Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review

Journal article


Atlam, H. and Olayonu Oluwatimilehin 2022. Business Email Compromise Phishing Detection Based on Machine Learning: A Systematic Literature Review. Electronics. 12 (1), pp. 1-28. https://doi.org/10.3390/electronics12010042
AuthorsAtlam, H. and Olayonu Oluwatimilehin
Abstract

The risk of cyberattacks against businesses has risen considerably, with Business Email Compromise (BEC) schemes taking the lead as one of the most common phishing attack methods. The daily evolution of this assault mechanism’s attack methods has shown a very high level of proficiency against organisations. Since the majority of BEC emails lack a payloader, they have become challenging for organisations to identify or detect using typical spam filtering and static feature extraction techniques. Hence, an efficient and effective BEC phishing detection approach is required to provide an effective solution to various organisations to protect against such attacks. This paper provides a systematic review and examination of the state of the art of BEC phishing detection techniques to provide a detailed understanding of the topic to allow researchers to identify the main principles of BEC phishing detection, the common Machine Learning (ML) algorithms used, the features used to detect BEC phishing, and the common datasets used. Based on the selected search strategy, 38 articles (of 950 articles) were chosen for closer examination. Out of these articles, the contributions of the selected articles were discussed and summarised to highlight their contributions as well as their limitations. In addition, the features of BEC phishing used for detection were provided, as well as the ML algorithms and datasets that were used in BEC phishing detection models were discussed. In the end, open issues and future research directions of BEC phishing detection based on ML were discussed

Keywordsbusiness email compromise (BEC); email phishing; phishing detection
Year2022
JournalElectronics
Journal citation12 (1), pp. 1-28
PublisherMDPI
ISSN2079-9292
Digital Object Identifier (DOI)https://doi.org/10.3390/electronics12010042
Web address (URL)https://doi.org/10.3390/electronics12010042
Output statusPublished
Publication dates22 Dec 2022
Publication process dates
Accepted19 Dec 2022
Deposited10 Feb 2023
Permalink -

https://repository.derby.ac.uk/item/9wxy2/business-email-compromise-phishing-detection-based-on-machine-learning-a-systematic-literature-review

  • 84
    total views
  • 0
    total downloads
  • 7
    views this month
  • 0
    downloads this month

Export as

Related outputs

Deep labeller: automatic bounding box generation for synthetic violence detection datasets
Nadeem, M., Kurugollu, F., Saravi, S., Atlam, H. and Franqueira, V. 2023. Deep labeller: automatic bounding box generation for synthetic violence detection datasets. Multimedia Tools and Applications. pp. 1-18. https://doi.org/10.1007/s11042-023-15621-5
ANFIS for risk estimation in risk-based access control model for smart homes
Atlam, H. and Gary B. Wills 2022. ANFIS for risk estimation in risk-based access control model for smart homes. Multimedia Tools and Applications. pp. 1-30. https://doi.org/10.1007/s11042-022-14010-8
DEEPSEL: A novel feature selection for early identification of malware in mobile applications
Muhammad Ajmal Azad, Farhan Riaz, Anum Aftab, Syed Khurram Jah Rizvi, Junaid Arshad, Hany F. Atlam and Atlam, H. 2021. DEEPSEL: A novel feature selection for early identification of malware in mobile applications. Future Generation Computer Systems. 129, pp. 54-63. https://doi.org/10.1016/j.future.2021.10.029
IoT forensics: A state-of-the-art review, callenges and future directions
Alenezi, Ahmed, Atlam, Hany, Alsagri, Reem, Alassafi, Madini and Wills, Gary 2019. IoT forensics: A state-of-the-art review, callenges and future directions. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0007905401060115
Experts reviews of a cloud forensic readiness framework for organizations
Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary B. 2019. Experts reviews of a cloud forensic readiness framework for organizations. Journal of Cloud Computing. 8 (1). https://doi.org/10.1186/s13677-019-0133-z
Security, cybercrime and digital forensics for IoT
Atlam, Hany F., Alenezi, Ahmed, Alassafi, Madini O., Alshdadi, Abdulrahman A. and Wills, Gary B. 2019. Security, cybercrime and digital forensics for IoT. in: Intelligent Systems Reference Library Springer International Publishing.
A famework for data sharing between healthcare providers using blockchain
Alzahrani, Ahmed G., Alenezi, Ahmed, Atlam, Hany F. and Wills, Gary 2020. A famework for data sharing between healthcare providers using blockchain. Proceedings of the 5th International Conference on Internet of Things, Big Data and Security. https://doi.org/10.5220/0009413403490358
Intersections between IoT and distributed ledger
Atlam, Hany F. and Wills, Gary B. 2019. Intersections between IoT and distributed ledger. in: Advances in Computers Elsevier.
IoT security, privacy, safety and ethics
Atlam, Hany F. and Wills, Gary B. 2019. IoT security, privacy, safety and ethics. in: Internet of Things Springer International Publishing.
Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT
Atlam, Hany F., Walters, Robert J., Wills, Gary B. and Daniel, Joshua 2019. Fuzzy logic with expert judgment to implement an adaptive risk-based access control model for IoT. Mobile Networks and Applications. https://doi.org/10.1007/s11036-019-01214-w
A validation of security determinants model for cloud adoption in Saudi organisations’ context
Alassafi, Madini O., Atlam, Hany F., Alshdadi, Abdulrahman A., Alzahrani, Abdullah I., AlGhamdi, Rayed A. and Buhari, Seyed M. 2019. A validation of security determinants model for cloud adoption in Saudi organisations’ context. International Journal of Information Technology. https://doi.org/10.1007/s41870-019-00360-4
An efficient security risk estimation technique for Risk-based access control model for IoT
Atlam, Hany F. and Wills, Gary 2019. An efficient security risk estimation technique for Risk-based access control model for IoT. Internet of Things. https://doi.org/10.1016/j.iot.2019.100052