Accession Number : ADA540272


Title :   Spear Phishing Attack Detection


Descriptive Note : Master's thesis


Corporate Author : AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT


Personal Author(s) : Merritt, David T


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a540272.pdf


Report Date : 24 Mar 2011


Pagination or Media Count : 128


Abstract : This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, and Microsoft Excel, Word, and PowerPoint. SPEAD's malware detection accuracy is compared against five commercially-available email anti-virus solutions. Finally, this research quantifies the time required to perform this detection with email traffic loads emulating an Air Force base network. Results show that SPEAD outperforms the anti-virus products in PE/COFF malware detection with an overall accuracy of 99.68% and an accuracy of 98.2% where new malware is involved. Additionally, SPEAD is comparable to the anti-virus products when it comes to the detection of new Adobe Reader malware with a rate of 88.79%. Ultimately, SPEAD demonstrates a strong tendency to focus its detection on new malware, which is a rare and desirable trait. Finally, after less than 4 minutes of sustained maximum email throughput, SPEAD's non-optimized configuration exhibits one-hour delays in processing files and links.


Descriptors :   *ESPIONAGE , *ATTACK , *DETECTION , *CYBERWARFARE , CASUALTIES , PROCESSING , NETWORKS , METHODOLOGY , DYNAMICS


Subject Categories : Computer Systems
      Cybernetics
      Military Intelligence


Distribution Statement : APPROVED FOR PUBLIC RELEASE