Unsupervised authorship analysis of phishing webpages

Robert Layton*, Paul Watters, Richard Dazeley

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

14 Citations (Scopus)

Abstract

Authorship analysis on phishing websites enables the investigation of phishing attacks, beyond basic analysis. In authorship analysis, salient features from documents are used to determine properties about the author, such as which of a set of candidate authors wrote a given document. In unsupervised authorship analysis, the aim is to group documents such that all documents by one author are grouped together. Applying this to cyber-attacks shows the size and scope of attacks from specific groups. This in turn allows investigators to focus their attention on specific attacking groups rather than trying to profile multiple independent attackers. In this paper, we analyse phishing websites using the current state of the art unsupervised authorship analysis method, called NUANCE. The results indicate that the application produces clusters which correlate strongly to authorship, evaluated using expert knowledge and external information as well as showing an improvement over a previous approach with known flaws.

Original languageEnglish
Title of host publication2012 International Symposium on Communications and Information Technologies, ISCIT 2012
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1104-1109
Number of pages6
ISBN (Print)9781467311571
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event2012 International Symposium on Communications and Information Technologies, ISCIT 2012 - Gold Coast, QLD, Australia
Duration: 2 Oct 20125 Oct 2012

Other

Other2012 International Symposium on Communications and Information Technologies, ISCIT 2012
CountryAustralia
CityGold Coast, QLD
Period2/10/125/10/12

Fingerprint

Dive into the research topics of 'Unsupervised authorship analysis of phishing webpages'. Together they form a unique fingerprint.

Cite this