An Approach for Detecting Spear Phishing Using Deep Packet Inspection and Deep Flow Inspection

Abstract

In the era of Internet Banking, most of the people may hear the term called “Phishing”, it is related to fraudulent over the Internet as well as Social Engineering. It is commonly done by sending an e-mail to target user with an embedded hyperlink to steal their user-name, password, transaction password, etc. Moreover, Phishers used to gain the access in personal credentials of targeted user for stealing cash from user’s bank account. Phishing can be done by using several other ways like sending text messages (called “Smishing” for SMS-Phishing), or via Phone Calls (often called “Vishing” for Voice-Phishing) or sometimes via social-media itself including sending an e-mail to user or organization. Phishing has several types in terms of the used medium as well as in terms of victim. Spear Phishing is a prevalent method of phishing and comes under the Advanced Persistent Threat (APT) category. The term “Spear Phishing” mainly defines that stealing the credential of a specific user or a specific company at a time by sending e-mail. This paper deals with Spear Phishing Emails that mainly organizations, companies and most of the time common people used to get by Phishers. This paper proposes an approach to detect the Spear Phishing e-mails with the help of Deep Packet Inspection and Deep Flow Inspection using Packet Filtering and Network Traffic Identification technique.