The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

The effectiveness of transformer-based models for BEC attack detection

The effectiveness of transformer-based models for BEC attack detection
The effectiveness of transformer-based models for BEC attack detection

Business Email Compromise (BEC) attacks are a significant threat to organizations, with attackers using various tactics to acquire sensitive information and cause financial damage to target firms. These attacks are difficult to detect using existing email security systems, as approximately 60% of BEC attacks do not include explicit indicators such as attachments and links. Even state-of-the-art solutions using Natural Language Processing (NLP) rely heavily on such explicit indicators. This study proposes a transformer-based BEC detection method that can capture linguistic properties of emails so that could reduce the reliance on explicit indicators. Our method of combining BERT and BiLSTM offers the advantage of capturing both global context and local interdependence, resulting in a comprehensive and nuanced understanding of email text. In our experiment, the proposed method outperforms the state-of-the-art solutions, achieving a 0.99% accuracy and this highlights the potential of transformer-based models in detecting BEC attacks.

BERT, BiLSTM, Business Email Compromise BEC, Email Security, Feature Engineering, Phishing, Transformer
0302-9743
77-90
Springer Cham
Almutairi, Amirah
93ab82cb-5649-45b5-b6a7-a1ce15446354
Kang, BooJoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Fadhel, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319
Li, Shujun
Manulis, Mark
Miyaji, Atsuko
Almutairi, Amirah
93ab82cb-5649-45b5-b6a7-a1ce15446354
Kang, BooJoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Fadhel, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319
Li, Shujun
Manulis, Mark
Miyaji, Atsuko

Almutairi, Amirah, Kang, BooJoong and Fadhel, Nawfal (2023) The effectiveness of transformer-based models for BEC attack detection. Li, Shujun, Manulis, Mark and Miyaji, Atsuko (eds.) In Network and System Security: 17th International Conference, NSS 2023, Canterbury, UK, August 14–16, 2023, Proceedings. vol. LNCS, 13983, Springer Cham. pp. 77-90 . (doi:10.1007/978-3-031-39828-5_5).

Record type: Conference or Workshop Item (Paper)

Abstract

Business Email Compromise (BEC) attacks are a significant threat to organizations, with attackers using various tactics to acquire sensitive information and cause financial damage to target firms. These attacks are difficult to detect using existing email security systems, as approximately 60% of BEC attacks do not include explicit indicators such as attachments and links. Even state-of-the-art solutions using Natural Language Processing (NLP) rely heavily on such explicit indicators. This study proposes a transformer-based BEC detection method that can capture linguistic properties of emails so that could reduce the reliance on explicit indicators. Our method of combining BERT and BiLSTM offers the advantage of capturing both global context and local interdependence, resulting in a comprehensive and nuanced understanding of email text. In our experiment, the proposed method outperforms the state-of-the-art solutions, achieving a 0.99% accuracy and this highlights the potential of transformer-based models in detecting BEC attacks.

This record has no associated files available for download.

More information

e-pub ahead of print date: 12 August 2023
Published date: 13 August 2023
Additional Information: Funding Information: Acknowledgment. This work is supported by the National Nature Science Foundation of China (No. 62102429, No. 62072466, No. 62102430, No. 62102440), Natural Science Foundation of Hunan Province, China (Grant No. 2021JJ40688), the NUDT Grants (No. ZK19-38, No. ZK22-50). Funding Information: Acknowledgements. This project has received funding from the European Union’s Horizon 2020 Research and Innovation program under the Marie Sk lodowska-Curie INCOGNITO project (Grant Agreement No. 824015), CONCORDIA project (Grant Agreement No. 830927), SPATIAL project (Grant Agreement No. 101021808) and the Cyprus’s Research and Innovation Foundation (Grant Agreement: COMPLEMENTARY/0916/0031). The authors bear the sole responsibility for the content presented in this paper, and any interpretations or conclusions drawn from it do not reflect the official position of the European Union nor the Research Innovation Foundation. Funding Information: Acknowledgment. This work was partially supported by JSPS Grant-in-Aid for Scientific Research (C) 23K11103 and NEC C&C Foundation under Grants for Researchers. Funding Information: This research was partially supported by the Chinese Scholarship Council. Funding Information: Supported by Chinese Scholarship Council. Funding Information: The authors would like to thank the Deanship of Scientific Research at Shaqra University and the Saudi Arabian Cultural Bureau in London (SACB) for allowing the research to be undertaken. Funding Information: Acknowledgement. This study is supported by the DFG Cluster of Excellence Funding Information: Acknowledgment. This work was partially supported by the Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP19H04109, JP22H03592, JP23K16882, and a contract of “Research and development on new generation cryptography for secure wireless communication services” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254)”. which was supported by the Ministry of Internal Affairs and Communications, Japan. Funding Information: Acknowledgements. This work was supported in part by the National Nature Science Foundation of China under Grant No. 6197226, the Natural Science Foundation of Guangdong Province under Grant No. 2021A1515011153, and the Shenzhen Science and Technology Innovation Commission under Grant No. 20200805142159001, No. JCYJ20220531103401003.
Venue - Dates: NSS 2023: 17th International Conference on Network and System Security, University of Kent, Canterbury, United Kingdom, 2023-08-14 - 2023-08-16
Related URLs:
Keywords: BERT, BiLSTM, Business Email Compromise BEC, Email Security, Feature Engineering, Phishing, Transformer
Learn more about School of Electronics and Computer Science research Learn more about Cyber Security research

Identifiers

Local EPrints ID: 486167
URI: http://eprints.soton.ac.uk/id/eprint/486167
DOI: doi:10.1007/978-3-031-39828-5_5
ISSN: 0302-9743
PURE UUID: e1b39643-b404-4182-bf27-c33bc5250c7f
ORCID for Amirah Almutairi: ORCID iD orcid.org/0000-0002-2194-7936
ORCID for BooJoong Kang: ORCID iD orcid.org/0000-0001-5984-9867
ORCID for Nawfal Fadhel: ORCID iD orcid.org/0000-0002-1129-5217

Catalogue record

Date deposited: 12 Jan 2024 17:31
Last modified: 06 Jun 2024 02:10

Export record

Altmetrics

Contributors

Author: Amirah Almutairi ORCID iD
Author: BooJoong Kang ORCID iD
Author: Nawfal Fadhel ORCID iD
Editor: Shujun Li
Editor: Mark Manulis
Editor: Atsuko Miyaji

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×