Towards a feature rich model for predicting spam emails containing malicious attachments and URLs

Khoi Nguyen Tran; Mamoun Alazab; Roderic Broadhurst

Towards a feature rich model for predicting spam emails containing malicious attachments and URLs

Khoi Nguyen Tran, Mamoun Alazab, Roderic Broadhurst

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

Abstract

Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.

Original language	English
Title of host publication	Data Mining and Analytics 2013
Subtitle of host publication	Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013
Editors	Peter Christen, Paul Kennedy, Lin Liu, Kok-Leong Ong, Andrew Stranieri, Yanchang Zhao
Publisher	Australian Computer Society
Pages	161-172
Number of pages	12
Volume	146
ISBN (Electronic)	9781921770166
Publication status	Published - 2013
Externally published	Yes
Event	Eleventh Australasian Data Mining Conference - Canberra, Australia Duration: 13 Nov 2013 → 15 Nov 2013 Conference number: 11th

Conference

Conference	Eleventh Australasian Data Mining Conference
Abbreviated title	AusDM'13
Country/Territory	Australia
City	Canberra
Period	13/11/13 → 15/11/13

Cite this

Tran, K. N., Alazab, M., & Broadhurst, R. (2013). Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. In P. Christen, P. Kennedy, L. Liu, K-L. Ong, A. Stranieri, & Y. Zhao (Eds.), Data Mining and Analytics 2013: Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013 (Vol. 146, pp. 161-172). Australian Computer Society.

Tran, Khoi Nguyen ; Alazab, Mamoun ; Broadhurst, Roderic. / Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. Data Mining and Analytics 2013: Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013. editor / Peter Christen ; Paul Kennedy ; Lin Liu ; Kok-Leong Ong ; Andrew Stranieri ; Yanchang Zhao. Vol. 146 Australian Computer Society, 2013. pp. 161-172

@inproceedings{22c2efde868d47f1ab2a07a829bd8747,

title = "Towards a feature rich model for predicting spam emails containing malicious attachments and URLs",

abstract = "Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.",

keywords = "Attachment, Email, Machine learning, Malicious, Spam, URL",

author = "Tran, {Khoi Nguyen} and Mamoun Alazab and Roderic Broadhurst",

year = "2013",

language = "English",

volume = "146",

pages = "161--172",

editor = "Peter Christen and Paul Kennedy and Lin Liu and Kok-Leong Ong and Andrew Stranieri and Yanchang Zhao",

booktitle = "Data Mining and Analytics 2013",

publisher = "Australian Computer Society",

address = "Australia",

note = "Eleventh Australasian Data Mining Conference, AusDM'13 ; Conference date: 13-11-2013 Through 15-11-2013",

}

Tran, KN, Alazab, M & Broadhurst, R 2013, Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. in P Christen, P Kennedy, L Liu, K-L Ong, A Stranieri & Y Zhao (eds), Data Mining and Analytics 2013: Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013. vol. 146, Australian Computer Society, pp. 161-172, Eleventh Australasian Data Mining Conference, Canberra, Australian Capital Territory, Australia, 13/11/13.

Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. / Tran, Khoi Nguyen; Alazab, Mamoun; Broadhurst, Roderic.
Data Mining and Analytics 2013: Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013. ed. / Peter Christen; Paul Kennedy; Lin Liu; Kok-Leong Ong; Andrew Stranieri; Yanchang Zhao. Vol. 146 Australian Computer Society, 2013. p. 161-172.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

TY - GEN

T1 - Towards a feature rich model for predicting spam emails containing malicious attachments and URLs

AU - Tran, Khoi Nguyen

AU - Alazab, Mamoun

AU - Broadhurst, Roderic

N1 - Conference code: 11th

PY - 2013

Y1 - 2013

N2 - Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.

AB - Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.

KW - Attachment

KW - Email

KW - Machine learning

KW - Malicious

KW - Spam

KW - URL

UR - http://www.scopus.com/inward/record.url?scp=84992596235&partnerID=8YFLogxK

M3 - Conference Paper published in Proceedings

AN - SCOPUS:84992596235

VL - 146

SP - 161

EP - 172

BT - Data Mining and Analytics 2013

A2 - Christen, Peter

A2 - Kennedy, Paul

A2 - Liu, Lin

A2 - Ong, Kok-Leong

A2 - Stranieri, Andrew

A2 - Zhao, Yanchang

PB - Australian Computer Society

T2 - Eleventh Australasian Data Mining Conference

Y2 - 13 November 2013 through 15 November 2013

ER -

Towards a feature rich model for predicting spam emails containing malicious attachments and URLs

Abstract

Conference

Other files and links

Fingerprint

Cite this