Defending the weakest link: phishing websites detection by analysing user behaviours

Dong, Xun; Clark, John A.; Jacob, Jeremy

doi:10.1007/s11235-009-9247-9

Cited by 17 publications

(14 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Semantically distinct information should be separated [14], [58]. Text should be presented in short, simple sentences, devoid of complex grammatical structures [81], [82], [83], [84]. Longer warning notifications performed poorly in user testing [85].…”

Section: Content Guidelinesmentioning

confidence: 99%

How to Make Privacy Policies both GDPR-Compliant and Usable

Renaud¹,

Shepherd²

2018

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

show abstract

Section: Content Guidelinesmentioning

confidence: 99%

How to Make Privacy Policies both GDPR-Compliant and Usable

Renaud¹,

Shepherd²

2018

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

show abstract

“…Of the papers that use an unbalanced dataset, several did not use the appropriate metrics [93], [104], [118], [123], [125], [136], [148], [157]. The following nine reported the Confusion Matrix [88], [93], [94], [119], [121], [122], [130], [132], [156]. One reported AUC [104], and three reported both AUC and Confusion Matrix [98], [107], [113].…”

Section: E Evaluation Metricsmentioning

confidence: 99%

“…Using unbalanced dataset is important because of the baserate fallacy challenge. While many papers [78], [98], [102], [121], [130], [156] used unbalanced datasets, papers [96], [129] addressed this issue differently. Researchers in [96] evaluated their algorithm by changing the ratio of maliciousto-benign examples (1:2, 1:5, 1:10, 1:15 and 1:20).…”

Section: F Selected Phishing Website Detection Literaturementioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

101

View full text Add to dashboard Cite

Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and baserate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

show abstract

“…Moreover, Dong focused on defending the weakest link in phishing websites detection, by analyzing online user behaviours based on visited websites and the data a user submitted to those websites [13]. Taking user"s behavior into consideration is important in addressing phishing attack, but only dealing with the data users submitted to detect phishing sites is a major limitation in handling a well designed phishing websites.…”

Section: A Content-based Through Machine Learning Techniquesmentioning

confidence: 99%

Parameter optimization for intelligent phishing detection using Adaptive Neuro-Fuzzy

Barraclough

Sexton

Aslam

2014

ijarai

View full text Add to dashboard Cite

Abstract-Phishing attacks has been growing rapidly in the past few years. As a result, a number of approaches have been proposed to address the problem. Despite various approaches proposed such as feature-based and blacklist-based via machine learning techniques, there is still a lack of accuracy and real-time solution. Most approaches applying machine learning techniques requires that parameters are tuned to solve a problem, but parameters are difficult to tune to a desirable output. This study presents a parameter tuning framework, using adaptive Neuronfuzzy inference system with comprehensive data to maximize systems performance. Extensive experiment was conducted. During ten-fold cross-validation, the data is split into training and testing pairs and parameters are set according to desirable output and have achieved 98.74% accuracy. Our results demonstrated higher performance compared to other results in the field. This paper contributes new comprehensive data, novel parameter tuning method and applied a new algorithm in a new field. The implication is that adaptive neuron-fuzzy system with effective data and proper parameter tuning can enhance system performance. The outcome will provide a new knowledge in the field.

show abstract

Defending the weakest link: phishing websites detection by analysing user behaviours

Cited by 17 publications

References 13 publications

How to Make Privacy Policies both GDPR-Compliant and Usable

How to Make Privacy Policies both GDPR-Compliant and Usable

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Parameter optimization for intelligent phishing detection using Adaptive Neuro-Fuzzy

Contact Info

Product

Resources

About