A Modular and Adaptive System for Business Email Compromise Detection

Jan Brabec; Filip \v{S}rajer; Radek Starosta; Tom\'a\v{s} Sixta; Marc; Dupont; Milo\v{s} Lenoch; Ji\v{r}\'i Men\v{s}\'ik; Florian Becker; Jakub; Boros; Tom\'a\v{s} Pop; Pavel Nov\'ak

arXiv:2308.10776·cs.CR·August 22, 2023·1 cites

A Modular and Adaptive System for Business Email Compromise Detection

Jan Brabec, Filip \v{S}rajer, Radek Starosta, Tom\'a\v{s} Sixta, Marc, Dupont, Milo\v{s} Lenoch, Ji\v{r}\'i Men\v{s}\'ik, Florian Becker, Jakub, Boros, Tom\'a\v{s} Pop, Pavel Nov\'ak

PDF

Open Access

TL;DR

CAPE is a modular, adaptive system that combines multiple machine learning models and behavioral detectors across email modalities to effectively detect Business Email Compromise attacks, with proven deployment over two years.

Contribution

The paper introduces CAPE, a novel, multi-modal BEC detection system that integrates diverse models and explainability, and demonstrates its effectiveness in a real-world environment.

Findings

01

Proven effectiveness of CAPE in production for over two years

02

CAPE's modular design enables explainability and continuous adaptation

03

Integration of multiple models improves detection accuracy

Abstract

The growing sophistication of Business Email Compromise (BEC) and spear phishing attacks poses significant challenges to organizations worldwide. The techniques featured in traditional spam and phishing detection are insufficient due to the tailored nature of modern BEC attacks as they often blend in with the regular benign traffic. Recent advances in machine learning, particularly in Natural Language Understanding (NLU), offer a promising avenue for combating such attacks but in a practical system, due to limitations such as data availability, operational costs, verdict explainability requirements or a need to robustly evolve the system, it is essential to combine multiple approaches together. We present CAPE, a comprehensive and efficient system for BEC detection that has been proven in a production environment for a period of over two years. Rather than being a single model, CAPE is…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSpam and Phishing Detection · Topic Modeling · Sentiment Analysis and Opinion Mining

MethodsMulti-Head Attention · Attention Is All You Need · Linear Layer · Position-Wise Feed-Forward Layer · Byte Pair Encoding · Adam · Label Smoothing · Layer Normalization · Softmax · Dense Connections