Login | Register

Mining Cyber Security Intelligence from Spam Data


Mining Cyber Security Intelligence from Spam Data

Dinh, Tran Thai Son (2014) Mining Cyber Security Intelligence from Spam Data. Masters thesis, Concordia University.

[thumbnail of Dinh_MSc_S2014.pdf]
Text (application/pdf)
Dinh_MSc_S2014.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Nowadays, information and communication technologies have been used to support and control almost every aspect of human life including health, finance, transportation, communication, work and recreation. Recent events have demonstrated that individuals and organizations can be victims of large-scale, astonishing and disrupting attacks, which may lead to severe consequences such as financial and time losses, ruined reputations and even life-threatening situations. Consequently, the security of information and communication technologies must be considered as one of the key roles in the operation of every organization. The first and foremost task is to gather as much information about cyber threats as possible so that cyber attacks can be detected, mitigated, predicted and prevented. Among various data sources used for inferring cyber threat intelligence, spam email data is one of the critical sources because spam emails, which are disseminated by botnets as spam campaigns, act as the pivotal instrument for several cyber-based criminal activities.
In this thesis, we emphasize the importance of cyber security intelligence for the purpose of detecting, mitigating, predicting and preventing cyber attacks. We also concentrate on the correlation of different data sources to draw a big picture of cyber-crime activities around the globe. More precisely, we design and implement two software frameworks for detecting, analyzing and predicting cyber threats, which are phishing and spam campaigns. Regarding phishing attacks, we design and implement a near real-time phishing attack detection and assessment system that identifies phishing attacks targeting specific organizations. Moreover, we propose a novel method which, to the best of our knowledge, is the first contribution to assess the severity of phishing attacks as well as to reveal prospective phishing attempts. By correlating spamtrap and passive DNS data, we are able to infer other organizations that are targeted by the same phishing attack that we have detected. On the other hand, we design and implement another software framework for detecting, analyzing and investigating spam campaigns. Our system identifies spam campaigns on-the-fly, gathers external information about spam campaigns and reveals the characteristics of spam campaigns by labeling and scoring them. The latter system has been adopted by a governmental organization and used by law enforcement officials to pursuit spammers, take down spamming servers and reduce spam volume, which contribute to a cleaner and more secure online world.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Dinh, Tran Thai Son
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:8 January 2014
Thesis Supervisor(s):Debbabi, Mourad and Youssef, Amr
ID Code:978133
Deposited By: SON DINH
Deposited On:19 Jun 2014 20:04
Last Modified:18 Jan 2018 17:46
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top