Phishing attacks, typically carried out by email, remain a significant cybersecurity threat with attackers creating legitimate-looking websites to deceive recipients into revealing sensitive information or executing harmful actions. In this paper, we propose {\bf EPhishCADE}, the first {\em privacy-aware}, {\em multi-dimensional} framework for {\bf E}mail {\bf Phish}ing {\bf CA}mpaign {\bf DE}tection to automatically identify email phishing campaigns by clustering seemingly unrelated attacks. Our framework employs a hierarchical architecture combining a structural layer and a contextual layer, offering a comprehensive analysis of phishing attacks by thoroughly examining both structural and contextual elements. Specifically, we implement a graph-based contextual layer to reveal hidden similarities across multiple dimensions, including textual, numeric, temporal, and spatial features, among attacks that may initially appear unrelated. Our framework streamlines the handling of security threat reports, reducing analysts' fatigue and workload while enhancing protection against these threats. Another key feature of our framework lies in its sole reliance on phishing URLs in emails without the need for private information, including senders, recipients, content, etc. This feature enables a collaborative identification of phishing campaigns and attacks among multiple organizations without compromising privacy. Finally, we benchmark our framework against an established structure-based study (WWW \textquotesingle 17) to demonstrate its effectiveness.

翻译：网络钓鱼攻击通常通过电子邮件进行，攻击者创建看似合法的网站来欺骗收件人泄露敏感信息或执行有害操作，这仍然是重大的网络安全威胁。本文提出了{\bf EPhishCADE}，这是首个用于{\bf E}邮件{\bf Phish}ing{\bf CA}mpaign{\bf DE}tection的{\em 隐私感知}、{\em 多维}框架，旨在通过对看似无关的攻击进行聚类来自动识别电子邮件钓鱼活动。该框架采用结合结构层和上下文层的分层架构，通过深入分析钓鱼攻击的结构和上下文元素，提供全面的攻击分析。具体而言，我们实现了一个基于图的上下文层，以揭示攻击之间在多个维度（包括文本、数值、时间和空间特征）上的隐藏相似性，这些攻击最初可能看起来毫无关联。该框架简化了安全威胁报告的处理流程，减轻了分析人员的疲劳和工作负担，同时增强了对这些威胁的防护能力。该框架的另一个关键特性在于其仅依赖于电子邮件中的钓鱼URL，无需任何私人信息，包括发件人、收件人、内容等。这一特性使得多个组织能够在保护隐私的前提下，协作识别钓鱼活动和攻击。最后，我们将该框架与一项已建立的基于结构的研究（WWW \textquotesingle 17）进行基准测试，以证明其有效性。