Spoofed Email Based Cyberattack Detection Using Machine Learning

Abstract

Cyberattacks on e-mails are of different types, but the most pervasive and ubiquitous are spoofing attacks. Our approach uses memory forensics to extract e-mail headers from live memory to perform an e-mail header investigation to identify spoofing attacks. We have identified the research gaps and advanced our work to achieve better results. In this paper, we have made two significant improvements. First is URL validation module that uses a novel technique of checking each captured URL with an MX record and e-mail URL features. This scheme is fast, and reduces the total time from 35 sec to 27 sec. Second, spoofed e-mail detection is ameliorated by applying an ML model built using two novel e-mail header fields (BIMI and X-FraudScore) and four authentication header fields (SPF, DKIM, DMARC, and ARC). This enhances the spoofed e-mail detection accuracy from 96.15% to 97.57% with low false positives. © 2023 International Association for Computer Information Systems.