How Data Mining Can Fight Phishing

Written by Sue Walsh on May 8, 2013

phishingResearchers at the University of Alabama say data mining is a much more effective way to fight spear phishing attacks than any traditional methods. They say that using “big data” can develop valuable phishing intelligence systems that link phishing attacks to known criminal groups and sites. So far the university has amassed a database of over 550,000 phishing sites.

“The important thing to realize is that the average attacker is going to keep coming back until that institution puts in an effective countermeasure,” says Gary Warner, director of research for computer forensics at the university. “So how do we learn from the past incidents? We have to log the data, analyze it and recognize the indicators.  If you understand how malware acts, with those command and control centers that make a difference in your ability to detect it and stop it.”

Traditional anti-phishing techniques generally involve educating the end user on how to spot phishing emails, but these days, with phishing emails looking more and more convincing and people being all too human and letting curiosity get the best of them, they aren’t all that effective. You can tell someone to hover their cursor over a link in an email to see where it really points to a hundred times, but there is no way to make sure they actually do so.  Putting a database like the one the University of Alabama has together can make your spam filters stronger, and keep phishing emails from ever reaching your users, eliminating accidental and impulsive clicks altogether.

Are you interested in using data mining techniques to help your company fight spam? Why or why not?

Comments

Princess May 16, 2013

I think it is all right to give data mining techniques a try. I mean, if an institution like the University of Alabama believes in its capacity to thwart stubborn spear phishing attacks, then there really is something about it that is worth trying out. Besides, I agree that our standard anti-phishing techniques are quite outdated (and irrelevant?) already. I only wish that the University find a way to educate individuals, groups, businesses and companies about their techniques so we will be better able to understand how it works and how we can use it for our fight against spam.

Fred May 16, 2013

I hope people who get to read this can remember that data mining can sometimes be a double-edged sword. Though I agree to some extent that it can be helpful in establishing phishing patterns, data mining, when used improperly, can also lead to trouble for the company.

Coleen May 29, 2013

We share the same sentiments, Fred, though my point is quite different. Data mining, though highly important especially for those who are into e-commerce, I think it’s still intrusive. Sometimes, though, the reason is that most Internet users don’t read the fine print like those related to cookies.

  • (required)
  • (required)