This article surveys the literature on the detection of phishing attacks. Phishing attacks target vulnerabilities that exist in systems due to the human factor. Many cyber attacks are spread via mechanisms that exploit weaknesses found in endusers, which makes users the weakest element in the security chain. The phishing problem is broad and no single silver-bullet solution exists to mitigate all the vulnerabilities effectively, thus multiple techniques are often implemented to mitigate specific attacks. This paper aims at surveying many of the recently proposed phishing mitigation techniques. A high-level overview of various categories of phishing mitigation techniques is also presented, such as: detection, offensive defense, correction, and prevention, which we belief is critical to present where the phishing detection techniques fit in the overall mitigation process
This is a study that focuses on enhancing the mitigation of bulk phishing email messages (i.e. email messages with generic socially engineered content that target a broad range of recipients). This study is based on a phishing website detection technique that we have proposed previously. The previously proposed technique was able to achieve 97% of classification accuracy of phishing websites by lexically analyzing their URLs. The centre claim of this study is that the classification accuracy of anti-phishing email filters enhance when they incorporate the proposed lexical URL analysis technique. To evaluate the claims, a highly accurate anti-phishing email classifier is constructed and tested against publicly available phishing and legitimate email data sets.
Phishing is a semantic attack that aims to take advantage of the naivety of users of electronic services (e.g. e-banking). A number of solutions have been proposed to minimize the impact of phishing attacks. The most accurate email phishing classifiers, that are publicly known, use machine learning techniques. Previous work in phishing email classification via machine learning have primarily focused on enhancing the classification accuracy by studying the addition of novel features, ensembles, or classification algorithms. This study follows a different path by taking advantage of previously proposed features. The primary focus of this paper is to enhance the classification accuracy of phishing email classifiers by finding an effective feature subset out of a number of previously proposed features, by evaluating various feature selection methods. The selected feature subset in this study resulted in a classification model with an f1 score of 99.396% for 21 heuristic features and a single classifier.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.