Lambda Architecture-Based Big Data System for Large-Scale Targeted Social Engineering Email Detection

Abstract

In this research, we delve deep into the realm of Targeted Social Engineering Email Detection, presenting a novel approach that harnesses the power of Lambda Architecture (LA). Our innovative methodology strategically segments the BERT model into two distinct components: the embedding generator and the classification segment. This segmentation not only optimizes resource consumption but also improves system efficiency, making it a pioneering step in the field. Our empirical findings, derived from a rigorous comparison between the fastText and BERT models, underscore the superior performance of the latter. Specifically, The BERT model has high precision rates for identifying malicious and benign emails, with impressive recall values and F1 scores. Its overall accuracy rate was 0.9988, with a Matthews Correlation Coefficient value of 0.9978. In comparison, the fastText model showed lower precision rates. Leveraging principles reminiscent of the Lambda architecture, our study delves into the performance dynamics of data processing models. The Separated-BERT (Sep-BERT) model emerges as a robust contender, adept at managing both real-time (stream) and large-scale (batch) data processing. Compared to the traditional BERT, Sep-BERT showcased superior efficiency, with reduced memory and CPU consumption across diverse email sizes and ingestion rates. This efficiency, combined with rapid inference times, positions Sep-BERT as a scalable and cost-effective solution, aligning well with the demands of Lambda- inspired architectures. This study marks a significant step forward in the fields of big data and cybersecurity. By introducing a novel methodology and demonstrating its efficacy in detecting targeted social engineering emails, we not only advance the state of knowledge in these domains but also lay a robust foundation for future research endeavors, emphasizing the transformative potential of integrating advanced big data frameworks with machine learning models.

Keywords

• big data
• lambda architecture
• cybersecurity
• phishing
• spam
• email
• deep learning
• transformers
• BERT
• NLP

References

1. [1] A. Papanikolaou, A. Alevizopoulos, C. Ilioudis, K. Demertzis, and K. Rantos, “A blockchained automl network traffic analyzer to industrial cyber defense and protection,” Electronics, vol. 12, no. 6, 2023.
2. [2] G. Manogaran, C. Thota, D. Lopez, and R. Sundarasekar, “Big data security intelligence for healthcare industry 4.0,” Cyberse- curity for Industry 4.0: Analysis for Design and Manufacturing, pp. 103–126, 2017.
3. [3] A. Papanikolaou, A. Alevizopoulos, C. Ilioudis, K. Demertzis, and K. Rantos, “An automl network traffic analyzer for cyber threat detection,” International Journal of Information Security, pp. 1–20, 2023.
4. [4] Y. Wang, W. Ma, H. Xu, Y. Liu, and P. Yin, “A lightweight multi-view learning approach for phishing attack detection using transformer with mixture of experts,” Applied Sciences, vol. 13, no. 13, 2023.
5. [5] J. Ramprasath, S. Priyanka, R. Manudev, and M. Gokul, “Identification and mitigation of phishing email attacks using deep learning,” in 2023 3rd International Conference on Ad- vance Computing and Innovative Technologies in Engineering (ICACITE), 2023, pp. 466–470.
6. [6] A. Mughaid, S. AlZu’bi, A. Hnaif, S. Taamneh, A. Alnajjar, and E. A. Elsoud, “An intelligent cyber security phishing detection system using deep learning techniques,” Cluster Computing, vol. 25, no. 6, pp. 3819–3828, 2022.
7. [7] B. Naqvi, K. Perova, A. Farooq, I. Makhdoom, S. Oyedeji, and J. Porras, “Mitigation strategies against the phishing attacks: A systematic literature review,” Computers & Security, vol. 132, p. 103387, 2023.
8. [8] T. Muralidharan and N. Nissim, “Improving malicious email detection through novel designated deep-learning architectures utilizing entire email,” Neural Networks, vol. 157, pp. 257–279, 2023.

9. [9] S. T. Singh Surinder Pal Singh, M. D. Gabhane, and C. Ma- hamuni, “Study of machine learning and deep learning algo- rithms for the detection of email spam based on python im- plementation,” in 2023 International Conference on Disruptive Technologies (ICDT), 2023, pp. 637–642.
10. [10] S. A. Khan, W. Khan, and A. Hussain, “Phishing attacks and websites classification using machine learning and mul- tiple datasets (a comparative analysis),” in Intelligent Com- puting Methodologies: 16th International Conference, ICIC 2020, Bari, Italy, October 2–5, 2020, Proceedings, Part III 16. Springer, 2020, pp. 301–313.
11. [11] S. Salloum, T. Gaber, S. Vadera, and K. Shaalan, “Phishing email detection using natural language processing techniques: A literature survey,” Procedia Computer Science, vol. 189, pp. 19–28, 2021, aI in Computational Linguistics.
12. [12] A. Livara and R. Hernandez, “An empirical analysis of machine learning techniques in phishing e-mail detection,” in 2022 Inter- national Conference for Advancement in Technology (ICONAT), 2022, pp. 1–6.
13. [13] P. Mehdi Gholampour and R. M. Verma, “Adversarial robustness of phishing email detection models,” in Proceedings of the 9th ACM International Workshop on Security and Privacy Analytics, ser. IWSPA ’23. New York, NY, USA: Association for Computing Machinery, 2023, p. 67–76.
14. [14] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Ł. Kaiser, and I. Polosukhin, “Attention is all you need,” Advances in neural information processing systems, vol. 30, 2017.
15. [15] H. Milner and M. Baron, “Establishing an optimal online phish- ing detection method: Evaluating topological nlp transformers on text message data,” Journal of Data Science & Intelligence system., pp. 1–17, 2023.
16. [16] Y. Guo, Z. Mustafaoglu, and D. Koundal, “Spam detection using bidirectional transformers and machine learning classifier algo- rithms,” Journal of Computational and Cognitive Engineering, vol. 2, no. 1, pp. 5–9, 2023.
17. [17] A. Dima, S. Ruseti, D. Iorga, C. K. Banica, and M. Dascalu, “Multi-task romanian email classification in a business context,” Information, vol. 14, no. 6, 2023.
18. [18] F. Ullah and M. A. Babar, “On the scalability of big data cyber security analytics systems,” Journal of Network and Computer Applications, vol. 198, p. 103294, 2022.
19. [19] M. A. Amanullah, R. A. A. Habeeb, F. H. Nasaruddin, A. Gani, E. Ahmed, A. S. M. Nainar, N. M. Akim, and M. Imran, “Deep learning and big data technologies for iot security,” Computer Communications, vol. 151, pp. 495–517, 2020.
20. [20] K. Demertzis, N. Tziritas, P. Kikiras, S. L. Sanchez, and L. Il- iadis, “The next generation cognitive security operations center: Adaptive analytic lambda architecture for efficient defense against adversarial attacks,” Big Data and Cognitive Computing, vol. 3, no. 1, 2019.
21. [21] B. Bansal, V. N. Jenipher, R. Jain, R. Dilip, M. Kumbhkar, S. Pramanik, S. Roy, and A. Gupta, Big Data Architecture for Network Security. John Wiley & Sons, Ltd, 2022, ch. 11, pp. 233–267.
22. [22] M. Aschi, S. Bonura, N. Masi, D. Messina, and D. Profeta, Cybersecurity and Fraud Detection in Financial Transactions. Cham: Springer International Publishing, 2022, pp. 269–278.
23. [23] R. Alghamdi and M. Bellaiche, “A deep intrusion detection system in lambda architecture based on edge cloud computing for iot,” in 2021 4th International Conference on Artificial Intelligence and Big Data (ICAIBD), 2021, pp. 561–566.
24. [24] R. Alghamdi and M. a. Bellaiche, “An ensemble deep learning based ids for iot using lambda architecture,” Cybersecurity, vol. 6, no. 1, p. 5, 2023.
25. [25] N. Martz and J. Warren, Big Data Principles and Best Practices Of Scalable Realtime Data Systems. New York, CA: Manning, 2015.
26. [26] N. Spangenberg, M. Wilke, and B. Franczyk, “A big data archi- tecture for intra-surgical remaining time predictions,” Procedia computer science, vol. 113, pp. 310–317, 2017.
27. [27] B. Twardowski and D. Ryzko, “Multi-agent architecture for realtime big data processing,” ACM International Joint Con- ferences of Web Intelligence and Intelligent Agent Technologies (IAT), pp. 333–337, 2014.
28. [28] S. Nadal, V. Herrero, O. Romero, A. Abello, X. Franch, ́ S. Vansummeren, D. Valerio et al., “A software reference architecture for semantic-aware Big Data systems,” Information and Software Technology, vol. 90, pp. 75–92, 2017.
29. [29] D. S. Terzi, M. U. Demirezen, and S. Sagiroglu, “Evaluations Of Big Data Processing,” Services Transactions on Big Data, vol. 3, no. 1, pp. 44–52, 2016.
30. [30] A. Roukh, F. N. Fote, S. A. Mahmoudi, S. Mahmoudi et al., “Big Data Processing Architecture for Smart Farming,” Proce- dia Computer Science, vol. 177, pp. 78–85, 2020.
31. [31] V. Psomakelis, K. Tserpes, D. Zissis, D. Anagnostopoulos, T. Varvarigou et al., “Context agnostic trajectory prediction based on λ-architecture,” Future Generation Computer Systems, vol. 110, pp. 531–539, 2020.
32. [32] H. Zheng, S. Oh, H. Wang, P. Briggs, J. Gai, A. Jain, Y. Liu, R. Heaton, R. Huang, and Y. Wang, “Optimizing memory-access patterns for deep learning accelerators,” ArXiv, vol. abs/2002.12798, 2020. [Online]. Available: https: //arxiv.org/abs/2002.12798
33. [33] J. D. M.-W. C. Kenton and L. K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” in Proceedings of NAACL-HLT, 2019, pp. 4171–4186.
34. [34] Y. Liu, M. Ott, N. Goyal, J. Du, M. Joshi, D. Chen, O. Levy, M. Lewis, L. Zettlemoyer, and V. Stoyanov, “Roberta: A robustly optimized bert pretraining approach,” ArXiv, vol. abs/1907.11692, 2019. [Online]. Available: https: //arxiv.org/abs/1907.11692
35. [35] Z.-H. Jiang, W. Yu, D. Zhou, Y. Chen, J. Feng, and S. Yan, “Convbert: Improving bert with span-based dynamic convo- lution,” Advances in Neural Information Processing Systems, vol. 33, pp. 12 837–12 848, 2020. [36] A. Sanla and T. Numnonda, “A Comparative Performance of Real-time Big Data Analytic Architectures,” in 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC), 2019, pp. 1–5.
36. [37] M. Garriga, G. Monsieur, and D. Tamburri, “Big data architec- tures,” in Data Science for Entrepreneurship: Principles and Methods for Data Engineering, Analytics, Entrepreneurship, and the Society, W. Liebregts, W.-J. van den Heuvel, and A. van den Born, Eds. Springer International Publishing, 2023, pp. 63–76.
37. [38] B. Karki, F. Abri, A. S. Namin, and K. S. Jones, “Using trans- formers for identification of persuasion principles in phishing emails,” in 2022 IEEE International Conference on Big Data (Big Data), 2022, pp. 2841–2848.
38. [39] B. Gogoi and T. Ahmed, “Phishing and fraudulent email de- tection through transfer learning using pretrained transformer models,” in 2022 IEEE 19th India Council International Con- ference (INDICON), 2022, pp. 1–6.
39. [40] M. U. Demirezen, “Buy ̈ uk veri uygulamaları ic ̧in bir lamda ̈ mimari gelis ̧tirilmesi / developing a lambda architecture for big data processing applications,,” Ph.D. dissertation, Gazi University, Ankara, 2015.
40. [41] X. Song, A. Salcianu, Y. Song, D. Dopson, and D. Zhou, “Fast wordpiece tokenization,” in Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, 2021, pp. 2089–2103.
41. [42] J. Quionero-Candela, M. Sugiyama, A. Schwaighofer, and N. D. Lawrence, Dataset Shift in Machine Learning. The MIT Press, 2009.
42. [43] F. Ja ́nez-Martino, R. Alaiz-Rodr ̃ ́ıguez, V. Gonzalez-Castro, ́ E. Fidalgo, and E. Alegre, “A review of spam email detection: analysis of spammer strategies and the dataset shift problem,” Artificial Intelligence Review, vol. 56, no. 2, pp. 1145–1173, 2023.
43. [44] J. Rastenis, S. Ramanauskaite, I. Suzdalev, K. Tunaityt ̇ e, J. Jan- ̇ ulevicius, and A. ˇ Cenys, “Multi-language spam/phishing classi- ˇ fication by email body text: Toward automated security incident investigation,” Electronics, vol. 10, no. 6, 2021.
44. [45] J. Nazario, “The online phishing corpus,” 2004, (accessed Jun. 1, 2023). [Online]. Available: https://monkey.org/∼jose/ phishing/
45. [46] T. Gangavarapu, C. Jaidhar, and B. Chanduka, “Applicability of machine learning in spam and phishing email filtering: review and approaches,” Artificial Intelligence Review, vol. 53, pp. 5019–5081, 2020.
46. [47] I. AbdulNabi and Q. Yaseen, “Spam email detection using deep learning techniques,” Procedia Computer Science, vol. 184, pp. 853–858, 2021.
47. [48] P. Liu and T.-S. Moh, “Content based spam e-mail filtering,” in 2016 International Conference on Collaboration Technologies and Systems (CTS). IEEE, 2016, pp. 218–224.
48. [49] M. Hopkins, E. Reeber, G. Forman, and J. Suermondt, “Spam- base data set,” Hewlett-Packard Labs, vol. 1, no. 7, 1999.
49. [50] A. Joulin, E. Grave, P. Bojanowski, and T. Mikolov, “Bag of tricks for efficient text classification,” ArXiv, vol. abs/1607.01759, 2016. [Online]. Available: https://arxiv.org/ abs/1607.01759
50. [51] P. Bojanowski, E. Grave, A. Joulin, and T. Mikolov, “Enriching word vectors with subword information,” Transactions of the association for computational linguistics, vol. 5, pp. 135–146, 2017.
51. [52] Hugging Face, “Hugging Face Pretrained BERT Model,” Accessed: 01.06.2023. [Online]. Available: https://huggingface. co/bert-base-uncased
52. [53] Mailcow dockerized, “Mailcow dockerized open source mail server,” Accessed: 12.05.2023, 2023. [Online]. Available: https://github.com/mailcow/mailcow-dockerized
53. [54] F. Yang, E. Tschetter, G. Merlino, N. Ray, X. Leaut ́ e, D. Gan- ́ guli, H. Singh et al., “Druid: a real-time analytical data store,” Proceedings of the 2014 ACM SIGMOD International Confer- ence on Management of Data, pp. 157–168, 2014.
54. [55] D. Chicco and G. Jurman, “The advantages of the matthews correlation coefficient (mcc) over f1 score and accuracy in binary classification evaluation,” BMC genomics, vol. 21, no. 1, 2020.