Engineers to Develop Spear-phishing Detection Method

Zhou Li and Yanning Shen, assistant professors in electrical engineering and computer science, are working on an artificial intelligence method to detect fraudulent emails.

July 21, 2021 – Two Samueli School electrical engineering and computer science researchers – Zhou Li and Yanning Shen – are tackling the issue of spear-phishing in collaboration with Microsoft.

Spear-phishing is a type of cyber-attack that sends personalized emails to targeted individuals and organizations attempting to convince the victims to perform some action, such as transferring money, logging into a website or sharing data, which the attacker can then use illicitly.

Li and Shen, both assistant professors, are developing a new system to automatically detect spear-phishing emails, so the damage to an individual or organization can be contained. They are supported by a $150,000 Microsoft Security Research Artificial Intelligence Award and will work with the company to test their new system.

The researchers are taking a novel approach to what has become a billion-dollar problem. “We will model the email communications between senders and recipients as a social graph and apply graph-learning models to classify the emails,” said Li. “To keep our models adapted to the new benign and malicious email patterns that emerge in an organization, we'll also apply online learning, a very efficient method to update the model.”

In spear-phishing, the attacker usually writes an email tailored to the background and roles of the victims and sends it to a small number of recipients, a more stealth approach than other email-based attacks like spam, which is sent to a large number of recipients without customization. The attacker often impersonates someone the victim knows, using a similar email address and a compromised email account. Because of such impersonation, the email is more likely to be read and processed by the victim. These emails are often evasive and difficult to capture with existing approaches that are based on malware detection, sender/domain blacklisting, among others.

“To address this problem, we will explore how to adapt state-of-the-art graph learning algorithms,” said Shen. “Machine learning over graphs is an area I am very excited about as it provides algorithmic and theoretical tools for understanding and learning from data collected in networked systems. We expect this project to have a profound impact on email security and research in graph learning.”

“We are thrilled to be selected as one of the only two winning teams for this award,” said Li. “This is also a great opportunity for our research to make real-world impact and protect numerous email users.”

– Lori Brandt