Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Per-sender neural network classifiers for email authorship validation

Rohit Dube

TL;DR

This work defines authorship validation as a practical, real-time defense against internal impersonation attacks by modeling per-sender writing style. It builds Enron-based datasets with authentic and inauthentic emails, and evaluates a simple Naive Bayes baseline against a Char-CNN that processes fixed-length character sequences with multi-branch convolutions, achieving high accuracy and F1 across scenarios. The findings indicate that per-sender neural classifiers can provide a strong, low-overhead signal to commercial email security stacks, enabling modular integration and incremental retraining. The paper also outlines deployment considerations, including sender-profile augmentation, a modular detection stack, and mechanisms to address false positives/negatives, highlighting practical impact for defending against lateral spear phishing and BEC. Future work includes scaling datasets, exploring richer architectures, and extending the approach to other collaboration tools.

Abstract

Business email compromise and lateral spear phishing attacks are among modern organizations' most costly and damaging threats. While inbound phishing defenses have improved significantly, most organizations still trust internal emails by default, leaving themselves vulnerable to attacks from compromised employee accounts. In this work, we define and explore the problem of authorship validation: verifying whether a claimed sender actually authored a given email. Authorship validation is a lightweight, real-time defense that complements traditional detection methods by modeling per-sender writing style. Further, the paper presents a collection of new datasets based on the Enron corpus. These simulate inauthentic messages using both human-written and large language model-generated emails. The paper also evaluates two classifiers -- a Naive Bayes model and a character-level convolutional neural network (Char-CNN) -- for the authorship validation task. Our experiments show that the Char-CNN model achieves high accuracy and F1 scores under various circumstances. Finally, we discuss deployment considerations and show that per-sender authorship classifiers are practical for integrating into existing commercial email security systems with low overhead.

Per-sender neural network classifiers for email authorship validation

TL;DR

This work defines authorship validation as a practical, real-time defense against internal impersonation attacks by modeling per-sender writing style. It builds Enron-based datasets with authentic and inauthentic emails, and evaluates a simple Naive Bayes baseline against a Char-CNN that processes fixed-length character sequences with multi-branch convolutions, achieving high accuracy and F1 across scenarios. The findings indicate that per-sender neural classifiers can provide a strong, low-overhead signal to commercial email security stacks, enabling modular integration and incremental retraining. The paper also outlines deployment considerations, including sender-profile augmentation, a modular detection stack, and mechanisms to address false positives/negatives, highlighting practical impact for defending against lateral spear phishing and BEC. Future work includes scaling datasets, exploring richer architectures, and extending the approach to other collaboration tools.

Abstract

Business email compromise and lateral spear phishing attacks are among modern organizations' most costly and damaging threats. While inbound phishing defenses have improved significantly, most organizations still trust internal emails by default, leaving themselves vulnerable to attacks from compromised employee accounts. In this work, we define and explore the problem of authorship validation: verifying whether a claimed sender actually authored a given email. Authorship validation is a lightweight, real-time defense that complements traditional detection methods by modeling per-sender writing style. Further, the paper presents a collection of new datasets based on the Enron corpus. These simulate inauthentic messages using both human-written and large language model-generated emails. The paper also evaluates two classifiers -- a Naive Bayes model and a character-level convolutional neural network (Char-CNN) -- for the authorship validation task. Our experiments show that the Char-CNN model achieves high accuracy and F1 scores under various circumstances. Finally, we discuss deployment considerations and show that per-sender authorship classifiers are practical for integrating into existing commercial email security systems with low overhead.

Paper Structure

This paper contains 46 sections, 9 equations, 6 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Sender profiles
  4. Stylometry and authorship attribution
  5. Commercial email security systems
  6. Threat Model
  7. Dataset construction
  8. Authentic emails
  9. Sender kaminski-v
  10. Sender stclair-c
  11. Inauthentic emails
  12. LLM-generated inauthentic set
  13. Other top senders' emails as the inauthentic set
  14. Mixture of emails as the inauthentic set
  15. Creating datasets from authentic and inauthentic email sets
  16. ...and 31 more sections

Figures (6)

  • Figure 1: Email length distribution: authentic (clean original) versus inauthentic (generated) emails
  • Figure 2: Confusion matrix for Naive Bayes classifier
  • Figure 3: Top discriminative words in Naive Bayes classification
  • Figure 4: Confusion matrix for Char-CNN classifier
  • Figure 5: ROC curve for Char-CNN classifier performance
  • ...and 1 more figures