Title :
Establishing phishing provenance using orthographic features
Author :
Ma, Liping ; Yearwood, John ; Watters, Paul
Author_Institution :
Centre for Inf. & Appl. Optimization, Univ. of Ballarat, Ballarat, VIC, Australia
fDate :
Sept. 20 2009-Oct. 21 2009
Abstract :
After phishing message detection, determining the provenance of phishing messages and Websites is the second step to tracing cybercriminals. In this paper, we present a novel method to cluster phishing emails automatically using orthographic features. In particular, we develop an algorithm to cluster documents and remove redundant features at the same time. After collecting all the possible features based on observation, we adapt the modified global k-mean method repeatedly, and generate the objective function values over a range of tolerance values across different subsets of features. Finally, we identify the appropriate clusters based on studying the distribution of the objective function values. Experimental evaluation of a large number of computations demonstrates that our clustering and feature selection techniques are highly effective and achieve reliable results.
Keywords :
computer crime; cybercriminals; feature selection techniques; modified global k-mean method; orthographic features; phishing message detection; phishing provenance; Clustering algorithms; Computer security; Credit cards; Informatics; Information security; Information technology; Internet; Laboratories; Reliability engineering; Uniform resource locators; Clustering; feature elimination; feature selection; modified global k-means;
Conference_Titel :
eCrime Researchers Summit, 2009. eCRIME '09.
Conference_Location :
Tacoma, WA
Print_ISBN :
978-1-4244-4625-4
DOI :
10.1109/ECRIME.2009.5342604
