A framework for detection and measurement of phishing attacks

Garera, Sujata; Provos, Niels; Chew, Monica; Rubin, Aviel D.

doi:10.1145/1314389.1314391

Cited by 345 publications

(231 citation statements)

References 15 publications

Supporting

Mentioning

213

Contrasting

Unclassified

Order By: Relevance

“…The work by Garera et al [13] is the most closely related to our work. They use logistic regression over 18 hand-selected features to classify phishing URLs.…”

Section: Machine Learning Approachessupporting

confidence: 60%

Learning to Detect Phishing Urls

Basnet¹,

Sung²,

Liu³

2014

IJRET

View full text Add to dashboard Cite

show abstract

“…The work by Garera et al [13] is the most closely related to our work. They use logistic regression over 18 hand-selected features to classify phishing URLs.…”

Section: Machine Learning Approachessupporting

confidence: 60%

Learning to Detect Phishing Urls

Basnet¹,

Sung²,

Liu³

2014

IJRET

View full text Add to dashboard Cite

show abstract

“…One camp exploits URL signatures to detect phish. Garera et al [14] identified a set of fine-grained heuristics from URLs, and combined them with other features to detect phish. Applying a logistic regression model on 18 features yielded an average TP of 95.8% and FP of 1.2% over a repository of 2508 URLs.…”

Section: Methods For Automatic Phish Detectionmentioning

confidence: 99%

A Hierarchical Adaptive Probabilistic Approach for Zero Hour Phish Detection

Xiang

Pendleton

Hong

et al. 2010

Computer Security – ESORICS 2010

View full text Add to dashboard Cite

Abstract. Phishing attacks are a significant threat to users of the Internet, causing tremendous economic loss every year. In combating phish, industry relies heavily on manual verification to achieve a low false positive rate, which, however, tends to be slow in responding to the huge volume of unique phishing URLs created by toolkits. Our goal here is to combine the best aspects of human verified blacklists and heuristic-based methods, i.e., the low false positive rate of the former and the broad coverage of the latter. To that end, we present the design and evaluation of a hierarchical blacklist-enhanced phish detection framework. The key insight behind our detection algorithm is to leverage existing humanverified blacklists and apply the shingling technique, a popular nearduplicate detection algorithm used by search engines, to detect phish in a probabilistic fashion with very high accuracy. To achieve an extremely low false positive rate, we use a filtering module in our layered system, harnessing the power of search engines via information retrieval techniques to correct false positives. Comprehensive experiments over a diverse spectrum of data sources show that our method achieves 0% false positive rate (FP) with a true positive rate (TP) of 67.74% using searchoriented filtering, and 0.03% FP and 73.53% TP without the filtering module. With incremental model building capability via a sliding window mechanism, our approach is able to adapt quickly to new phishing variants, and is thus more responsive to the evolving attacks.

show abstract

“…A significant amount of research utilising machine learning algorithms has focused on building efficient detection mechanisms for web and email phishing attacks, with work by Fette et al [2007] and Basnet et al [2008] testing a range of clustering and filtering techniques to classify data for accurate prediction of attack detection. Similarly, the research conducted by Garera et al [2007] highlights the difference between legitimate and illegitimate URLS and proposes a regression filter for constructing classifiers specifically for URL phishing. In a related piece of work, [Bergholz et al 2008] developed a system to detect phishing emails based on the component features of the email, such as body of text, sender address or embedded images, using combinations of machine learning for classification and class modelling mechanisms for filtering.…”

Section: Technicalmentioning

confidence: 99%

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

2015

View full text Add to dashboard Cite

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

show abstract

A framework for detection and measurement of phishing attacks

Cited by 345 publications

References 15 publications

Learning to Detect Phishing Urls

Learning to Detect Phishing Urls

A Hierarchical Adaptive Probabilistic Approach for Zero Hour Phish Detection

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Contact Info

Product

Resources

About