Mitigation of spear phishing attacks: A Content-based Authorship Identification framework

Phishing is a semantic attack that takes advantage of the naivety of the human behind electronic systems (e.g. e-banking). Educating end-users can minimize the impact of phishing attacks, however it remains relatively expensive and time consuming. Thus, many software-based solutions, such as classifiers, are being proposed by researchers. However, no software solutions have been proposed to minimize the impact of spear phishing attacks, which are the targeted form of phishing, and have a higher success rate than generic bulk phishing attacks. In this paper, we describe a novel framework to mitigate spear phishing attacks via the use of document authorship techniques - Anti-Spear phishing Content-based Authorship Identification (ASCAI). ASCAI informs the user of possible mismatches between the writing styles of a received email body and of trusted authors by studying the email body itself (i.e. the writeprint), as opposed to traditional user ID-based authentication techniques which can be spoofed or abused. As a proof of concept, we implemented the proposed framework using Source Code Author Profiles (SCAP), and the evaluation results are presented.