CAUTION: This is an External email. Please send suspicious ...
RESEARCH ARTICLE Suspicious Email Detection System via Triple … · 2015-05-25 · Suspicious...
Transcript of RESEARCH ARTICLE Suspicious Email Detection System via Triple … · 2015-05-25 · Suspicious...
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 552
Available Online at www.ijcsmc.com
International Journal of Computer Science and Mobile Computing
A Monthly Journal of Computer Science and Information Technology
ISSN 2320–088X
IJCSMC, Vol. 4, Issue. 5, May 2015, pg.552 – 565
RESEARCH ARTICLE
Suspicious Email Detection System via Triple
DES Algorithm: Cryptography Approach
Nisha Rani
1
1Research Scholar, Department of Computer Science and Engineering, Ganga Institute Of Technology & Management, Kablana
Email ID: [email protected]
Mrs. Neetu Sharma2
2HOD (CSE Dept.), Ganga Institute Of Technology & Management, Kablana
Email ID: [email protected]
Abstract: The paper presents a suspicious email detection System which detect suspicious activities. In the paper
we proposed the use of cryptography strategies for terrorists email detection. Security plays a very important and
crucial role in the field of Internet and for email communication. So there is a need of suspicious email
detection system which detects all suspicious activities. The need for Suspicious email detection System is
increasing due to the rapid usage of Email communication in the Internet world.
Triple Data encryption standard (DES) is a private key cryptography system that provides the security in
communication system. By using an Enhanced DES algorithm the security has been improved which is
very crucial in the communication and field of Internet.
Keywords— Cipher text, Decryption, 3DES, Encryption, Plaintext.
I. INTRODUCTION
E-mail is one of the most popular, fastest and cheapest means of communication. It has become a part of everyday
life for millions of people, changing the way we work and collaborate. Email messages can be sent to an individual
or groups. A single email can spread among millions of people within few moments. Nowadays, most individuals
even cannot imagine the life without email. For those reasons, email has become a widely used medium for
communication of terrorists as well. A great number of researchers focused in the area of counterterrorism after the
disastrous events of 9/11 trying to predict terrorist plans from suspicious communication. This also motivated us to
contribute in this area.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 553
In this paper, we have applied Cryptography techniques to detect suspicious emails, i.e., an email that alerts of
upcoming terrorist events. We have applied Triple DES (Data Encryption Standard) algorithms, emphasizing
initially on Given a plaintext message, the first key is used to DES- encrypt the message. The second key is used to
DES-decrypt the encrypted message. (Since the second key is not the right key, this decryption just scrambles the
data further.) The twice-scrambled message is then encrypted again with the first key to yield the final cipher text.
This three-step procedure is called triple-Triple-DES is just DES done three times with two keys used in a particular
order. (Triple-DES can also be done with three separate keys instead of only two. In either case the resultant key
space is about 2^112.)
Detecting Suspicious and criminal activities prior to the attacks and providing security to the people is the
challenging task for the investigators or administrator Email . is a technology that includes passing and sending
information from one place to another, using computer and the Internet. It is beneficial in both our personal and
professional life. As Electronic mail is largely used by the terrorists for their communication, there is a need for
Suspicious email detection system that classifies emails to detect Suspicious activities and make the
administrator alert.
In this paper work, we will detect the suspicious mails sent from the users who are already registered on this System.
Firstly new users sign up themselves on the site to send the mails to those users who already registered and then
view the messages from the registered users. Triple DES Algorithm used by admin to encrypt the messages sent to
the users or sent some warnings about the other users suspicious activity.
In this work, suspicious words dictionary is used to detect the suspicious words which are not actually used in the
normal messaging or communication.
Suspicious email Detection System
Suspicious email detection is a kind of mailing system where suspicious users are identified by determining the
keywords used by him/her. The keywords such as bomb, RDX, are found in the mails which are sent by the user. All
these blocked mails are checked by the administrator and identify the users who sent such mails.
The proposed work will helps in finding out anti social elements. This provides the security to system which adapts
it. This also helps the intelligence bureau, crime branch etc .Insurance premium calculations, for quarterly, half
yearly and annually is completely automated gives us a reliable environment. The system provides claim reporting
and status enquiry.
The proposed work will be helpful for identifying the suspicious email and also assist the investigators to get the
information in time to take effective actions to reduce the criminal activities.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 554
II. RELATED WORK
The research in the area of email analysis usually focuses on two areas namely: email traffic analysis and email
content analysis. A lot of research has been conducted for Email traffic analysis [10], [11].
In the Year 2005 Keila and Skillicorn [11] have investigated on the Enron [13] data set which contains email
communications among employees of an organization who were involved in the collapse of the organization. The
authors [11] have applied ID3 algorithm to detect suspicious emails by using keyword base approach and by
applying rules.
They have not used any information regarding the context of the identified keywords in the emails.
In the Year 2007 S. Appavu & R. Rajaram [2] have applied association rule mining to detect suspicious emails
with the additional benefits of classifying the (suspicious in terms of terror plots) emails further into
specialized classes such as suspicious alert or suspicious info.
This system decides whether the email can be classified as suspicious alert in the presence of suspicious keyword in
the future tense otherwise only it is classified as suspicious info.
In the Year 2008 The authors [13], [14] incorporated feature selection strategies along with classification systems.
According to [15], by using feature selection methods one can improve the accuracy, applicability, and
understandability of the learning process. Selvakuberan et al. [14] have applied filtered feature selection methods
[16] on web page classification; according to their results the evaluator CfsSubset Eval yields better performance
with search methods Best First, Ranker search, and Forward selection. Pineda-Bautista et al. [17] proposed a
method for selecting the subset of features for each class in multi-class classification task. The classifiers that
were used by the authors were Naïve Baye's (NB) [6], k-Nearest Neighbors (k-NN) [17], C4.5 [19], and Multi
Layer Perceptron (MLP). The authors trained the classifier for each class separately by using only the features
of that particular class.
In the Year Smith 2007 [15]have emphasized the use of a feature selection method for achieving accuracy of
sentiment classification. They proposed to apply CfsSubset Eval with the Best First search method.
Different researcher used different method to implement a System that detect suspicious activities.
The Proposed method used cryptography algorithm i.e. triple DES (3 Data Encryption standard) it is very fast
algorithm for encrypt or decrypt the information (email message) in a successful rate.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 555
We will detect the suspicious mails sent from the users who are already registered on this website. Firstly new users
sign up themselves on the site to send the mails to those users who already registered and then view the messages
from the registered users.
Triple DES Algorithm used by admin to encrypt the messages sent to the users or sent some warnings about the
other users suspicious activity.
In this proposed work, suspicious words dictionary is used to detect the suspicious words which are not actually
used in the normal messaging or communication.
A. Triple DES Algorithm (3DES)
3DES is an enhancement of DES; it is 64 bit block
size with 192 bits key size. In this standard the
Encryption method is similar to the one in the original DES but applied 3 times to increase the encryption Level.
Triple DES is DES –three times. It comes in two flavors: One that uses three keys, and other that uses two keys.
The Idea of 3-DES is shown in to the fig.1. The plain text block P is first encrypted with a key K1, then encrypted
with second key K2, and finally with third key K3, where K1, K2 and K3 are different from each other.
To decrypt the cipher text C and obtain the plain text, we need to perform the operation P= DK3 (DK2 (DK1©)).
But in Triple DES with two keys the algorithms works as follows:
[1] Encryption the plain text with key K1. Thus, we have EK1 (p).
[2] Decrypt the output of step1 above with key K2. Thus, we have DK2 (EK1 (P)).
[3] Finally, encrypt the output of step 2 again with key K1.Thus, we have EK1 (DK2 (EK1 (P))).
The idea of 3-DES with two keys are shown in fig. 1.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 556
(Triple DES)
III. PROBLEM STATEMENT
The problem under consideration is to identify emails that contain suspicious contents indicating terrorism events.
We consider the task of suspicious email detection as a System.
The purpose is to formulate a System that detects suspicious activities.
We cannot deny the importance of email that is a major source of communication among most individuals
and organizations, including terrorists and terrorist organizations.
The proposed system first detect the suspicious activities when suspicious user send some suspicious message to
another user and then delete that message which is basically going through email.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 557
The email is marked as suspicious when certain keywords like bomb, attack, RDX are present in email message.
These keywords are inserted by Administrator by creating the data dictionary.
IV. Study of Cryptography Technique
Encryption: The process of encoding the plaintext into cipher text is called Encryption.
Decryption: The process of decoding ciphers text to plaintext is called Decryption.
This can be done by two techniques symmetric-key cryptography and asymmetric key cryptography. Symmetric
key cryptography involves the usage of the same key for encryption and decryption.
Asymmetric key cryptography involves the usage of one key for encryption and another, different key for
decryption.
V. IMPLEMENTATION DETAILS
In this research work we have used triple Des algorithm to implement suspicious email detection system. We have
created two modules for this work.
a) Admin Module.
b) User Module.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 558
These modules also carry sub-modules.
a) Admin Module:
i. Admin Login
ii. Check Suspicious Mails for Admin
iii. Data Dictionary for Admin
iv. View Data Dictionary for Admin
v. View User List for Admin
vi. Create message Module for Admin
b) User Module
i. User Login
ii. User Registration Module
iii. Create Message Module for Users
iv. Inbox Module for Users
v. Sent Box Module for Users
vi. User Forum
a) Admin Module: In Admin module, admin can check all the suspicious mail which is send by suspicious
users. He can view the data dictionary, see the user detail which is registered in this system as well as send
the message to user.
i) Admin Login
In this module, admin can enter the username and password to authenticate himself to access the account panel
modules.
ii) Check Suspicious Mails for Admin
In this module, admin can check the suspicious mail which is not actually stored into the user inbox instead of
marked as suspicious status and sent it to the admin as suspicious mails with the user details.
iii) Data Dictionary for Admin
In this module, admin can add the suspicious words into existing data dictionary to detect more precisely and
accurately the suspicious mails sent by the users.
iv) View Data Dictionary for Admin
In this module, admin can view the suspicious words exists into the data dictionary and also has access to delete the
suspicious words from the existing data dictionary of suspicious words.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 559
v) View Users List for Admin
In this module, admin can view the registered users and their full details and has access to delete the users if any of
the registered users are found to do the suspicious activity on the website.
vi) Create message Module for admin
In this module, admin can select the username and then enter the message along with the subject and also the input
encryption key which is used for encrypt the message as well as the subject and then send it to the selected user and
message and subject are both stored into the user inbox.
b) User Module: In this, user can send message to another user and that message will be encrypt in some way by
using some key. When user(sender) send message to another user he has to enter their name, subject, key, and type
their message. email id is already registered at the time of user registration. Then that key will be send to the
user(receiver) gmail inbox. He can see their key and the decrypt their message and see the message. So, the main
benefit of this system it provides security as well as suspicious mails and suspicious user can easily identified.
Platform
To implement a system, we have used Programming Language Advanced Java; NetBeans 7.3.1 as a front end IDE,
MySQL Server as a database for storing data and supported Operating System are WINDOWS XP & its above
versions.
SCREENSHOTS
Suspicious email detection system
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 560
Login module
Admin Account Panel
Check suspicious emails
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 561
Message Panel
Create suspicious words
User List Module
Compose message module for admin
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 562
Show message panel
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 563
User Login Module
Registration Module
Create message module for user
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 564
Sent box message module for user
User Forum Module
VI. CONCLUSION
The proposed System is solved the problem definition by detecting the suspicious mails. Admin is created the data
dictionary of suspicious words and this data dictionary makes help to detect the suspicious activity of the users.
Admin further will be added the suspicious words into the existing Suspicious Words data dictionary.
References
[1] S.Appavu alias Balamurugan, Aravind,Athiappan, Bharathiraja,Muthu Pandian and Dr.R.Rajaram, “Association
Rule Mining for Suspicious Email Detection: A Data Mining Approach”, in Proc. Of the IEEE International
Conference on Intelligence and Security Informatics, New Jersey,USA, 2007, pp. 316-323.
[2] P.S.Keila and D.B.Skillicorn, “Detecting unusualand Deceptive Communication in Email,” Technical reports June,
2005.
[3] S.Appavu and R.Rajaram, “Suspicious Email Detection via Decision Tree: A Data Mining Approach”, in
Journal of Computing and Information Technology–CIT 15, 2007,2, pp. 161-169.
Nisha Rani et al, International Journal of Computer Science and Mobile Computing, Vol.4 Issue.5, May- 2015, pg. 552-565
© 2015, IJCSMC All Rights Reserved 565
[4] S.Appavu, R.Rajaram, G.Athiapan, M.Muthupandian, “Data Mining Techniques for Suspicious Email Detection: A
Comparative Study”. Presented in IADIS European Conference DataMining 2007, pp. 213-217.
[5]R.Agrawal, R.J.Bayardo and R.Srikant. Athena, “Mining-based interactive management of text databases,” In Proc.
7thInt. Conf. Extending Database Technology, Konstanz, Germany, 2000, pp.365-379.
[6] R.B.Segal and J.O.Kephart, MailCat: An Intelligent Assistant for Organizing E-Mail, in the Proc. of 3 rd Int. Conf.
on Autonomous Agents.
[7] R.Agrawal and R.Srikant, “Fast algorithms for mining association rules,”In Proc. 20th
Int. Conf. Very Large
Databases, pp. 487-499, Santiago, Chile, 1994.
[8] Liu, W. Hsu, and Y. Ma, “Integrating classification and Data Mining”, pages 80-86, New York City, NY,
August 1998.
[9] X. Yin, J. Han,”CPAR: Classification based on predictive Association Rules,”SDM’03, pages 331-335.
[10] A.A.Zaidan, B.B.Zaidan, “Novel Approach for High Secure Data Hidden in MPEG Video Using Public Key
Infrastructure”, International Journal of Computer and Network Security, 2009, Vol.1, No.1, ISSN: 1985-1553, P.P 71-
76.
[11] A.W.Naji, A.A.Zaidan, B.B.Zaidan, Shihab A, Othman O. Khalifa, “Novel Approach of Hidden Data in the
(Unused Area 2 within EXE File) Using Computation between Cryptography and Steganography”, International Journal
of Computer Science and Network Security (IJCSNS), Vol.9, No.5, ISSN: 1738-7906, pp. 294-300.
[12] Anas Majed Hamid, Miss Laiha Mat Kiah, Hayan .T. Madhloom, B.B Zaidan, A.A Zaidan,” Novel Approach for
High Secure and High Rate Data Hidden in the Image Using Image Texture Analysis”, International Journal of
Engineering and Technology (IJET) , Published by: Engg Journals Publications, ISSN:0975-4042, Vol.1,NO.2,P.P 63-
69.
[13] K.Selvakuberan, M.Indradevi, R.Rajaram, (2008). Combined feature selection and classification – A novel
approach for categorization of web pages. Journal of Information and Computing Science. 32pp. 83-89.
[14] A. Arauzo-Azofra, J. M. Benitez, “Empirical Study of Feature Selection Methods in Classification”, In proc. of
Eighth Internation Conference on Hybrid Intelligent System s, 2008, pp. 584-589.
[15] K. T. Durant , M. D. Smith “Predicting t he political sentiment of web log post s using supervised machine
learning techniques coupled with feature selecion".LNCS, 2007, pp. 187-206.
[16]A.A.Zaidan, B.B.Zaidan, Anas Majeed, "High Securing Cover-File of Hidden Data Using Statistical Technique and
AES Encryption Algorithm", World Academy of Science Engineering and Technology(WASET), Vol.54, ISSN: 2070-
3724, P.P 468-479.
[17] A.A.Zaidan, Fazidah. Othman, B.B.Zaidan, R.Z.Raji, Ahmed.K.Hasan,and A.W.Naji," Securing Cover-File
without Limitation of Hidden Data Size Using Computation between Cryptography and
Steganography", World Congress on Engineering 2009 (WCE), The2009 International Conference of Computer
Science and Engineering, Proceedings of the International Multi Conference of Engineers and
Computer Scientists 2009, ISBN: 978-988-17012-5-1, Vol. I, p.p259-265.
[18] M.Abomhara, Omar Zakaria, Othman O. Khalifa ,A.A.Zaidan, B.B.Zaidan, “Enhancing Selective Encryption
for H.264/AVC Using Advance Encryption Standard “, International Journal of Computer and Electrical
Engineering (IJCEE), ISSN: 1793-8198,Vol.2 , NO.2, April2010, Singapore.