Improving Filtering of Email Phishing Attacks by Using Three-Way Text Classifiers

• Main Author: Trevino, Alberto
• Format: Others
• Published: BYU ScholarsArchive 2012
• Subjects: email; spam filtering; phish; phishing attacks; support vector machines; maximum entropy; naive bayes; bayesian filters; Information Security
• Online Access: https://scholarsarchive.byu.edu/etd/3103; https://scholarsarchive.byu.edu/cgi/viewcontent.cgi?article=4102&context=etd

The Internet has been plagued with endless spam for over 15 years. However, in the last five years spam has morphed from an annoying advertising tool to a social engineering attack vector. Much of today's unwanted email tries to deceive users into replying with passwords, bank account information, or to visit malicious sites which steal login credentials and spread malware. These email-based attacks are known as phishing attacks. Much has been published about these attacks which try to appear real not only to users and subsequently, spam filters. Several sources indicate traditional content filters have a hard time detecting phishing attacks because the emails lack the traditional features and characteristics of spam messages. This thesis tests the hypothesis that by separating the messages into three categories (ham, spam and phish) content filters will yield better filtering performance. Even though experimentation showed three-way classification did not improve performance, several additional premises were tested, including the validity of the claim that phishing emails are too much like legitimate emails and the ability of Naive Bayes classifiers to properly classify emails.