Holmes: An Efficient and Lightweight Semantic Based Anomalous Email
Detector
- URL: http://arxiv.org/abs/2104.08044v1
- Date: Fri, 16 Apr 2021 11:42:10 GMT
- Title: Holmes: An Efficient and Lightweight Semantic Based Anomalous Email
Detector
- Authors: Peilun Wu, Shiyi Yang, Hui Guo
- Abstract summary: We present Holmes, an efficient and lightweight semantic based engine for anomalous email detection.
Based on our observations, we claim that, in an enterprise environment, there is a stable relation between senders and receivers, but suspicious emails are commonly from unusual sources.
We evaluate the performance of Holmes in a real-world enterprise environment, in which it sends and receives around 5,000 emails each day.
- Score: 1.926698798754349
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Email threat is a serious issue for enterprise security, which consists of
various malicious scenarios, such as phishing, fraud, blackmail and
malvertisement. Traditional anti-spam gateway commonly requires to maintain a
greylist to filter out unexpected emails based on suspicious vocabularies
existed in the mail subject and content. However, the signature-based approach
cannot effectively discover novel and unknown suspicious emails that utilize
various hot topics at present, such as COVID-19 and US election. To address the
problem, in this paper, we present Holmes, an efficient and lightweight
semantic based engine for anomalous email detection. Holmes can convert each
event log of email to a sentence through word embedding then extract
interesting items among them by novelty detection. Based on our observations,
we claim that, in an enterprise environment, there is a stable relation between
senders and receivers, but suspicious emails are commonly from unusual sources,
which can be detected through the rareness selection. We evaluate the
performance of Holmes in a real-world enterprise environment, in which it sends
and receives around 5,000 emails each day. As a result, Holmes can achieve a
high detection rate (output around 200 suspicious emails per day) and maintain
a low false alarm rate for anomaly detection.
Related papers
- Exploring Content Concealment in Email [0.48748194765816943]
Modern email filters, one of our few defence mechanisms against malicious emails, are often circumvented by sophisticated attackers.
This study focuses on how attackers exploit HTML and CSS in emails to conceal arbitrary content.
This concealed content remains undetected by the recipient, presenting a serious security risk.
arXiv Detail & Related papers (2024-10-15T01:12:47Z) - Different Victims, Same Layout: Email Visual Similarity Detection for Enhanced Email Protection [0.3683202928838613]
We propose an email visual similarity detection approach, named Pisco, to improve the detection capabilities of an email threat defense system.
Our results show that email kits are being reused extensively and visually similar emails are sent to our customers at various time intervals.
arXiv Detail & Related papers (2024-08-29T23:51:51Z) - ChatSpamDetector: Leveraging Large Language Models for Effective Phishing Email Detection [2.3999111269325266]
This study introduces ChatSpamDetector, a system that uses large language models (LLMs) to detect phishing emails.
By converting email data into a prompt suitable for LLM analysis, the system provides a highly accurate determination of whether an email is phishing or not.
We conducted an evaluation using a comprehensive phishing email dataset and compared our system to several LLMs and baseline systems.
arXiv Detail & Related papers (2024-02-28T06:28:15Z) - Prompted Contextual Vectors for Spear-Phishing Detection [45.07804966535239]
Spear-phishing attacks present a significant security challenge.
We propose a detection approach based on a novel document vectorization method.
Our method achieves a 91% F1 score in identifying LLM-generated spear-phishing emails.
arXiv Detail & Related papers (2024-02-13T09:12:55Z) - Protect Your Score: Contact Tracing With Differential Privacy Guarantees [68.53998103087508]
We argue that privacy concerns currently hold deployment back.
We propose a contact tracing algorithm with differential privacy guarantees against this attack.
Especially for realistic test scenarios, we achieve a two to ten-fold reduction in the infection rate of the virus.
arXiv Detail & Related papers (2023-12-18T11:16:33Z) - Anomaly Detection in Emails using Machine Learning and Header
Information [0.0]
Anomalies in emails such as phishing and spam present major security risks.
Previous studies on email anomaly detection relied on a single type of anomaly and the analysis of the email body and subject content.
This study conducted feature extraction and selection on email header datasets and leveraged both multi and one-class anomaly detection approaches.
arXiv Detail & Related papers (2022-03-19T23:31:23Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - Deep convolutional forest: a dynamic deep ensemble approach for spam
detection in text [219.15486286590016]
This paper introduces a dynamic deep ensemble model for spam detection that adjusts its complexity and extracts features automatically.
As a result, the model achieved high precision, recall, f1-score and accuracy of 98.38%.
arXiv Detail & Related papers (2021-10-10T17:19:37Z) - Robust Spammer Detection by Nash Reinforcement Learning [64.80986064630025]
We develop a minimax game where the spammers and spam detectors compete with each other on their practical goals.
We show that an optimization algorithm can reliably find an equilibrial detector that can robustly prevent spammers with any mixed spamming strategies from attaining their practical goal.
arXiv Detail & Related papers (2020-06-10T21:18:07Z) - Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
We propose to leverage user actions as a source of weak supervision to detect intents in emails.
We develop an end-to-end robust deep neural network model for email intent identification.
arXiv Detail & Related papers (2020-05-26T23:41:05Z) - DeepQuarantine for Suspicious Mail [0.0]
DeepQuarantine (DQ) is a cloud technology to detect and quarantine potential spam messages.
Most of the quarantined mail is spam, which allows clients to use email without delay.
arXiv Detail & Related papers (2020-01-13T11:32:58Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.