Enhancing phishing email detection with stylometric features and classifier stacking

Phishing is the most common and potentially dangerous cyber attack that organizations are forced to deal with on a constant basis, rendering its automated detection as early as possible a necessity to ensure the security of computer systems. Focusing on the email level, this work improves content-based phishing email detection by integrating stylometric features with the commonly-used vectorization techniques, as well as by utilizing classifier stacking. Leveraging a diverse set of stylometric features, we systematically explore different methods of combining them with vectorized text as well as multiple stacking configurations for the machine learning algorithms. Our findings demonstrate that the proposed methods consistently outperform vectorization-only baselines on an imbalanced dataset, with a smaller improvement to a balanced one. Specifically, we achieved an F1\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$F_1$$\end{document} measure of 0.9843 on the balanced set and 0.9656 on the imbalanced one by stacking multiple different classifiers that were trained on the content and stylometric features separately, improving baselines by more than 2.2% for the imbalanced dataset. As such, our work contributes to the ongoing efforts in cybersecurity by further enhancing the performance of state-of-the-art phishing email detection systems.