Authors: Rohan M. Amin, Julie J.C.H. Ryan, and J. René van Dorp
Publication: IEEE Security and Privacy, vol. 10, no. 3, pp. 64-71, May-June 2012, doi:10.1109/MSP.2011.154
Abstract: Targeted malicious emails (TME) for computer network exploitation have become more insidious and more widely documented in recent years. Beyond spam or phishing designed to trick users into revealing personal information, TME can exploit computer networks and gather sensitive information. They can consist of coordinated and persistent campaigns that can span years. A new email-filtering technique based on email’s persistent-threat and recipient-oriented features with a random forest classifier outperforms two traditional detection methods, SpamAssassin and ClamAV, while maintaining reasonable false positive rates.
Paper is here.