Skip to main content
SpringerLink
Log in

Dynamic Trackback Strategy for Email-Born Phishing Using Maximum Dependency Algorithm (MDA)

  • Conference paper
  • First Online:
Recent Advances on Soft Computing and Data Mining (SCDM 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 549))

Included in the following conference series:

Abstract

Generally, most strategy prefers to use fake tokens to detect phishing activity. However, using fake tokens is limited to static feature selection that needs to be pre-determined. In this paper, a tokenless trackback strategy for email-born phishing is presented, which makes the strategy dynamic. Initially, the selected features were tested on the trackback system to generate phishing profile using Maximum Dependency Algorithm (MDA). Phishing emails are split into group of phishers constructed by the MDA algorithm. Then, the forensic analysis is implemented to identify the type of phisher against already assumed group of attacker either single or collaborative attacker. The performance of the proposed strategy is tested on email-born phishing. The result shows that the dynamic strategy could be used for tracking and classifying the attacker.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Abawajy, J., Kelarev, A.: A multi-tier ensemble construction of classifiers for phishing email detection and filtering. Cyberspace Saf. Secur. 7672, 48–56 (2012)

    Article  Google Scholar 

  2. Fette, I., Sadeh, N., Tomasic, A.: Learning to detect phishing emails. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, p. 649 (2007)

    Google Scholar 

  3. Gajek, S., Sadeghi, A.-R.: A forensic framework for tracing phishers. In: Fischer-Hübner, S., Duquenoy, P., Zuccato, A., Martucci, L. (eds.) Privacy and Identity 2007. ITIFIP, vol. 262, pp. 23–35. Springer, Heidelberg (2008). doi:10.1007/978-0-387-79026-8_2

    Chapter  Google Scholar 

  4. Hamid, I.R.A., Abawajy, J., Kim, T.: Using feature selection and classification scheme for automating phishing email detection. Stud. Inf. Control 22(1), 61–70 (2013)

    Article  Google Scholar 

  5. Ma, L., Ofoghi, B., Watters, P., Brown, S.: Detecting phishing emails using hybrid features. In: Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, UIC-ATC 2009, pp. 493–497 (2009)

    Google Scholar 

  6. State of the Net 2010: Consumer Reports National Research Center (2010)

    Google Scholar 

  7. Yearwood, J., Mammadov, M., Webb, D.: Profiling phishing activity based on hyperlinks extracted from phishing emails. Soc. Netw. Anal. Min. 2(1), 5–16 (2012)

    Article  Google Scholar 

  8. Yearwood, J., Webb, D., Ma, L., Vamplew, P., Ofoghi, B., Kelarev, A.: Applying clustering and ensemble clustering approaches to phishing profiling. In: 8th Australasian Data Mining Conference, AusDM 2009, vol. 101, pp. 25–34 (2009)

    Google Scholar 

  9. Garera, S., Provos, N., Chew, M., Rubin, A.D.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 1–8 (2007)

    Google Scholar 

  10. Wong, M.W.: SPF overview. Linux J. 2004(120), 2 (2004)

    Google Scholar 

  11. Herawan, T., Deris, M.M., Abawajy, J.H.: A rough set approach for selecting clustering attribute. Knowl.-Based Syst. 23(3), 220–231 (2010)

    Article  Google Scholar 

  12. Herawan, T., Yanto, I.T.R., Mat Deris, M.: Rough set approach for categorical data clustering. In: Ślęzak, D., Kim, T.-h., Zhang, Y., Ma, J., Chung, K.-i. (eds.) DTA 2009. CCIS, vol. 64, pp. 179–186. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10583-8_21

    Chapter  Google Scholar 

  13. Hamid, I.R.A., Abawajy, J.: Hybrid feature selection for phishing email detection. In: Xiang, Y., Cuzzocrea, A., Hobbs, M., Zhou, W. (eds.) ICA3PP 2011. LNCS, vol. 7017, pp. 266–275. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24669-2_26

    Chapter  Google Scholar 

  14. Hamid, I.R.A., Abawajy, J.: Phishing email feature selection approach. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 916–921 (2011)

    Google Scholar 

  15. Chandrasekaran, M., Chinchani, R., Upadhyaya, S.: PHONEY: mimicking user response to detect phishing attacks. In: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2006, vol. 2006, pp. 668–769 (2006)

    Google Scholar 

  16. Li, S., Schmitz, R.: A novel anti-phishing framework based on honeypots. In: eCrime Researchers Summit, eCRIME 2009, pp. 1–13 (2009)

    Google Scholar 

  17. Hamid, I.R.A., Abawajy, J.H.: An approach for profiling phishing activities. Comput. Secur. 45, 27–41 (2014)

    Article  Google Scholar 

  18. Nazario, J.: Phishing corpus. http://monkey.org/~jose/wiki/doku.php

  19. Hamid, I.R.A., Abawajy, J.H.: Profiling phishing email based on clustering approach. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 628–635 (2013)

    Google Scholar 

  20. Yao, Y.Y.: Two views of the theory of rough sets in finite universes. Int. J. Approx. Reason. 15(4), 291–317 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  21. Yao, Y.Y.: Constructive and algebraic methods of the theory of rough sets. Inf. Sci. (Ny) 109(1–4), 21–47 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  22. Yao, Y.Y.: Information granulation and rough set approximation. Int. J. Intell. Syst. 16, 87–104 (2001)

    Article  MATH  Google Scholar 

Download references

Acknowledgement

The authors express appreciation to the University Tun Hussein Onn Malaysia (UTHM), Research and Innovation Fund (ORICC Fund), Short Term Grant Vot U653 and also supported by Gates IT Solution Sdn. Bhd. under its publication scheme.

Author information

Authors and Affiliations

  1. Faculty Computer Science and Information Technology, University Tun Hussein Onn, Parit Raja, Johor, Malaysia

    Isredza Rahmi A. Hamid, Noor Azah Samsudin, Aida Mustapha & Nureize Arbaiy

Authors
  1. Isredza Rahmi A. Hamid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Noor Azah Samsudin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aida Mustapha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nureize Arbaiy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Isredza Rahmi A. Hamid .

Editor information

Editors and Affiliations

  1. Department of Information System, University of Malaya, Kuala Lumpur, Malaysia

    Tutut Herawan

  2. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Rozaida Ghazali

  3. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Nazri Mohd Nawi

  4. Universiti Tun Hussein Onn Malaysia, Batu Pahat, Malaysia

    Mustafa Mat Deris

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hamid, I.R.A., Samsudin, N.A., Mustapha, A., Arbaiy, N. (2017). Dynamic Trackback Strategy for Email-Born Phishing Using Maximum Dependency Algorithm (MDA). In: Herawan, T., Ghazali, R., Nawi, N.M., Deris, M.M. (eds) Recent Advances on Soft Computing and Data Mining. SCDM 2016. Advances in Intelligent Systems and Computing, vol 549. Springer, Cham. https://doi.org/10.1007/978-3-319-51281-5_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51281-5_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51279-2

  • Online ISBN: 978-3-319-51281-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation