RESEARCH ARTICLE Suspicious Email Detection System via Triple … · 2015-05-25 · Suspicious...

Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565

© 2015, IJCSMC All Rights Reserved 552

Available Online at www.ijcsmc.com

International Journal of Computer Science and Mobile Computing

A Monthly Journal of Computer Science and Information Technology

ISSN 2320–088X

IJCSMC, Vol. 4, Issue. 5, May 2015, pg.552 – 565

RESEARCH ARTICLE

Suspicious Email Detection System via Triple

DES Algorithm: Cryptography Approach

Nisha Rani

1

1Research Scholar, Department of Computer Science and Engineering, Ganga Institute Of Technology & Management, Kablana

Email ID: [email protected]

Mrs. Neetu Sharma2

2HOD (CSE Dept.), Ganga Institute Of Technology & Management, Kablana

Email ID: [email protected]

Abstract: The paper presents a suspicious email detection System which detect suspicious activities. In the paper

we proposed the use of cryptography strategies for terrorists email detection. Security plays a very important and

crucial role in the field of Internet and for email communication. So there is a need of suspicious email

detection system which detects all suspicious activities. The need for Suspicious email detection System is

increasing due to the rapid usage of Email communication in the Internet world.

Triple Data encryption standard (DES) is a private key cryptography system that provides the security in

communication system. By using an Enhanced DES algorithm the security has been improved which is

very crucial in the communication and field of Internet.

Keywords— Cipher text, Decryption, 3DES, Encryption, Plaintext.

I. INTRODUCTION

E-mail is one of the most popular, fastest and cheapest means of communication. It has become a part of everyday

life for millions of people, changing the way we work and collaborate. Email messages can be sent to an individual

or groups. A single email can spread among millions of people within few moments. Nowadays, most individuals

even cannot imagine the life without email. For those reasons, email has become a widely used medium for

communication of terrorists as well. A great number of researchers focused in the area of counterterrorism after the

disastrous events of 9/11 trying to predict terrorist plans from suspicious communication. This also motivated us to

contribute in this area.



In this paper, we have applied Cryptography techniques to detect suspicious emails, i.e., an email that alerts of

upcoming terrorist events. We have applied Triple DES (Data Encryption Standard) algorithms, emphasizing

initially on Given a plaintext message, the first key is used to DES- encrypt the message. The second key is used to

DES-decrypt the encrypted message. (Since the second key is not the right key, this decryption just scrambles the

data further.) The twice-scrambled message is then encrypted again with the first key to yield the final cipher text.

This three-step procedure is called triple-Triple-DES is just DES done three times with two keys used in a particular

order. (Triple-DES can also be done with three separate keys instead of only two. In either case the resultant key

space is about 2^112.)

Detecting Suspicious and criminal activities prior to the attacks and providing security to the people is the

challenging task for the investigators or administrator Email . is a technology that includes passing and sending

information from one place to another, using computer and the Internet. It is beneficial in both our personal and

professional life. As Electronic mail is largely used by the terrorists for their communication, there is a need for

Suspicious email detection system that classifies emails to detect Suspicious activities and make the

administrator alert.

In this paper work, we will detect the suspicious mails sent from the users who are already registered on this System.

Firstly new users sign up themselves on the site to send the mails to those users who already registered and then

view the messages from the registered users. Triple DES Algorithm used by admin to encrypt the messages sent to

the users or sent some warnings about the other users suspicious activity.

In this work, suspicious words dictionary is used to detect the suspicious words which are not actually used in the

normal messaging or communication.

Suspicious email Detection System

Suspicious email detection is a kind of mailing system where suspicious users are identified by determining the

keywords used by him/her. The keywords such as bomb, RDX, are found in the mails which are sent by the user. All

these blocked mails are checked by the administrator and identify the users who sent such mails.

The proposed work will helps in finding out anti social elements. This provides the security to system which adapts

it. This also helps the intelligence bureau, crime branch etc .Insurance premium calculations, for quarterly, half

yearly and annually is completely automated gives us a reliable environment. The system provides claim reporting

and status enquiry.

The proposed work will be helpful for identifying the suspicious email and also assist the investigators to get the

information in time to take effective actions to reduce the criminal activities.



II. RELATED WORK

The research in the area of email analysis usually focuses on two areas namely: email traffic analysis and email

content analysis. A lot of research has been conducted for Email traffic analysis [10], [11].

In the Year 2005 Keila and Skillicorn [11] have investigated on the Enron [13] data set which contains email

communications among employees of an organization who were involved in the collapse of the organization. The

authors [11] have applied ID3 algorithm to detect suspicious emails by using keyword base approach and by

applying rules.

They have not used any information regarding the context of the identified keywords in the emails.

In the Year 2007 S. Appavu & R. Rajaram [2] have applied association rule mining to detect suspicious emails

with the additional benefits of classifying the (suspicious in terms of terror plots) emails further into

specialized classes such as suspicious alert or suspicious info.

This system decides whether the email can be classified as suspicious alert in the presence of suspicious keyword in

the future tense otherwise only it is classified as suspicious info.

In the Year 2008 The authors [13], [14] incorporated feature selection strategies along with classification systems.

According to [15], by using feature selection methods one can improve the accuracy, applicability, and

understandability of the learning process. Selvakuberan et al. [14] have applied filtered feature selection methods

[16] on web page classification; according to their results the evaluator CfsSubset Eval yields better performance

with search methods Best First, Ranker search, and Forward selection. Pineda-Bautista et al. [17] proposed a

method for selecting the subset of features for each class in multi-class classification task. The classifiers that

were used by the authors were Naïve Baye's (NB) [6], k-Nearest Neighbors (k-NN) [17], C4.5 [19], and Multi

Layer Perceptron (MLP). The authors trained the classifier for each class separately by using only the features

of that particular class.

In the Year Smith 2007 [15]have emphasized the use of a feature selection method for achieving accuracy of

sentiment classification. They proposed to apply CfsSubset Eval with the Best First search method.

Different researcher used different method to implement a System that detect suspicious activities.

The Proposed method used cryptography algorithm i.e. triple DES (3 Data Encryption standard) it is very fast

algorithm for encrypt or decrypt the information (email message) in a successful rate.



We will detect the suspicious mails sent from the users who are already registered on this website. Firstly new users

sign up themselves on the site to send the mails to those users who already registered and then view the messages

from the registered users.

Triple DES Algorithm used by admin to encrypt the messages sent to the users or sent some warnings about the

other users suspicious activity.

In this proposed work, suspicious words dictionary is used to detect the suspicious words which are not actually

used in the normal messaging or communication.

A. Triple DES Algorithm (3DES)

3DES is an enhancement of DES; it is 64 bit block

size with 192 bits key size. In this standard the

Encryption method is similar to the one in the original DES but applied 3 times to increase the encryption Level.

Triple DES is DES –three times. It comes in two flavors: One that uses three keys, and other that uses two keys.

The Idea of 3-DES is shown in to the fig.1. The plain text block P is first encrypted with a key K1, then encrypted

with second key K2, and finally with third key K3, where K1, K2 and K3 are different from each other.

To decrypt the cipher text C and obtain the plain text, we need to perform the operation P= DK3 (DK2 (DK1©)).

But in Triple DES with two keys the algorithms works as follows:

[1] Encryption the plain text with key K1. Thus, we have EK1 (p).

[2] Decrypt the output of step1 above with key K2. Thus, we have DK2 (EK1 (P)).

[3] Finally, encrypt the output of step 2 again with key K1.Thus, we have EK1 (DK2 (EK1 (P))).

The idea of 3-DES with two keys are shown in fig. 1.



(Triple DES)

III. PROBLEM STATEMENT

The problem under consideration is to identify emails that contain suspicious contents indicating terrorism events.

We consider the task of suspicious email detection as a System.

The purpose is to formulate a System that detects suspicious activities.

We cannot deny the importance of email that is a major source of communication among most individuals

and organizations, including terrorists and terrorist organizations.

The proposed system first detect the suspicious activities when suspicious user send some suspicious message to

another user and then delete that message which is basically going through email.



The email is marked as suspicious when certain keywords like bomb, attack, RDX are present in email message.

These keywords are inserted by Administrator by creating the data dictionary.

IV. Study of Cryptography Technique

Encryption: The process of encoding the plaintext into cipher text is called Encryption.

Decryption: The process of decoding ciphers text to plaintext is called Decryption.

This can be done by two techniques symmetric-key cryptography and asymmetric key cryptography. Symmetric

key cryptography involves the usage of the same key for encryption and decryption.

Asymmetric key cryptography involves the usage of one key for encryption and another, different key for

decryption.

V. IMPLEMENTATION DETAILS

In this research work we have used triple Des algorithm to implement suspicious email detection system. We have

created two modules for this work.

a) Admin Module.

b) User Module.



These modules also carry sub-modules.

a) Admin Module:

i. Admin Login

ii. Check Suspicious Mails for Admin

iii. Data Dictionary for Admin

iv. View Data Dictionary for Admin

v. View User List for Admin

vi. Create message Module for Admin

b) User Module

i. User Login

ii. User Registration Module

iii. Create Message Module for Users

iv. Inbox Module for Users

v. Sent Box Module for Users

vi. User Forum

a) Admin Module: In Admin module, admin can check all the suspicious mail which is send by suspicious

users. He can view the data dictionary, see the user detail which is registered in this system as well as send

the message to user.

i) Admin Login

In this module, admin can enter the username and password to authenticate himself to access the account panel

modules.

ii) Check Suspicious Mails for Admin

In this module, admin can check the suspicious mail which is not actually stored into the user inbox instead of

marked as suspicious status and sent it to the admin as suspicious mails with the user details.

iii) Data Dictionary for Admin

In this module, admin can add the suspicious words into existing data dictionary to detect more precisely and

accurately the suspicious mails sent by the users.

iv) View Data Dictionary for Admin

In this module, admin can view the suspicious words exists into the data dictionary and also has access to delete the

suspicious words from the existing data dictionary of suspicious words.



v) View Users List for Admin

In this module, admin can view the registered users and their full details and has access to delete the users if any of

the registered users are found to do the suspicious activity on the website.

vi) Create message Module for admin

In this module, admin can select the username and then enter the message along with the subject and also the input

encryption key which is used for encrypt the message as well as the subject and then send it to the selected user and

message and subject are both stored into the user inbox.

b) User Module: In this, user can send message to another user and that message will be encrypt in some way by

using some key. When user(sender) send message to another user he has to enter their name, subject, key, and type

their message. email id is already registered at the time of user registration. Then that key will be send to the

user(receiver) gmail inbox. He can see their key and the decrypt their message and see the message. So, the main

benefit of this system it provides security as well as suspicious mails and suspicious user can easily identified.

Platform

To implement a system, we have used Programming Language Advanced Java; NetBeans 7.3.1 as a front end IDE,

MySQL Server as a database for storing data and supported Operating System are WINDOWS XP & its above

versions.

SCREENSHOTS

Suspicious email detection system



Login module

Admin Account Panel

Check suspicious emails



Message Panel

Create suspicious words

User List Module

Compose message module for admin



Show message panel



User Login Module

Registration Module

Create message module for user



Sent box message module for user

User Forum Module

VI. CONCLUSION

The proposed System is solved the problem definition by detecting the suspicious mails. Admin is created the data

dictionary of suspicious words and this data dictionary makes help to detect the suspicious activity of the users.

Admin further will be added the suspicious words into the existing Suspicious Words data dictionary.

References

[1] S.Appavu alias Balamurugan, Aravind,Athiappan, Bharathiraja,Muthu Pandian and Dr.R.Rajaram, “Association

Rule Mining for Suspicious Email Detection: A Data Mining Approach”, in Proc. Of the IEEE International

Conference on Intelligence and Security Informatics, New Jersey,USA, 2007, pp. 316-323.

[2] P.S.Keila and D.B.Skillicorn, “Detecting unusualand Deceptive Communication in Email,” Technical reports June,

2005.

[3] S.Appavu and R.Rajaram, “Suspicious Email Detection via Decision Tree: A Data Mining Approach”, in

Journal of Computing and Information Technology–CIT 15, 2007,2, pp. 161-169.



[4] S.Appavu, R.Rajaram, G.Athiapan, M.Muthupandian, “Data Mining Techniques for Suspicious Email Detection: A

Comparative Study”. Presented in IADIS European Conference DataMining 2007, pp. 213-217.

[5]R.Agrawal, R.J.Bayardo and R.Srikant. Athena, “Mining-based interactive management of text databases,” In Proc.

7thInt. Conf. Extending Database Technology, Konstanz, Germany, 2000, pp.365-379.

[6] R.B.Segal and J.O.Kephart, MailCat: An Intelligent Assistant for Organizing E-Mail, in the Proc. of 3 rd Int. Conf.

on Autonomous Agents.

[7] R.Agrawal and R.Srikant, “Fast algorithms for mining association rules,”In Proc. 20th

Int. Conf. Very Large

Databases, pp. 487-499, Santiago, Chile, 1994.

[8] Liu, W. Hsu, and Y. Ma, “Integrating classification and Data Mining”, pages 80-86, New York City, NY,

August 1998.

[9] X. Yin, J. Han,”CPAR: Classification based on predictive Association Rules,”SDM’03, pages 331-335.

[10] A.A.Zaidan, B.B.Zaidan, “Novel Approach for High Secure Data Hidden in MPEG Video Using Public Key

Infrastructure”, International Journal of Computer and Network Security, 2009, Vol.1, No.1, ISSN: 1985-1553, P.P 71-

76.

[11] A.W.Naji, A.A.Zaidan, B.B.Zaidan, Shihab A, Othman O. Khalifa, “Novel Approach of Hidden Data in the

(Unused Area 2 within EXE File) Using Computation between Cryptography and Steganography”, International Journal

of Computer Science and Network Security (IJCSNS), Vol.9, No.5, ISSN: 1738-7906, pp. 294-300.

[12] Anas Majed Hamid, Miss Laiha Mat Kiah, Hayan .T. Madhloom, B.B Zaidan, A.A Zaidan,” Novel Approach for

High Secure and High Rate Data Hidden in the Image Using Image Texture Analysis”, International Journal of

Engineering and Technology (IJET) , Published by: Engg Journals Publications, ISSN:0975-4042, Vol.1,NO.2,P.P 63-

69.

[13] K.Selvakuberan, M.Indradevi, R.Rajaram, (2008). Combined feature selection and classification – A novel

approach for categorization of web pages. Journal of Information and Computing Science. 32pp. 83-89.

[14] A. Arauzo-Azofra, J. M. Benitez, “Empirical Study of Feature Selection Methods in Classification”, In proc. of

Eighth Internation Conference on Hybrid Intelligent System s, 2008, pp. 584-589.

[15] K. T. Durant , M. D. Smith “Predicting t he political sentiment of web log post s using supervised machine

learning techniques coupled with feature selecion".LNCS, 2007, pp. 187-206.

[16]A.A.Zaidan, B.B.Zaidan, Anas Majeed, "High Securing Cover-File of Hidden Data Using Statistical Technique and

AES Encryption Algorithm", World Academy of Science Engineering and Technology(WASET), Vol.54, ISSN: 2070-

3724, P.P 468-479.

[17] A.A.Zaidan, Fazidah. Othman, B.B.Zaidan, R.Z.Raji, Ahmed.K.Hasan,and A.W.Naji," Securing Cover-File

without Limitation of Hidden Data Size Using Computation between Cryptography and

Steganography", World Congress on Engineering 2009 (WCE), The2009 International Conference of Computer

Science and Engineering, Proceedings of the International Multi Conference of Engineers and

Computer Scientists 2009, ISBN: 978-988-17012-5-1, Vol. I, p.p259-265.

[18] M.Abomhara, Omar Zakaria, Othman O. Khalifa ,A.A.Zaidan, B.B.Zaidan, “Enhancing Selective Encryption

for H.264/AVC Using Advance Encryption Standard “, International Journal of Computer and Electrical

Engineering (IJCEE), ISSN: 1793-8198,Vol.2 , NO.2, April2010, Singapore.

RESEARCH ARTICLE Suspicious Email Detection System via Triple … · 2015-05-25 · Suspicious...

Documents

Transcript of RESEARCH ARTICLE Suspicious Email Detection System via Triple … · 2015-05-25 · Suspicious...