Business email compromise and lateral spear phishing attacks are among modern organizations' most costly and damaging threats. While inbound phishing defenses have improved significantly, most organizations still trust internal emails by default, leaving themselves vulnerable to attacks from compromised employee accounts. In this work, we define and explore the problem of authorship validation: verifying whether a claimed sender actually authored a given email. Authorship validation is a lightweight, real-time defense that complements traditional detection methods by modeling per-sender writing style. Further, the paper presents a collection of new datasets based on the Enron corpus. These simulate inauthentic messages using both human-written and large language model-generated emails. The paper also evaluates two classifiers -- a Naive Bayes model and a character-level convolutional neural network (Char-CNN) -- for the authorship validation task. Our experiments show that the Char-CNN model achieves high accuracy and F1 scores under various circumstances. Finally, we discuss deployment considerations and show that per-sender authorship classifiers are practical for integrating into existing commercial email security systems with low overhead.

翻译：商务电子邮件入侵和横向鱼叉式网络钓鱼攻击是现代组织面临的最具成本与破坏性的威胁之一。尽管入站钓鱼防御已显著改进，但大多数组织仍默认信任内部邮件，使其易受来自已入侵员工账户的攻击。本研究定义并探讨了作者身份验证问题：验证声称的发送者是否实际撰写了给定电子邮件。作者身份验证是一种轻量级实时防御手段，通过建模每个发送者的写作风格来补充传统检测方法。此外，本文基于安然公司语料库提出了一系列新数据集，这些数据集通过人工撰写和大型语言模型生成的电子邮件来模拟非真实邮件。本文还评估了两种分类器——朴素贝叶斯模型和字符级卷积神经网络（Char-CNN）——在作者身份验证任务中的表现。实验表明，Char-CNN模型在各种情况下均能实现较高的准确率和F1分数。最后，我们讨论了部署考量，并证明基于发送者的作者身份分类器能以较低开销集成到现有商业电子邮件安全系统中，具有实际可行性。