Phishing E-mail Detection Based on Structural Properties

Phishing attacks pose a serious threat to end-users and commercial institutions alike. Majority of the present day phishing attacks employ e-mail as their primary carrier, in order to allure unsuspecting victims to visit the masqueraded website. While the recent defense mechanisms focus on detection by validating the authenticity of the website, very few approaches have been proposed which concentrate on detecting e-mail based phishing attacks based on the structural properties inherently present in the phishing e-mail. Also, phishing attacks growing in ingenuity as well as sophistication render most of existing browser based solutions weak. In this paper, we propose a novel technique to discriminate phishing e-mails from the legitimate e-mails using the distinct structural features present in them. The derived features, together with oneclass Support Vector Machine (SVM), can be used to efficiently classify phishing e-mails before it reaches the users inbox, essentially reducing the human exposure. Our prototype implementation sits between a user's mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving e-mail even before it reaches the inbox. Using live email data, we demonstrate that our approach is able to detect a wide range of phishing e-mails with minimal performance overhead