• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

A Classification Model for Attack Mail Detection based on the Authorship Analysis


Sung-Sam Hong, Gun-Yoon Shin, Myung-Mook Han, Journal of Internet Computing and Services, Vol. 18, No. 6, pp. 35-46, Dec. 2017
10.7472/jksii.2017.18.6.35, Full Text:
Keywords: Text Mining, Machine Learning, Classification, Authorship Analysis, Attacker Identification

Abstract

Recently, attackers using malicious code in cyber security have been increased by attaching malicious code to a mail and inducing the user to execute it. Especially, it is dangerous because it is easy to execute by attaching a document type file. The author analysis is a research area that is being studied in NLP (Neutral Language Process) and text mining, and it studies methods of analyzing authors by analyzing text sentences, texts, and documents in a specific language. In case of attack mail, it is created by the attacker. Therefore, by analyzing the contents of the mail and the attached document file and identifying the corresponding author, it is possible to discover more distinctive features from the normal mail and improve the detection accuracy. In this pager, we proposed IADA2(Intelligent Attack mail Detection based on Authorship Analysis) model for attack mail detection. The feature vector that can classify and detect attack mail from the features used in the existing machine learning based spam detection model and the features used in the author analysis of the document and the IADA2 detection model. We have improved the detection models of attack mails by simply detecting term features and extracted features that reflect the sequence characteristics of words by applying n-grams. Result of experiment show that the proposed method improves performance according to feature combinations, feature selection techniques, and appropriate models.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Sung-Sam Hong, Gun-Yoon Shin, & Myung-Mook Han (2017). A Classification Model for Attack Mail Detection based on the Authorship Analysis. Journal of Internet Computing and Services, 18(6), 35-46. DOI: 10.7472/jksii.2017.18.6.35.

[IEEE Style]
S. Hong, G. Shin and M. Han, "A Classification Model for Attack Mail Detection based on the Authorship Analysis," Journal of Internet Computing and Services, vol. 18, no. 6, pp. 35-46, 2017. DOI: 10.7472/jksii.2017.18.6.35.

[ACM Style]
Sung-Sam Hong, Gun-Yoon Shin, and Myung-Mook Han. 2017. A Classification Model for Attack Mail Detection based on the Authorship Analysis. Journal of Internet Computing and Services, 18, 6, (2017), 35-46. DOI: 10.7472/jksii.2017.18.6.35.