Master LLMs with our FREE course in collaboration with Activeloop & Intel Disruptor Initiative. Join now!

Publication

Text Augmentation for detecting spear-phishing emails
Natural Language Processing

Text Augmentation for detecting spear-phishing emails

Last Updated on October 23, 2020 by Editorial Team

Author(s): Edward Ma

Natural Language Processing

Text Augmentation for Detecting Spear-phishing Emails

Text augmentation techniques for phishing email detection

Photo by James Wheeler on Unsplash

Information security is very important for any organization. Lost money is a minor problem, the serious one is that the enterprise system. However, fraud email and phishing email occupy a small set of data when comparing to normal email. Augmenting fraud and phishing email is a way to tackle this problem.

Example of CEO fraud email (Regina et al., 2020)

Therefore, Regina et al. proposed three different approaches to generate synthetic data for model training. As synthetic data is a kind of “fake” data, some low-quality data may hurt model performance. Validations are needed to keep a high-quality synthetic data. Also, there are some assumptions which are:

  • Synthetic data should share the same label as the original text. For example, synthetic data should be change label from positive to negative (for binary classifier).
  • Synthetic data should not be redundant. In other words, the augmented text should not be almost identical to the original text.
Above: Original Text. Below: Augmented Text (Regina et al., 2020)
Replacements performed (Regina et al., 2020)

Word Replacement

Abbreviations Replacement

Abbreviations are very common in daily conversation. It allows the speaker and audience can communicate easier. For example, “F/W” and “FW” means “forward”. However, there are some vague scenarios that we need context to interpret the abbreviations. For instance, “PM” can be interpreted as “Project Manager” and “Prime Minister”.

Although this method is easy to understand and implement, the drawback is that it needs to define the conversion or mapping one by one.

Example of abbreviations replacement

Misspellings Replacement

Although auto-complete helps to correct misspellings, typo still exists in email and social media. For example, “bargin” is a typo of “bargain”. Regina et al. mentioned that misspellings are important because:

  • Misspellings can convey a sense of urgency
  • Misspellings can fool security technologies based on text analysis.
Example of misspellings replacement.

This method helps to tackle potential unseen text in inference time as the model may be trained with those misspellings tokens.

Synonym Replacement

By replacing similar meaning words, it can become a new training for models. Regina et al. used both WordNet and BERT to find synonyms or near-synonyms. For example, “The quick brown fox jumps over the lazy dog.” and “Little quick brown fox jumps over the lazy dog.” have similar meanings. The second sentence is generated by the BERT model.

Example of near-synonym replacement.

Leveraging WordNet is a typical way to generate synthetic while leveraging BERT to find near-synonyms is a better way to achieve it. Reasons are:

  • BERT or contextual word embeddings model can generate near-synonyms words. It introduces more synthetic data and no need to pre-defined a list of synonyms (i.e. WordNet)
  • As BERT can be trained for domain-specific knowledge, it can apply to specific domain data.

Take Away

  • Generating training data helps to tackle low resource problems. However, bear in mind that you should select appropriate methods to generate synthetic data.
  • Some free open source libraries provide an easy way to generate synthetic data. nlpaug is one of the examples that you can generate data by several lines of code.

About Me

I am a Data Scientist in the Bay Area. Focusing on state-of-the-art work in Data Science, Artificial Intelligence, especially in NLP and platform related. Feel free to connect with me on LinkedIn or follow me on Medium or Github.

Extension Reading

  • A library of Data Augmentation for NLP (nlpaug)

Reference


Text Augmentation for detecting spear-phishing emails was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.

Published via Towards AI

Feedback ↓