Towards a Feature Rich Model for Predicting Spam Emails containing Malicious Attachments and URLs

Khoi-Nguyen Tran, Mamoun Alazab, Roderic Broadhurst

    Research output: Contribution to conferencePaper

    Abstract

    Malicious content in spam emails is increasing in the form of attachments and URLs. Malicious attachments and URLs attempt to deliver software that can compromise the security of a computer. These malicious attachments also try to disguise their content to avoid virus scanners used by most email services to screen for such risks. Malicious URLs add another layer of disguise, where the email content tries to entice the recipient to click on a URL that links to a malicious Web site or downloads a malicious attachment. In this paper, based on two real world data sets we present our preliminary research on predicting the kind of spam email most likely to contain these highly dangerous spam emails. We propose a rich set of features for the content of emails to capture regularities in emails containing malicious content. We show these features can predict malicious attachments within an area under the precious recall curve (AUC-PR) up to 95.2%, and up to 68.1% for URLs. Our work can help reduce reliance on virus scanners and URL blacklists, which often do not update as quickly as the malicious content it attempts to identify. Such methods could reduce the many different resources now needed to identify malicious content.
    Original languageEnglish
    Publication statusPublished - 2013
    EventAustralasian Data Mining Conference (AusDM 2013) - Canberra Australia
    Duration: 1 Jan 2013 → …

    Conference

    ConferenceAustralasian Data Mining Conference (AusDM 2013)
    Period1/01/13 → …

    Fingerprint

    Dive into the research topics of 'Towards a Feature Rich Model for Predicting Spam Emails containing Malicious Attachments and URLs'. Together they form a unique fingerprint.

    Cite this