Research Article
Email Address Mutation for Proactive Deterrence Against Lateral Spear-Phishing Attacks
@INPROCEEDINGS{10.1007/978-3-030-63086-7_1, author={Md Mazharul Islam and Ehab Al-Shaer and Muhammad Abdul Basit Ur Rahim}, title={Email Address Mutation for Proactive Deterrence Against Lateral Spear-Phishing Attacks}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={Lateral spear-phishing attack Spoofing attack Email phishing Targeted attack Moving target defense}, doi={10.1007/978-3-030-63086-7_1} }- Md Mazharul Islam
Ehab Al-Shaer
Muhammad Abdul Basit Ur Rahim
Year: 2020
Email Address Mutation for Proactive Deterrence Against Lateral Spear-Phishing Attacks
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_1
Abstract
Email spear-phishing attack is one of the most devastating cyber threat against individual and business victims. Using spear-phishing emails, adversaries can manage to impersonate authoritative identities in order to incite victims to perform actions that help adversaries to gain financial and/hacking goals. Many of these targeted spear-phishing can be undetectable based on analyzing emails because, for example, they can be sent from compromised benign accounts (called lateral spear-phishing attack).
In this paper, we developed a novel proactive defense technique using sender email address mutation to protect a group of related users against lateral spear-phishing. In our approach, we frequently change the sender email address randomly that can only be verified by trusted peers, without imposing any overhead or restriction on email communication with external users. Our Email mutation technique is transparent, secure, and effective because it allows users to use their email as usual, while they are fully protected from such stealthy spear-phishing.
We present the Email mutation technique (algorithm and protocol) and develop a formal model to verify its correctness. The processing overhead due to mutation is a few milliseconds, which is negligible with the prospective of end-to-end email transmission delay. We also describe a real-world implementation of the Email mutation technique that works with any email service providers such as Gmail, Apple iCloud, Yahoo Mail, and seamlessly integrates with standard email clients such as Gmail web clients (mail.google.com), Microsoft Outlook, and Thunderbird.
