Malicious Spam Emails Developments and Authorship Attribution
-
Altmetric Citations
Alazab, Mamoun; Layton, Robert; Broadhurst, Roderic; Bouhours, Brigitte
Description
The Internet is a decentralized structure that offers speedy communication, has a global reach and provides anonymity, a characteristic invaluable for committing illegal activities. In parallel with the spread of the Internet, cybercrime has rapidly evolved from a relatively low volume crime to a common high volume crime. A typical example of such a crime is the spreading of spam emails, where the content of the email tries to entice the recipient to click a URL linking to a malicious Web site...[Show more]
dc.contributor.author | Alazab, Mamoun | |
---|---|---|
dc.contributor.author | Layton, Robert | |
dc.contributor.author | Broadhurst, Roderic | |
dc.contributor.author | Bouhours, Brigitte | |
dc.coverage.spatial | Sydney Australia | |
dc.date.accessioned | 2015-12-07T22:52:36Z | |
dc.date.created | November 2013 | |
dc.identifier.isbn | 9781479930753 | |
dc.identifier.uri | http://hdl.handle.net/1885/27493 | |
dc.description.abstract | The Internet is a decentralized structure that offers speedy communication, has a global reach and provides anonymity, a characteristic invaluable for committing illegal activities. In parallel with the spread of the Internet, cybercrime has rapidly evolved from a relatively low volume crime to a common high volume crime. A typical example of such a crime is the spreading of spam emails, where the content of the email tries to entice the recipient to click a URL linking to a malicious Web site or downloading a malicious attachment. Analysts attempting to provide intelligence on spam activities quickly find that the volume of spam circulating daily is overwhelming; therefore, any intelligence gathered is representative of only a small sample, not of the global picture. While past studies have looked at automating some of these analyses using topic-based models, i.e. separating email clusters into groups with similar topics, our preliminary research investigates the usefulness of applying authorship-based models for this purpose. In the first phase, we clustered a set of spam emails using an authorship-based clustering algorithm. In the second phase, we analysed those clusters using a set of linguistic, structural and syntactic features. These analyses reveal that emails within each cluster were likely written by the same author, but that it is unlikely we have managed to group together all spam produced by each group. This problem of high purity with low recall, has been faced in past authorship research. While it is also a limitation of our research, the clusters themselves are still useful for the purposes of automating analysis, because they reduce the work needing to be performed. Our second phase revealed useful information on the group that can be utilized in future research for further analysis of such groups, for example, identifying further linkages behind spam campaigns. | |
dc.description.sponsorship | The research is funded by an ARC Discovery Grant on the Evolution of Cybercrime (DP 1096833), the Australian Institute of Criminology (Grant CRG 13/12-13), ARC Centre of Excellence in Policing and Security (CEPS). We also thank the Australian Communications and Media Authority (ACMA) and the Computer Emergency Response Team (CERT) Australia for their assistance in the provision of data and support. | |
dc.publisher | IEEE | |
dc.relation.ispartofseries | 4th Cybercrime and Trustworthy Computing Workshop (CTC-2013) | |
dc.source | Malicious Spam Emails Developments and Authorship Attribution | |
dc.title | Malicious Spam Emails Developments and Authorship Attribution | |
dc.type | Conference paper | |
local.description.notes | Imported from ARIES | |
local.description.refereed | Yes | |
dc.date.issued | 2013 | |
local.identifier.absfor | 160201 - Causes and Prevention of Crime | |
local.identifier.absfor | 160299 - Criminology not elsewhere classified | |
local.identifier.absfor | 080303 - Computer System Security | |
local.identifier.ariespublication | u5264698xPUB51 | |
local.type.status | Published Version | |
local.contributor.affiliation | Alazab, Mamoun, College of Asia and the Pacific, ANU | |
local.contributor.affiliation | Layton, Robert, University of Ballarat | |
local.contributor.affiliation | Broadhurst, Roderic, College of Asia and the Pacific, ANU | |
local.contributor.affiliation | Bouhours, Brigitte, College of Asia and the Pacific, ANU | |
local.description.embargo | 2037-12-31 | |
local.identifier.doi | 10.1109/CTC.2013.16 | |
local.identifier.absseo | 940402 - Crime Prevention | |
local.identifier.absseo | 810107 - National Security | |
local.identifier.absseo | 970108 - Expanding Knowledge in the Information and Computing Sciences | |
dc.date.updated | 2015-12-07T12:31:15Z | |
local.identifier.scopusID | 2-s2.0-84898024146 | |
local.identifier.thomsonID | 000349789400009 | |
Collections | ANU Research Publications |
Download
File | Description | Size | Format | Image |
---|---|---|---|---|
01_Alazab_Malicious_Spam_Emails_2013.pdf | 320.62 kB | Adobe PDF | Request a copy |
Items in Open Research are protected by copyright, with all rights reserved, unless otherwise indicated.
Updated: 17 November 2022/ Responsible Officer: University Librarian/ Page Contact: Library Systems & Web Coordinator