電子郵件最早是純文字(ASCII)的溝通媒介,發展至後來加入多媒體的附件,成為時下通訊方法之一。郵件往往是人類溝通的管道,但有心人士利用在惡意攻擊上。近年來,進階式持續性攻擊(Advanced Persistent Threat,APT) 盛行,全球金融上的損失高達數億元,駭客為了取得機密情報而研發出新型的攻擊手段:魚叉式網路釣魚,過去許多學者提出釣魚郵件的防範技術,卻不足以對抗魚叉式釣魚郵件。為了有效降低APT威脅,本研究主張模組化使用者過去的社群行為與往來郵件模式:加入社交特色判斷該名寄件者和收件者的相關程度,和單純藉助郵件特色做為判斷準確性部分提升,並分析該名寄件者和收件者的通訊行為,擷取郵件的歷程記錄(Log):分析標題(Subject)、夾帶檔案(Attachment)類型/尺寸,三種特性的對應關係,並基於三種特性建造通訊者慣用的行為模組,以餘弦相似性對受測信件做相似度偵測,來分類出惡意和正常信件。和以往的防釣魚信件的技術相比,能夠增加準確率及降低誤判率。
Email applications provide an efficient communication way between people for both personal and business purposes. Due to the convenience and popularity of email, hackers can use spear phishing techniques to trick the target users into revealing sensitive information by either clicking a malicious web site link or opening malicious attachments. In the past, many researchers proposed phishing prevention technologies, but they were not successful in fighting spear phishing emails. In order to reduce the threat of spear phishing, we propose a system, called SBModel, combining social feature and email behavioral patterns to detect spear phishing. Experimental results show that SBModel outperforms other approaches.