Malicious Spam Emails Developments and Authorship Attribution

Mamoun Alazab, Robert Layton, Roderic Broadhurst, Brigitte Bouhours

Research output: Chapter in Book/Conference paperConference paper

6 Citations (Scopus)

Abstract

The Internet is a decentralized structure that offers speedy communication, has a global reach and provides anonymity, a characteristic invaluable for committing illegal activities. In parallel with the spread of the Internet, cybercrime has rapidly evolved from a relatively low volume crime to a common high volume crime. A typical example of such a crime is the spreading of spam emails, where the content of the email tries to entice the recipient to click a URL linking to a malicious Web site or downloading a malicious attachment. Analysts attempting to provide intelligence on spam activities quickly find that the volume of spam circulating daily is overwhelming; therefore, any intelligence gathered is representative of only a small sample, not of the global picture. While past studies have looked at automating some of these analyses using topic-based models, i.e. separating email clusters into groups with similar topics, our preliminary research investigates the usefulness of applying authorship-based models for this purpose. In the first phase, we clustered a set of spam emails using an authorship-based clustering algorithm. In the second phase, we analysed those clusters using a set of linguistic, structural and syntactic features. These analyses reveal that emails within each cluster were likely written by the same author, but that it is unlikely we have managed to group together all spam produced by each group. This problem of high purity with low recall, has been faced in past authorship research. While it is also a limitation of our research, the clusters themselves are still useful for the purposes of automating analysis, because they reduce the work needing to be performed. Our second phase revealed useful information on the group that can be utilized in future research for further analysis of such groups, for example, identifying further linkages behind spam campaigns.

Original languageEnglish
Title of host publicationProceedings: 2013 Fourth Cybercrime and Trustworthy Computing Workshop
EditorsSimon Brown, Robert Layton, Stephen McCombie, Josef Pieprzyk, Paul Watters
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages58-68
Number of pages11
ISBN (Print)978-1-4799-3075-3
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event4th Cybercrime and Trustworthy Computing Workshop - Sydney, Australia
Duration: 21 Nov 201322 Nov 2013

Conference

Conference4th Cybercrime and Trustworthy Computing Workshop
CountryAustralia
CitySydney
Period21/11/1322/11/13

    Fingerprint

Cite this

Alazab, M., Layton, R., Broadhurst, R., & Bouhours, B. (2013). Malicious Spam Emails Developments and Authorship Attribution. In S. Brown, R. Layton, S. McCombie, J. Pieprzyk, & P. Watters (Eds.), Proceedings: 2013 Fourth Cybercrime and Trustworthy Computing Workshop (pp. 58-68). [6754642] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CTC.2013.16