Towards a feature rich model for predicting spam emails containing malicious attachments and URLs

Khoi Nguyen Tran, Mamoun Alazab, Roderic Broadhurst

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in Proceedings

Abstract

Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.

Original languageEnglish
Title of host publicationData Mining and Analytics 2013
Subtitle of host publicationProceedings of the 11th Australasian Data Mining Conference, AusDM 2013
EditorsPeter Christen, Paul Kennedy, Lin Liu, Kok-Leong Ong, Andrew Stranieri, Yanchang Zhao
PublisherAustralian Computer Society
Pages161-172
Number of pages12
Volume146
ISBN (Electronic)9781921770166
Publication statusPublished - 2013
Externally publishedYes
EventEleventh Australasian Data Mining Conference - Canberra, Australia
Duration: 13 Nov 201315 Nov 2013
Conference number: 11th

Conference

ConferenceEleventh Australasian Data Mining Conference
Abbreviated titleAusDM'13
CountryAustralia
CityCanberra
Period13/11/1315/11/13

Fingerprint Dive into the research topics of 'Towards a feature rich model for predicting spam emails containing malicious attachments and URLs'. Together they form a unique fingerprint.

  • Cite this

    Tran, K. N., Alazab, M., & Broadhurst, R. (2013). Towards a feature rich model for predicting spam emails containing malicious attachments and URLs. In P. Christen, P. Kennedy, L. Liu, K-L. Ong, A. Stranieri, & Y. Zhao (Eds.), Data Mining and Analytics 2013: Proceedings of the 11th Australasian Data Mining Conference, AusDM 2013 (Vol. 146, pp. 161-172). Australian Computer Society.