Title :
Unsupervised authorship analysis of phishing webpages
Author :
Layton, Robert ; Watters, Paul ; Dazeley, Richard
Author_Institution :
Security Lab., Univ. of Ballarat, Ballarat, VIC, Australia
Abstract :
Authorship analysis on phishing websites enables the investigation of phishing attacks, beyond basic analysis. In authorship analysis, salient features from documents are used to determine properties about the author, such as which of a set of candidate authors wrote a given document. In unsupervised authorship analysis, the aim is to group documents such that all documents by one author are grouped together. Applying this to cyber-attacks shows the size and scope of attacks from specific groups. This in turn allows investigators to focus their attention on specific attacking groups rather than trying to profile multiple independent attackers. In this paper, we analyse phishing websites using the current state of the art unsupervised authorship analysis method, called NUANCE. The results indicate that the application produces clusters which correlate strongly to authorship, evaluated using expert knowledge and external information as well as showing an improvement over a previous approach with known flaws.
Keywords :
Web sites; computer crime; document handling; NUANCE; cyber-attacks; document salient features; expert knowledge; external information; phishing Webpages; phishing Websites; phishing attacks; unsupervised authorship analysis; Computer crime; Electronic mail; HTML; Internet; Measurement; Pattern matching;
Conference_Titel :
Communications and Information Technologies (ISCIT), 2012 International Symposium on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4673-1156-4
Electronic_ISBN :
978-1-4673-1155-7
DOI :
10.1109/ISCIT.2012.6380857
