Abstract:
In today\'s email dependent world, cyber criminals often target organizations using a variety of social engineering techniques and specially crafted malicious emails. When successful, such attacks can result in significant harm to physical and digital systems and assets, the leakage of sensitive information, reputation damage, and financial loss. Despite the plethora of studies on the detection of phishing attacks and malicious links in emails, there are no solutions capable of effectively, quickly, and accurately coping with more complex email-based attacks, such as malicious email attachments. This paper presents the first fully automated malicious email detection framework using deep ensemble learning to analyze all email segments (body, header, and attachments); this eliminates the need for human expert intervention for feature engineering. In this paper, we also demonstrate how an ensemble framework of deep learning classifiers each of which are trained on specific portions of an email (thereby independently utilizing the entire email) can generalize better than popular email analysis methods that analyze just a specific portion of the email for analysis. The proposed framework is evaluated comprehensively and with an AUC of 0.993, the proposed framework\'s results surpass state-of-the-art malicious email detection methods, including human expert feature-based machine learning models by a TPR of 5%.
摘要:
在当今依赖电子邮件的世界中,网络犯罪分子经常使用各种社会工程技术和特制的恶意电子邮件瞄准组织。当成功时,此类攻击可能会对物理和数字系统及资产造成重大损害,敏感信息的泄露,名誉受损,和财务损失。尽管关于检测网络钓鱼攻击和电子邮件中的恶意链接的研究很多,没有解决方案能够有效地,快,并准确应对更复杂的基于电子邮件的攻击,例如恶意电子邮件附件。本文提出了第一个完全自动化的恶意电子邮件检测框架,该框架使用深度集成学习来分析所有电子邮件段(正文、标头,和附件);这消除了对特征工程的人类专家干预的需要。在本文中,我们还演示了深度学习分类器的集成框架,每个分类器都在电子邮件的特定部分进行训练(从而独立利用整个电子邮件)可以比流行的电子邮件分析方法更好地概括,这些方法仅分析电子邮件的特定部分进行分析。对所提出的框架进行了全面评估,AUC为0.993,所提出的框架的结果超过了最先进的恶意电子邮件检测方法,包括基于人类专家特征的机器学习模型,TPR为5%。
