ICICS 2026, 28th International Conference on Information and Communications Security, 27-30 October 2026, Fukui, Japan
Phishing remains a major threat, with adversaries continuously adapting evasion and anti-analysis techniques. Understanding whether evasive phishing emails are isolated events or manifestations of persistent, evolving activity is an important challenge for defenders. In this work, we do not claim campaign ground truth. Instead, we propose
an analyst-oriented clustering methodology based on Multi-Criteria Decision Analysis (MCDA) to surface operationally meaningful relationships among phishing messages that bypassed state-of-the-art protections. We evaluate the proposed approach on a rare, high-value dataset collected over an 18-month period, comprising user-reported phishing emails that reached end users’ inboxes after evading two layers of advanced protection. Our results show that the resulting Multi-Dimensional Clusters are cohesive, stable, and operationally meaningful, and that they capture temporally evolving structures that are substantially fragmented by a density-based clustering algorithm. These relationships often span long time intervals and are supported by subtle but persistent behavioral traces, suggesting that phishing activity evolves gradually through changes in message content, evasion, and anti-analysis techniques. By enabling longitudinal analysis of stealthy phishing activity, our method helps analysts track evolving related activity over time and generate actionable hypotheses about emerging threats, shared tooling, and persistent attack patterns.
Type:
Conference
City:
Fukui
Date:
2026-10-27
Department:
Digital Security
Eurecom Ref:
8850
Copyright:
© 2026 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
See also: