Automatic Response and Recovery of Phishing Email

June 10th, 2022

Thesis Type
  • Master
Muhammad Usman Mansoor
Proposal on
16/08/2022 11:15 am
Proposal room
Seminar room I5 6202
Presentation on
28/02/2023 10:00 am
Presentation room
Seminar room I5 6202
Stefan Decker
Mehdi Akbari G.

Any Organization’s top priority is to protect itself from cyber crimes because any security incident will have severe social and economic effects. Since security-related risks and threats have evolved, security-related technology has also evolved. However, finding a definitive solution based on cutting-edge technology that improves operations, automation, and overall efficiency is difficult. With new product offerings from manufacturers in this market, security automation is slowly taking place.

Deep Learning and machine learning have facilitated automated security-related processes previously thought impossible. However, security operations centre (SOC) personnel are infested by many security alerts, rapid detection and response to security warnings, and poor decision-making by machine learning models. The key to strengthening the response to a security threat is quickly minimizing the damage. Under the circumstances, manual operation cannot guarantee response time and accuracy, and an efficient automatic decision-making support method is needed. Therefore, we propose implementing an automatic decision-making workflow based on security orchestration, automation, and response (SOAR). It uses machine learning models, automation, and orchestration to provide a perfect solution for enterprises to manage security concerns.

We propose implementing an automated responder for a phishing email showcase. The goal is to design a response system that can process incoming emails, review them for spam and phishing using ML models, and, if affirmative, take automatic action or alert a human operator. The proposed workflow will help automate the incident management process; compared to the traditional full manual service, significantly improving the efficiency of the incident response.


Development of ML classifier, heuristics for automation threshold, and implementation of a proof-of-concept prototype for automation pipeline.