Jan De Beer

New filtering approaches for phishing email

Phishing emails usually contain a message from a credible looking source requesting a user to click a link to a website where she/he is asked to enter a password or other confidential information. Most phishing emails aim at withdrawing money from financial institutions or getting access to private information. Phishing has increased enormously over the last years and is a serious threat to global security and economy. There are a number of possible countermeasures to phishing. These range from communication-oriented approaches like authentication protocols over blacklisting to content-based filtering approaches. We argue that the first two approaches are currently not broadly implemented or exhibit deficits. Therefore content-based phishing filters are necessary and widely used to increase communication security. A number of features are extracted capturing the content and structural properties of the email. Subsequently a statistical classifier is trained using these features on a training set of emails labeled as ham (legitimate), spam or phishing. This classifier may then be applied to an email stream to estimate the classes of new incoming emails. In this paper we describe a number of novel features that are particularly well-suited to identify phishing emails. These include statistical models for the low-dimensional descriptions of email topics, sequential analysis of email text and external links, the detection of embedded logos as well as indicators for hidden salting. Hidden salting is the intentional addition or distortion of content not perceivable by the reader. For empirical evaluation we have obtained a large realistic corpus of emails prelabeled as spam, phishing, and ham (legitimate). In experiments our methods outperform other published approaches for classifying phishing emails. We discuss the implications of these results for the practical application of this approach in the workflow of an email provider. Finally we describe a strategy how the filters may be updated and adapted to new types of phishing.

Rpref: a generalization of Bpref towards graded relevance judgments

We present rpref ; our generalization of the bpref evaluation metric for assessing the quality of search engine results, given graded rather than binary user relevance judgments.

Identifying and Resolving Hidden Text Salting

Hidden salting in digital media involves the intentional addition or distortion of content patterns with the purpose of content filtering. We propose a method to detect portions of a digital text source which are invisible to the end user, when they are rendered on a visual medium (like a computer monitor). The method consists of “tapping” into the rendering process and analyzing the rendering commands to identify portions of the source text (plaintext) which will be invisible for a human reader, using criteria based on text character and background colors, font size, overlapping characters, etc. Moreover, text deemed visible (covertext) is reconstructed from rendering commands and then the character reading order is identified, which could differ from the rendering order. The detection and resolution of hidden salting is evaluated on two e-mail corpora, and the effectiveness of this method in spam filtering task is assessed. We provide a solution to a relevant open problem in content filtering applications, namely the presence of tricks aimed at circumventing automatic filters.

A Comprehensive Assessment of Modern Information Retrieval Tools

Search tools or information retrieval tools play an important role in a wide range of information management, decision support and electronic commerce activities e.g., matching people and their products of interest on e-commerce sites, improving understanding of customer interactions, improving understanding of market research data, assisting police in obtaining knowledge from crime related unstructured data ([1]) etc. Information retrieval tools are especially important in global enterprises because of their vast amount of interconnected structured and unstructured data files available in multiple languages. With the increasing volume of information, stored in various formats and multiple languages, global enterprises throughout the world are gaining interests in powerful and reliable automated tools that turn data into useful, concise, accurate, and timely information and knowledge, and improve or assist them in information management and decision support activities. In spite of the importance of search tools in a wide variety of applications, the commercially available search tools are often poorly designed in terms of human computer interaction and also their search capabilities are limited by various factors ([2]). The problem of effective retrieval remains a challenge. These challenges ([3]) fuel academic and corporate endeavor at developing suitable tools for information exploitation. On the corporate front this constitutes a thriving business opportunity. Building and continuously adjusting these tools to fit the different and evolving customer needs requires

Anticipating Hidden Text Salting in Emails

Salting is the intentional addition or distortion of content, aimed to evade automatic filtering. Salting is usually found in spam emails. Salting can also be hidden in phishing emails, which aim to steal personal information from users. We present a novel method that detects hidden salting tricks as visual anomalies in text. We solely use these salting tricks to successfully classify emails as phishing (F-measure >90%).