Email address mutation for proactive deterrence against lateral spear-phishing attacks

Md Mazharul Islam; Ehab Al-Shaer; Muhammad Abdul Basit Ur Rahim

doi:10.1007/978-3-030-63086-7_1

Email address mutation for proactive deterrence against lateral spear-phishing attacks

Md Mazharul Islam^*, Ehab Al-Shaer, Muhammad Abdul Basit Ur Rahim

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack). In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing. We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings
Editors	Noseong Park, Kun Sun, Sara Foresti, Kevin Butler, Nitesh Saxena
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	1-22
Number of pages	22
ISBN (Print)	9783030630850
DOIs	https://doi.org/10.1007/978-3-030-63086-7_1
State	Published - 2020
Externally published	Yes
Event	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 - Washington, United States Duration: 21 Oct 2020 → 23 Oct 2020

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	335
ISSN (Print)	1867-8211

Conference

Conference	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020
Country/Territory	United States
City	Washington
Period	21/10/20 → 23/10/20

Bibliographical note

Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.

Keywords

Email phishing
Lateral spear-phishing attack
Moving target defense
Spoofing attack
Targeted attack

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-030-63086-7_1

Cite this

Islam, M. M., Al-Shaer, E., & Rahim, M. A. B. U. (2020). Email address mutation for proactive deterrence against lateral spear-phishing attacks. In N. Park, K. Sun, S. Foresti, K. Butler, & N. Saxena (Eds.), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings (pp. 1-22). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-63086-7_1

Islam, Md Mazharul ; Al-Shaer, Ehab ; Rahim, Muhammad Abdul Basit Ur. / Email address mutation for proactive deterrence against lateral spear-phishing attacks. Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. editor / Noseong Park ; Kun Sun ; Sara Foresti ; Kevin Butler ; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. pp. 1-22 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{f700ae9d219041c59f21576b7518ac0f,

title = "Email address mutation for proactive deterrence against lateral spear-phishing attacks",

abstract = "Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack). In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing. We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.",

keywords = "Email phishing, Lateral spear-phishing attack, Moving target defense, Spoofing attack, Targeted attack",

author = "Islam, \{Md Mazharul\} and Ehab Al-Shaer and Rahim, \{Muhammad Abdul Basit Ur\}",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.; 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 ; Conference date: 21-10-2020 Through 23-10-2020",

year = "2020",

doi = "10.1007/978-3-030-63086-7\_1",

language = "English",

isbn = "9783030630850",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "1--22",

editor = "Noseong Park and Kun Sun and Sara Foresti and Kevin Butler and Nitesh Saxena",

booktitle = "Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings",

address = "Germany",

}

Islam, MM, Al-Shaer, E & Rahim, MABU 2020, Email address mutation for proactive deterrence against lateral spear-phishing attacks. in N Park, K Sun, S Foresti, K Butler & N Saxena (eds), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 335, Springer Science and Business Media Deutschland GmbH, pp. 1-22, 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020, Washington, United States, 21/10/20. https://doi.org/10.1007/978-3-030-63086-7_1

Email address mutation for proactive deterrence against lateral spear-phishing attacks. / Islam, Md Mazharul; Al-Shaer, Ehab; Rahim, Muhammad Abdul Basit Ur.
Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. ed. / Noseong Park; Kun Sun; Sara Foresti; Kevin Butler; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. p. 1-22 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Email address mutation for proactive deterrence against lateral spear-phishing attacks

AU - Islam, Md Mazharul

AU - Al-Shaer, Ehab

AU - Rahim, Muhammad Abdul Basit Ur

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020.

PY - 2020

Y1 - 2020

N2 - Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack). In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing. We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.

AB - Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack). In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing. We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.

KW - Email phishing

KW - Lateral spear-phishing attack

KW - Moving target defense

KW - Spoofing attack

KW - Targeted attack

UR - https://www.scopus.com/pages/publications/85096669154

U2 - 10.1007/978-3-030-63086-7_1

DO - 10.1007/978-3-030-63086-7_1

M3 - Conference contribution

AN - SCOPUS:85096669154

SN - 9783030630850

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 1

EP - 22

BT - Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings

A2 - Park, Noseong

A2 - Sun, Kun

A2 - Foresti, Sara

A2 - Butler, Kevin

A2 - Saxena, Nitesh

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020

Y2 - 21 October 2020 through 23 October 2020

ER -

Islam MM, Al-Shaer E, Rahim MABU. Email address mutation for proactive deterrence against lateral spear-phishing attacks. In Park N, Sun K, Foresti S, Butler K, Saxena N, editors, Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 1-22. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-030-63086-7_1

Email address mutation for proactive deterrence against lateral spear-phishing attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this