Abstract

Nowadays, information and communication technologies have been used to support and control almost every aspect of human life including health, finance, transportation, communication, work and recreation. Recent events have demonstrated that individuals and organizations can be victims of large-scale, astonishing and disrupting attacks, which may lead to severe consequences such as financial and time losses, ruined reputations and even life-threatening situations. Consequently, the security of information and communication technologies must be considered as one of the key roles in the operation of every organization. The first and foremost task is to gather as much information about cyber threats as possible so that cyber attacks can be detected, mitigated, predicted and prevented. Among various data sources used for inferring cyber threat intelligence, spam email data is one of the critical sources because spam emails, which are disseminated by botnets as spam campaigns, act as the pivotal instrument for several cyber-based criminal activities.
In this thesis, we emphasize the importance of cyber security intelligence for the purpose of detecting, mitigating, predicting and preventing cyber attacks. We also concentrate on the correlation of different data sources to draw a big picture of cyber-crime activities around the globe. More precisely, we design and implement two software frameworks for detecting, analyzing and predicting cyber threats, which are phishing and spam campaigns. Regarding phishing attacks, we design and implement a near real-time phishing attack detection and assessment system that identifies phishing attacks targeting specific organizations. Moreover, we propose a novel method which, to the best of our knowledge, is the first contribution to assess the severity of phishing attacks as well as to reveal prospective phishing attempts. By correlating spamtrap and passive DNS data, we are able to infer other organizations that are targeted by the same phishing attack that we have detected. On the other hand, we design and implement another software framework for detecting, analyzing and investigating spam campaigns. Our system identifies spam campaigns on-the-fly, gathers external information about spam campaigns and reveals the characteristics of spam campaigns by labeling and scoring them. The latter system has been adopted by a governmental organization and used by law enforcement officials to pursuit spammers, take down spamming servers and reduce spam volume, which contribute to a cleaner and more secure online world.