欺诈建模:以电子邮件钓鱼为例

Q3 Arts and Humanities
Abdullah Almoqbil, B. O'Connor, Rich Anderson, J. Shittu, Patrick McLeod
{"title":"欺诈建模:以电子邮件钓鱼为例","authors":"Abdullah Almoqbil, B. O'Connor, Rich Anderson, J. Shittu, Patrick McLeod","doi":"10.35492/docam/8/2/8","DOIUrl":null,"url":null,"abstract":"Information manipulation for deception continues to evolve at a remarkable rate. Artificial intelligence has greatly reduced the burden of combing through documents for evidence of manipulation; but it has also enabled the development of clever modes of deception. In this study, we modeled deception attacks by examining phishing emails that successfully evaded detection by the Microsoft 365 filtering system. The sample population selected for this study was the University of North Texas students, faculty, staff, alumni and retirees who maintain their university email accounts. The model explains why certain individuals and organizations are selected as targets, and identifies potential counter measures and counter attacks. Over a one-year period, 432 phishing emails with different features, characters, length, context and semantics successfully passed through Microsoft Office 365 filtering system. The targeted population ranged from 18 years old up to those of retirement age; ranged across educational levels from undergraduate through doctoral levels; and ranged across races. The unstructured data was preprocessed by filtering out duplicates to avoid overemphasizing a single attack. The term frequency-inverse document frequency (TF-IDF) and distribution of words over documents (topic modeling) were analyzed. Results show that staff and students were the main target audience, and the phishing email volume spiked in the summer and holiday season. The TF-IDF analysis showed that the phishing emails could be categorized under six categories: reward, urgency, job, entertainment, fear, and curiosity. Analysis showed that attackers use information gap theory to bait email recipients to open phishing emails with no subject line or very attractive subject line in about thirty percent of cases. Ambiguity remains the main stimulus used by phishing attackers, while the reinforcements used to misinform the targets range from positive reinforcements (prize, reward) to negative reinforcements (blackmail, potential consequences).","PeriodicalId":36214,"journal":{"name":"Proceedings from the Document Academy","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Modeling Deception: A Case Study of Email Phishing\",\"authors\":\"Abdullah Almoqbil, B. O'Connor, Rich Anderson, J. Shittu, Patrick McLeod\",\"doi\":\"10.35492/docam/8/2/8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information manipulation for deception continues to evolve at a remarkable rate. Artificial intelligence has greatly reduced the burden of combing through documents for evidence of manipulation; but it has also enabled the development of clever modes of deception. In this study, we modeled deception attacks by examining phishing emails that successfully evaded detection by the Microsoft 365 filtering system. The sample population selected for this study was the University of North Texas students, faculty, staff, alumni and retirees who maintain their university email accounts. The model explains why certain individuals and organizations are selected as targets, and identifies potential counter measures and counter attacks. Over a one-year period, 432 phishing emails with different features, characters, length, context and semantics successfully passed through Microsoft Office 365 filtering system. The targeted population ranged from 18 years old up to those of retirement age; ranged across educational levels from undergraduate through doctoral levels; and ranged across races. The unstructured data was preprocessed by filtering out duplicates to avoid overemphasizing a single attack. The term frequency-inverse document frequency (TF-IDF) and distribution of words over documents (topic modeling) were analyzed. Results show that staff and students were the main target audience, and the phishing email volume spiked in the summer and holiday season. The TF-IDF analysis showed that the phishing emails could be categorized under six categories: reward, urgency, job, entertainment, fear, and curiosity. Analysis showed that attackers use information gap theory to bait email recipients to open phishing emails with no subject line or very attractive subject line in about thirty percent of cases. Ambiguity remains the main stimulus used by phishing attackers, while the reinforcements used to misinform the targets range from positive reinforcements (prize, reward) to negative reinforcements (blackmail, potential consequences).\",\"PeriodicalId\":36214,\"journal\":{\"name\":\"Proceedings from the Document Academy\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Document Academy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.35492/docam/8/2/8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Arts and Humanities\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Document Academy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.35492/docam/8/2/8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Arts and Humanities","Score":null,"Total":0}
引用次数: 0

摘要

欺骗的信息操纵继续以惊人的速度发展。人工智能大大减轻了梳理文件以寻找操纵证据的负担;但它也使巧妙的欺骗方式得以发展。在这项研究中,我们通过检查成功躲过微软365过滤系统检测的钓鱼电子邮件来模拟欺骗攻击。本研究选择的样本人群是北德克萨斯大学的学生、教职员工、校友和退休人员,他们维护着自己的大学电子邮件账户。该模型解释了为什么某些个人和组织被选为目标,并确定了潜在的应对措施和反击。在一年的时间里,432封具有不同功能、字符、长度、上下文和语义的钓鱼电子邮件成功通过了Microsoft Office 365过滤系统。目标人群从18岁到退休年龄不等;从本科到博士的不同教育水平;并且分布在不同种族之间。非结构化数据通过过滤掉重复数据进行预处理,以避免过分强调单个攻击。分析了词频逆文档频率(TF-IDF)和词在文档中的分布(主题建模)。结果显示,员工和学生是主要目标受众,网络钓鱼电子邮件数量在夏季和假期激增。TF-IDF分析显示,钓鱼电子邮件可分为六类:奖励、紧迫感、工作、娱乐、恐惧和好奇心。分析表明,在大约30%的情况下,攻击者使用信息差距理论引诱电子邮件收件人打开没有主题行或主题行非常有吸引力的钓鱼电子邮件。歧义仍然是网络钓鱼攻击者使用的主要刺激因素,而用于误导目标的强化措施从正面强化(奖励、奖励)到负面强化(勒索、潜在后果)不等。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Modeling Deception: A Case Study of Email Phishing
Information manipulation for deception continues to evolve at a remarkable rate. Artificial intelligence has greatly reduced the burden of combing through documents for evidence of manipulation; but it has also enabled the development of clever modes of deception. In this study, we modeled deception attacks by examining phishing emails that successfully evaded detection by the Microsoft 365 filtering system. The sample population selected for this study was the University of North Texas students, faculty, staff, alumni and retirees who maintain their university email accounts. The model explains why certain individuals and organizations are selected as targets, and identifies potential counter measures and counter attacks. Over a one-year period, 432 phishing emails with different features, characters, length, context and semantics successfully passed through Microsoft Office 365 filtering system. The targeted population ranged from 18 years old up to those of retirement age; ranged across educational levels from undergraduate through doctoral levels; and ranged across races. The unstructured data was preprocessed by filtering out duplicates to avoid overemphasizing a single attack. The term frequency-inverse document frequency (TF-IDF) and distribution of words over documents (topic modeling) were analyzed. Results show that staff and students were the main target audience, and the phishing email volume spiked in the summer and holiday season. The TF-IDF analysis showed that the phishing emails could be categorized under six categories: reward, urgency, job, entertainment, fear, and curiosity. Analysis showed that attackers use information gap theory to bait email recipients to open phishing emails with no subject line or very attractive subject line in about thirty percent of cases. Ambiguity remains the main stimulus used by phishing attackers, while the reinforcements used to misinform the targets range from positive reinforcements (prize, reward) to negative reinforcements (blackmail, potential consequences).
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Proceedings from the Document Academy
Proceedings from the Document Academy Arts and Humanities-Conservation
CiteScore
0.10
自引率
0.00%
发文量
9
审稿时长
10 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信