Abstract: Aiming at the situation of phishing email researches worldwide not paying attention to individual differences and lacking of fine-grained user feedback, this paper proposes a framework which combines theoretical research and practical application. A visual model of email’s abnormal features is constructed, and a chrome plug-in which uses the classifier to detect the email and reports the details of abnormal features and the judgment to the user in real time is also designed. After the user checking the email, he/she examines the classifier’s judgment in accordance with the actual situation. Then, the corresponding feature information is corrected when the judgment is inconsistent. Therefore, the corrected feature vector is fed back to the classifier for correction, and the corresponding feature information is added to the blacklist or white list. In conclusion, the experiment shows that the framework can modify the classifier according to the individual feedback, meanwhile, improve the detection rate of phishing email and the user’s fine-grained perception of phishing email effectively.

Key words: phishing email, detection, visualization, abnormal feature, interaction

摘要： 针对国内外钓鱼邮件研究没有注重个体差异以及缺乏细粒度用户交互反馈的情况，提出一种集理论研究与实际应用相结合的框架，构建一种可视化邮件异常特征模型，设计一个chrome插件，使用分类器对邮件进行检测，将邮件异常特征详细信息和判定情况实时报告给用户。用户查看邮件后结合实际情况与分类器判定情况进行对照检查，出现判定不一致时对相应特征信息进行校正，将校正后的特征向量反馈给分类器进行修正，并将相应的特征信息组加入黑名单或白名单。实验证明，框架能根据个体反馈修正分类器，有效提高钓鱼邮件检出率和用户对钓鱼邮件细粒度感知体验。

关键词: 钓鱼邮件, 检测, 可视化, 异常特征, 互动