电子邮件的网络攻击有多种类型，但最普遍和最普遍的是欺骗攻击。我们的方法使用内存取证从实时内存中提取电子邮件头，以执行电子邮件头调查以识别欺骗攻击。我们已经确定了研究差距，并推进了我们的工作，以取得更好的结果。在本文中，我们做了两个显著的改进。首先是URL验证模块，它使用一种新颖的技术，用MX记录和电子邮件URL特性检查每个捕获的URL。该方案速度快，将总时间从35秒减少到27秒。其次，通过使用两个新的电子邮件头字段(BIMI和X-FraudScore)和四个认证头字段(SPF, DKIM, DMARC和ARC)构建的ML模型，改进了欺骗电子邮件检测。这使得欺骗电子邮件的检测准确率从96.15%提高到97.57%，并且误报率低。关键词:电子邮件欺骗电子邮件攻击记忆取证电子邮件取证网络安全披露声明作者未报告潜在的利益冲突。数据可用性声明当前研究期间生成和/或分析的数据集可通过电子邮件从通讯作者处合理索取。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Information Systems COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

6.80

自引率

7.10%

发文量

审稿时长

>12 weeks

期刊介绍： The Journal of Computer Information Systems (JCIS) aims to publish manuscripts that explore information systems and technology research and thus develop computer information systems globally. We encourage manuscripts that cover the following topic areas: -Analytics, Business Intelligence, Decision Support Systems in Computer Information Systems - Mobile Technology, Mobile Applications - Human-Computer Interaction - Information and/or Technology Management, Organizational Behavior & Culture - Data Management, Data Mining, Database Design and Development - E-Commerce Technology and Issues in computer information systems - Computer systems enterprise architecture, enterprise resource planning - Ethical and Legal Issues of IT - Health Informatics - Information Assurance and Security--Cyber Security, Cyber Forensics - IT Project Management - Knowledge Management in computer information systems - Networks and/or Telecommunications - Systems Analysis, Design, and/or Implementation - Web Programming and Development - Curriculum Issues, Instructional Issues, Capstone Courses, Specialized Curriculum Accreditation - E-Learning Technologies, Analytics, Future