Researchers at the University of Alabama say data mining is a much more effective way to fight spear phishing attacks than any traditional methods. They say that using “big data” can develop valuable phishing intelligence systems that link phishing attacks to known criminal groups and sites. So far the university has amassed a database of over 550,000 phishing sites.
“The important thing to realize is that the average attacker is going to keep coming back until that institution puts in an effective countermeasure,” says Gary Warner, director of research for computer forensics at the university. “So how do we learn from the past incidents? We have to log the data, analyze it and recognize the indicators. If you understand how malware acts, with those command and control centers that make a difference in your ability to detect it and stop it.”
Traditional anti-phishing techniques generally involve educating the end user on how to spot phishing emails, but these days, with phishing emails looking more and more convincing and people being all too human and letting curiosity get the best of them, they aren’t all that effective. You can tell someone to hover their cursor over a link in an email to see where it really points to a hundred times, but there is no way to make sure they actually do so. Putting a database like the one the University of Alabama has together can make your spam filters stronger, and keep phishing emails from ever reaching your users, eliminating accidental and impulsive clicks altogether.
Are you interested in using data mining techniques to help your company fight spam? Why or why not?