Detecting lateral spear phishing attacks in organisations

Detecting lateral spear phishing attacks in organisations

For access to this article, please select a purchase option:

Buy eFirst article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Lateral spear phishing attack is a powerful type of social engineering attack carried out using compromised email account(s) within the target organisation. Spear phishing attacks are difficult to detect due to the nature of these attacks. The inclusion of a lateral attack vector makes detection more challenging. The authors present an approach to detect lateral spear phishing attacks in organisations in real-time. Their approach uses features derived from domain knowledge and analysis of characteristics pertaining to such attacks, combined with their scoring technique which works on non-labelled dataset. They evaluate the approach on several years’ worth of real-world email dataset collected from volunteers in their institute. They were able to achieve false positive rate of below 1%, and also detected two instances of compromised accounts which were not known earlier. A comparison of their scoring technique with machine learning based anomaly detection techniques shows the proposed technique to be more suited for practical use. The proposed approach is primarily aimed at complementing existing detection techniques on email servers. However, they also developed a Chrome browser extension to demonstrate that such a system can also be used independently by organisations within their network.

Related content

This is a required field
Please enter a valid email address