Abstract
Email spoofing is an effective attack vector for infiltrating companies and organizations. Traditional detectors are primarily based on the content of emails, but they ignore the frequent contextual changes. The blacklist-based solutions commonly used in the industry suffers from latency issues. Additionally, there are protocol-based solutions, such as SPF, DKIM, etc., but their adoption rates are unsatisfactory. To address these issues, this work presents a new framework named SpoofingGuard that detects email spoofing based on graph representation learning. As SpoofingGuard extracts important delivery path information related to the email service infrastructure from email headers, it is completely content-agnostic, and is expected to be more robust in the face of complex content variations. Finally, the evaluation results on two public datasets show that SpoofingGuard can achieve 99.51% precision and less than 0.5% false positive rate, demonstrating its effectiveness and advancement.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
