Detection Of Malicious Emails Using A Combination Of Behavior Based And Content Based Analysis

This book captures the state of the art research in the area of malicious code detection, prevention and mitigation. It contains cutting-edge behavior-based techniques to analyze and detect obfuscated malware. The book analyzes current trends in malware activity online, including botnets and malicious code for profit, and it proposes effective models for detection and prevention of attacks using. Furthermore, the book introduces novel techniques for creating services that protect their own integrity and safety, plus the data they manage.

This book includes high-quality research papers presented at the Fourth International Conference on Innovative Computing and Communication (ICICC 2021), which is held at the Shaheed Sukhdev College of Business Studies, University of Delhi, Delhi, India, on February 20–21, 2021. Introducing the innovative works of scientists, professors, research scholars, students and industrial experts in the field of computing and communication, the book promotes the transformation of fundamental research into institutional and industrialized research and the conversion of applied exploration into real-time applications.

Since the tragic events of September 11, 2001, academics have been called on for possible contributions to research relating to national (and possibly internat- nal) security. As one of the original founding mandates of the National Science Foundation, mid- to long-term national security research in the areas of inf- mation technologies, organizational studies, and security-related public policy is critically needed. In a way similar to how medical and biological research has faced signi?cant information overload and yet also tremendous opportunities for new inno- tion, law enforcement, criminal analysis, and intelligence communities are facing the same challenge. We believe, similar to “medical informatics” and “bioinf- matics,” that there is a pressing need to develop the science of “intelligence and security informatics” – the study of the use and development of advanced information technologies, systems, algorithms and databases for national se- rity related applications,through an integrated technological,organizational,and policy-based approach. We believe active “intelligence and security informatics” research will help improve knowledge discovery and dissemination and enhance information s- ring and collaboration across law enforcement communities and among aca- mics, local, state, and federal agencies, and industry. Many existing computer and information science techniques need to be reexamined and adapted for - tional security applications. New insights from this unique domain could result in signi?cant breakthroughs in new data mining, visualization, knowledge - nagement, and information security techniques and systems.

Although the use of data mining for security and malware detection is quickly on the rise, most books on the subject provide high-level theoretical discussions to the near exclusion of the practical aspects. Breaking the mold, Data Mining Tools for Malware Detection provides a step-by-step breakdown of how to develop data mining tools for malware d

E-mail is touted as the backbone of present day communication. Despite its convenience and importance, existing e-mail infrastructure is not devoid of problems. The underlying e-mail protocols operate on the assumption that users would not abuse the privilege of sending messages to each other. This weakness in design is consistently taken advantage by attackers to carry out social engineering and security exploits on day-to-day e-mail users. As a result, three prominent e-mail based threats have surfaced, viz. (i) spam; (ii) phishing; and (iii) information leak. While spam e-mail classification has received a lot of attention in the recent years, the other two threats still loom at large. The main goal of this dissertation is to design and develop efficient behavior based classification techniques that help to address each of these threats in an effective manner.^The first part of this dissertation attempts to tackle the problem of detecting phishing e-mails before they reach users' inboxes. To begin with, shortcomings of existing spam filters toward classifying phishing e-mails are highlighted. To overcome them, a customizable and usable spam filter (CUSP) that detects phishing e-mails from the absence of personalized user information contained in them is proposed. However, as solely relying on the presence of personalized information as the criteria to detect phishing e-mails is not entirely foolproof, a novel machine learning based classifier that separates phishing e-mails based on their underlying semantic behavior is proposed. Experimentation on real word phishing and financial e-mail datasets demonstrates that the proposed methodology can detect phishing e-mails with over 90% accuracy while keeping false positive rate minimum.^Also, feasibility of generating context-sensitive warnings that better educate the users about the ill-effects of phishing attacks is explored. Classification techniques that operate on features confined to the phishing e-mails' body can be thwarted by using simple obfuscation techniques, which substitute spurious content appearing in them with seemingly innocuous characters or images. To address such scenarios, the second part of this dissertation takes the classification process a step further to analyze the behavior and structural characteristics of Websites referred by URLs contained in e-mails. Specifically, a challenge-response based technique called PHONEY is proposed to detect phishing Websites based on their inability to distinguish fake and genuine inputs apart.^Experimental results based on evaluation on both ``live'' and `synthesized'' phishing Websites reveal that PHONEY can detect almost of all the e-mails that link to live phishing Websites with zero false positives and minimal computation overhead. In a similar vein, this dissertation proposes a novel technique to identify spam e-mails by analyzing the content of the linked-to Websites. A combination of textual and structural features extracted from the linked-to Websites is supplied as input to five machine learning algorithms employed for the purpose of classification. Testing on live spam feeds reveal that the proposed technique can detect spam e-mails with over 95% detection rate, thereby exhibiting better performance than two popular open source anti-spam filters. Information leaks pose significant risk to users' privacy.^An information leak could reveal users' browsing characteristics or sensitive material contained in their e-mail inboxes to attackers allowing them to launch more targeted social engineering attacks (e.g., spear phishing attacks). The third part of this dissertation focuses on addressing these two facets of information leaks, i.e., information leak triggered by spyware and user by detailing out the limitations with the state-of-the-art detection techniques. In order to bring out the deficiencies in existing anti-spyware techniques, first, a new class of intelligent spyware that efficiently blends in with user activities to evade detection is proposed. As a defensive countermeasure, this dissertation proposes a novel randomized honeytoken based methodology that can separate normal and spyware activities with near perfect accuracy.^Similarly, to detect inadvertent informational leaks caused by users sending misdirected e-mails to unintended recipient(s), this dissertation advances the existing bag-of-words based outlier detection techniques by using a set of stylometric and linguistic features that better encapsulate the previously exchanged e-mails between the sender and the recipient. Experimentation on real world e-mail corpus shows that the proposed technique detects over 78% of synthesized information leak outperforming other existing techniques. Another important point to be considered while devising specialized filters to address each of the e-mail based threat is the need to make them interoperable. For example, an e-mail supposedly sent from a financial domain, but having an URL referring to a domain blacklisted for spam is very likely a phishing e-mail. Identifying sources of attacks helps in developing attack agnostic solutions that block all sensitive communication from and to misbehaving nodes.^From this perspective, this dissertation explores the feasibility of building a holistic framework that not only operates in conjunction with intrusion detection systems (IDS) to block incoming and outgoing traffic from and to misbehaving nodes, but also safeguard the underlying e-mail infrastructure from zero-day attacks.

Clarifying the purpose and place of strategy in an information security program, this book explains how to select, develop, and deploy the security strategy best suited to your organization. It focuses on security strategy planning and execution to provide a comprehensive look at the structures and tools needed to build a security program that enables and enhances business processes. Divided into two parts, the first part considers business strategy and the second part details specific tactics that support the implementation of strategic planning initiatives, goals, and objectives.

In recent years, industries have transitioned into the digital realm, as companies and organizations are adopting certain forms of technology to assist in information storage and efficient methods of production. This dependence has significantly increased the risk of cyber crime and breaches in data security. Fortunately, research in the area of cyber security and information protection is flourishing; however, it is the responsibility of industry professionals to keep pace with the current trends within this field. The Handbook of Research on Cyber Crime and Information Privacy is a collection of innovative research on the modern methods of crime and misconduct within cyber space. It presents novel solutions to securing and preserving digital information through practical examples and case studies. While highlighting topics including virus detection, surveillance technology, and social networks, this book is ideally designed for cybersecurity professionals, researchers, developers, practitioners, programmers, computer scientists, academicians, security analysts, educators, and students seeking up-to-date research on advanced approaches and developments in cyber security and information protection.

Secure data science, which integrates cyber security and data science, is becoming one of the critical areas in both cyber security and data science. This is because the novel data science techniques being developed have applications in solving such cyber security problems as intrusion detection, malware analysis, and insider threat detection. However, the data science techniques being applied not only for cyber security but also for every application area—including healthcare, finance, manufacturing, and marketing—could be attacked by malware. Furthermore, due to the power of data science, it is now possible to infer highly private and sensitive information from public data, which could result in the violation of individual privacy. This is the first such book that provides a comprehensive overview of integrating both cyber security and data science and discusses both theory and practice in secure data science. After an overview of security and privacy for big data services as well as cloud computing, this book describes applications of data science for cyber security applications. It also discusses such applications of data science as malware analysis and insider threat detection. Then this book addresses trends in adversarial machine learning and provides solutions to the attacks on the data science techniques. In particular, it discusses some emerging trends in carrying out trustworthy analytics so that the analytics techniques can be secured against malicious attacks. Then it focuses on the privacy threats due to the collection of massive amounts of data and potential solutions. Following a discussion on the integration of services computing, including cloud-based services for secure data science, it looks at applications of secure data science to information sharing and social media. This book is a useful resource for researchers, software developers, educators, and managers who want to understand both the high level concepts and the technical details on the design and implementation of secure data science-based systems. It can also be used as a reference book for a graduate course in secure data science. Furthermore, this book provides numerous references that would be helpful for the reader to get more details about secure data science.