{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T19:23:28Z","timestamp":1767900208522,"version":"3.49.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030004699","type":"print"},{"value":"9783030004705","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_4","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T10:43:19Z","timestamp":1536230599000},"page":"69-91","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Reading Between the Lines: Content-Agnostic Detection of Spear-Phishing Emails"],"prefix":"10.1007","author":[{"given":"Hugo","family":"Gascon","sequence":"first","affiliation":[]},{"given":"Steffen","family":"Ullrich","sequence":"additional","affiliation":[]},{"given":"Benjamin","family":"Stritter","sequence":"additional","affiliation":[]},{"given":"Konrad","family":"Rieck","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"4_CR1","unstructured":"Amin, R.M.: Detecting targeted malicious email through supervised classification of persistent threat and recipient oriented features. Ph.D. thesis, George Washington University, Washington, DC, USA (2010). aAI3428188"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Beygelzimer, A., Kakade, S., Langford, J.: Cover trees for nearest neighbor. In: International Conference on Machine Learning (ICML), pp. 97\u2013104 (2006)","DOI":"10.1145\/1143844.1143857"},{"key":"4_CR3","unstructured":"Buildwith technology lookup. https:\/\/builtwith.com . Accessed November 2017"},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format. RFC 4880 (Proposed Standard), November 2007. https:\/\/doi.org\/10.17487\/RFC4880 . Updated by RFC 5581","DOI":"10.17487\/RFC4880"},{"issue":"1","key":"4_CR5","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MSP.2013.106","volume":"12","author":"DD Caputo","year":"2014","unstructured":"Caputo, D.D., Pfleeger, S.L., Freeman, J.D., Johnson, M.E.: Going spear phishing: exploring embedded training and awareness. IEEE Secur. Priv. 12(1), 28\u201338 (2014)","journal-title":"IEEE Secur. Priv."},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-44885-4_5","volume-title":"Communications and Multimedia Security","author":"P Chen","year":"2014","unstructured":"Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Z\u00faquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63\u201372. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44885-4_5"},{"key":"4_CR7","doi-asserted-by":"publisher","unstructured":"Crocker, D., Hansen, T., Kucherawy, M.: DomainKeys Identified Mail (DKIM) Signatures. RFC 6376 (Internet Standard), September 2011. https:\/\/doi.org\/10.17487\/RFC6376","DOI":"10.17487\/RFC6376"},{"key":"4_CR8","unstructured":"Lawrence, N.D., Sch\u00f6lkopf, B.: Estimating a kernel fisher discriminant in the presence of label noise. In: ICML, vol. 1, pp. 306\u2013313 (2001)"},{"key":"4_CR9","volume-title":"Pattern Classification","author":"R Duda","year":"2001","unstructured":"Duda, R., Hart, P.E., Stork, D.G.: Pattern Classification. Wiley, Hoboken (2001)"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Duman, S., Cakmakci, K.K., Egele, M., Robertson, W., Kirda, E.: EmailProfiler: spearphishing filtering with header and stylometric features of emails. In: COMPSAC (2016)","DOI":"10.1109\/COMPSAC.2016.105"},{"key":"4_CR11","first-page":"1871","volume":"9","author":"RE Fan","year":"2008","unstructured":"Fan, R.E., Chang, K.W., Hsieh, C.J., Wang, X.R., Lin, C.J.: LIBLINEAR: a library for large linear classification. JMLR 9, 1871\u20131874 (2008)","journal-title":"JMLR"},{"issue":"8","key":"4_CR12","doi-asserted-by":"publisher","first-page":"861","DOI":"10.1016\/j.patrec.2005.10.010","volume":"27","author":"T Fawcett","year":"2006","unstructured":"Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861\u2013874 (2006)","journal-title":"Pattern Recogn. Lett."},{"key":"4_CR13","doi-asserted-by":"publisher","unstructured":"Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 450\u2013464. ACM, New York (2015). https:\/\/doi.org\/10.1145\/2810103.2813607","DOI":"10.1145\/2810103.2813607"},{"key":"4_CR14","doi-asserted-by":"publisher","unstructured":"Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. RFC 2045 (Draft Standard), November 1996. https:\/\/doi.org\/10.17487\/RFC2045 . Updated by RFCs 2184, 2231, 5335, 6532","DOI":"10.17487\/RFC2045"},{"key":"4_CR15","doi-asserted-by":"publisher","unstructured":"Freed, N., Moore, K.: MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations. RFC 2231 (Proposed Standard), November 1997. https:\/\/doi.org\/10.17487\/RFC2231","DOI":"10.17487\/RFC2231"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Gupta, S., Singhal, A., Kapoor, A.: A literature survey on social engineering attacks: phishing attack. In: 2016 International Conference on Computing, Communication and Automation (ICCCA), pp. 537\u2013540. IEEE (2016)","DOI":"10.1109\/CCAA.2016.7813778"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Han, F., Shen, Y.: Accurate spear phishing campaign attribution and early detection. In: SAC, pp. 2079\u20132086 (2016)","DOI":"10.1145\/2851613.2851801"},{"key":"4_CR18","unstructured":"Hardy, S., et al.: Targeted threat index: characterizing and quantifying politically-motivated targeted malware. In: USENIX Security, pp. 527\u2013541 (2014)"},{"key":"4_CR19","unstructured":"Ho, G., et al.: Detecting credential spearphishing attacks in enterprise settings. In: USENIX Security Symposium (2017)"},{"key":"4_CR20","unstructured":"Trend Micro Incorporated: Spear-Phishing Email: Most Favored APT Attack Bait. Technical report, Trend Micro Inc. (2012)"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Joachims, T.: Text categorization with support vector machines: learning with many relevant features. Technical report 23, LS VIII, University of Dortmund (1997)","DOI":"10.1007\/BFb0026683"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Joachims, T.: Learning to Classify Text Using Support Vector Machines: Methods, Theory and Algorithms. Kluwer Academic Publishers (2002)","DOI":"10.1007\/978-1-4615-0907-3"},{"key":"4_CR23","doi-asserted-by":"publisher","unstructured":"Josefsson, S.: The Base16, Base32, and Base64 Data Encodings. RFC 4648 (Proposed Standard), October 2006. https:\/\/doi.org\/10.17487\/RFC4648","DOI":"10.17487\/RFC4648"},{"key":"4_CR24","doi-asserted-by":"publisher","unstructured":"Kitterman, S.: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208 (Proposed Standard), April 2014. https:\/\/doi.org\/10.17487\/RFC7208 . Updated by RFC 7372","DOI":"10.17487\/RFC7208"},{"key":"4_CR25","doi-asserted-by":"publisher","unstructured":"Kucherawy, M., Zwicky, E.: Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC 7489 (Informational), March 2015. https:\/\/doi.org\/10.17487\/RFC7489","DOI":"10.17487\/RFC7489"},{"key":"4_CR26","unstructured":"Le Blond, S., Uritesc, A., Gilbert, C.: A look at targeted attacks through the lense of an NGO. In: USENIX Security, pp. 543\u2013558 (2014)"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-642-35416-8_18","volume-title":"Information Security Applications","author":"E Lin","year":"2012","unstructured":"Lin, E., Aycock, J., Mannan, M.: Lightweight client-side methods for detecting email forgery. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 254\u2013269. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-35416-8_18"},{"key":"4_CR28","doi-asserted-by":"publisher","unstructured":"Mori, T., Sato, K., Takahashi, Y., Ishibashi, K.: How is e-mail sender authentication used and misused? In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS 2011, pp. 31\u201337. ACM, New York (2011). https:\/\/doi.org\/10.1145\/2030376.2030380","DOI":"10.1145\/2030376.2030380"},{"key":"4_CR29","doi-asserted-by":"publisher","unstructured":"Ramsdell, B., Turner, S.: Secure\/Multipurpose Internet Mail Extensions (S\/MIME) Version 3.2 Message Specification. RFC 5751 (Proposed Standard), January 2010. https:\/\/doi.org\/10.17487\/RFC5751","DOI":"10.17487\/RFC5751"},{"key":"4_CR30","doi-asserted-by":"publisher","unstructured":"Resnick, P.: Internet Message Format. RFC 5322 (Draft Standard), October 2008. https:\/\/doi.org\/10.17487\/RFC5322 . Updated by RFC 6854","DOI":"10.17487\/RFC5322"},{"issue":"Nov","key":"4_CR31","first-page":"3247","volume":"13","author":"K Rieck","year":"2012","unstructured":"Rieck, K., Wressnegger, C., Bikadorov, A.: Sally: a tool for embedding strings in vector spaces. J. Mach. Learn. Res. (JMLR) 13(Nov), 3247\u20133251 (2012)","journal-title":"J. Mach. Learn. Res. (JMLR)"},{"issue":"11","key":"4_CR32","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1145\/361219.361220","volume":"18","author":"G Salton","year":"1975","unstructured":"Salton, G., Wong, A., Yang, C.: A vector space model for automatic indexing. Commun. ACM 18(11), 613\u2013620 (1975)","journal-title":"Commun. ACM"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-319-20550-2_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G Stringhini","year":"2015","unstructured":"Stringhini, G., Thonnard, O.: That ain\u2019t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78\u201397. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_5"},{"issue":"4","key":"4_CR34","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1109\/TPC.2012.2208392","volume":"55","author":"J Wang","year":"2012","unstructured":"Wang, J., Herath, T., Chen, R., Vishwanath, A., Rao, H.R.: Research article phishing susceptibility: an investigation into the processing of a targeted spear phishing email. IEEE Trans. Prof. Commun. 55(4), 345\u2013362 (2012)","journal-title":"IEEE Trans. Prof. Commun."}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T20:50:59Z","timestamp":1661979059000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}