TY - JOUR
T1 - Zero-day malicious email investigation and detection using features with deep-learning approach
AU - Phomkeona, Sanouphab
AU - Okamura, Koji
N1 - Funding Information:
Acknowledgments This research was supported by Management Expenses Grants of Cybersecurity Center, Kyushu University and Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST) and JSPS KAKEN-HI Grant Number JP16K00480.
Publisher Copyright:
© 2020 Information Processing Society of Japan.
PY - 2020
Y1 - 2020
N2 - Cyber hackers use email as a tool to trick, inject or drop malicious software into the recipient’s device. Everyday users have to face off against, phishing or malicious emails and it would be a huge problem for whole organizations even if only one user clicked on a single link from this malicious email. The difficult issue is how to classify and detect those malicious emails from ordinary, especially spear phishing emails, which are designed for a particular target, or zero-day malicious emails that no one has ever found until now. In this paper, we introduce a way to classify and detect zero-day malicious emails by using deep-learning with data investigated from the email header and body itself, combined with dynamic analysis information as a group of features. Four different language email datasets can be used to train and test the system to simulate real-world diversity and zero-day malicious email attack situations. We succeeded in obtaining a satisfactory accuracy rate for detection results for both zero-day malicious email types and normal spam.
AB - Cyber hackers use email as a tool to trick, inject or drop malicious software into the recipient’s device. Everyday users have to face off against, phishing or malicious emails and it would be a huge problem for whole organizations even if only one user clicked on a single link from this malicious email. The difficult issue is how to classify and detect those malicious emails from ordinary, especially spear phishing emails, which are designed for a particular target, or zero-day malicious emails that no one has ever found until now. In this paper, we introduce a way to classify and detect zero-day malicious emails by using deep-learning with data investigated from the email header and body itself, combined with dynamic analysis information as a group of features. Four different language email datasets can be used to train and test the system to simulate real-world diversity and zero-day malicious email attack situations. We succeeded in obtaining a satisfactory accuracy rate for detection results for both zero-day malicious email types and normal spam.
UR - http://www.scopus.com/inward/record.url?scp=85082133626&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85082133626&partnerID=8YFLogxK
U2 - 10.2197/ipsjjip.28.222
DO - 10.2197/ipsjjip.28.222
M3 - Article
AN - SCOPUS:85082133626
SN - 0387-6101
VL - 28
SP - 222
EP - 229
JO - Journal of Information Processing
JF - Journal of Information Processing
ER -