Heuristic-based strategy for Phishing prediction: A survey of URL-based approach

Silva, Carlo Marcelo Revoredo da; Feitosa, Eduardo; Garcia, Vinícius Cardoso

doi:10.1016/j.cose.2019.101613

Cited by 44 publications

(19 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…da Silva et al [ 18 ] implemented a phishing prediction model based on a number of features. The purpose of the proposed model is to evaluate the static features.…”

Section: Related Workmentioning

confidence: 99%

A hybrid DNN–LSTM model for detecting phishing URLs

Özcan

Çatal

Dönmez

et al. 2021

Neural Comput & Applic

View full text Add to dashboard Cite

Phishing is an attack targeting to imitate the official websites of corporations such as banks, e-commerce, financial institutions, and governmental institutions. Phishing websites aim to access and retrieve users’ important information such as personal identification, social security number, password, e-mail, credit card, and other account information. Several anti-phishing techniques have been developed to cope with the increasing number of phishing attacks so far. Machine learning and particularly, deep learning algorithms are nowadays the most crucial techniques used to detect and prevent phishing attacks because of their strong learning abilities on massive datasets and their state-of-the-art results in many classification problems. Previously, two types of feature extraction techniques [i.e., character embedding-based and manual natural language processing (NLP) feature extraction] were used in isolation. However, researchers did not consolidate these features and therefore, the performance was not remarkable. Unlike previous works, our study presented an approach that utilizes both feature extraction techniques. We discussed how to combine these feature extraction techniques to fully utilize from the available data. This paper proposes hybrid deep learning models based on long short-term memory and deep neural network algorithms for detecting phishing uniform resource locator and evaluates the performance of the models on phishing datasets. The proposed hybrid deep learning models utilize both character embedding and NLP features, thereby simultaneously exploiting deep connections between characters and revealing NLP-based high-level connections. Experimental results showed that the proposed models achieve superior performance than the other phishing detection models in terms of accuracy metric.

show abstract

“…da Silva et al [ 18 ] implemented a phishing prediction model based on a number of features. The purpose of the proposed model is to evaluate the static features.…”

Section: Related Workmentioning

confidence: 99%

A hybrid DNN–LSTM model for detecting phishing URLs

Özcan

Çatal

Dönmez

et al. 2021

Neural Comput & Applic

View full text Add to dashboard Cite

show abstract

“…Existen diferentes formas de construir una heurística, la literatura agrupa estos enfoques en tres tipos, siendo la sensibilidad para no detectar conceptos predefinidos como el mayor desafío de cada enfoque. Esto hace que las heurísticas creadas actúen en escenarios diversos [Silva et al, 2019]: § Enfoques no basados en contenido: Uno de los mayores atractivos en el ámbito de seguridad, es lograr mecanismos precisos de detección de ataques en tiempo real. Con esto, las soluciones heurísticas buscan demostrar capacidad de respuesta y tiempo de respuesta.…”

Section: Detección Basada En Clasificación Heurísticaunclassified

“…o Longitud: Estas funciones de cálculo de longitud de los componentes de la URL, permiten determinar si el tamaño de la URL genera sospecha de que la URL es maliciosa. Diferentes investigaciones [Silva et al, 2019] [Mamun et al, 2016, relacionan directamente el tamaño de la URL con actividades malintencionadas. Esto, porque las URLs de distribución requieren inyectar código de herramientas exploit, de redirección o descarga de malware sin autorización del usuario; lo que hace que el tamaño de las URLs cambie significativamente si no usan técnicas de acortadores de URLs.…”

Section: Extracción De Característicasunclassified

See 1 more Smart Citation

Classifying Malicious URLs Using Gated Recurrent Neural Networks

Zhao

Wang

et al. 2018

Innovative Mobile and Internet Services in Ubiquitous Computing

View full text Add to dashboard Cite

En la actualidad, los ciberdelincuentes perpetran ataques web de forma sencilla, en los que aplican diferentes vectores para poner en peligro la seguridad de la información y en los que entienden al ser humano como un flanco fácil para lograr sus objetivos. Generalmente, los usuarios de internet deben realizar una acción que permita el éxito del ataque, por ejemplo, dar clic a alguna URL. Es por lo anterior, que muchos esfuerzos están dirigidos a encontrar técnicas que mitiguen esta problemática y se apuestan grandes cantidades de dinero en generar soluciones.Tomando como referencia el uso de listas negras, la clasificación heurística, y, prestando especial atención a las técnicas de aprendizaje automático capaces de detectar ataques de día cero, en el presente trabajo se despliega un diseño de detección de URLs maliciosas, haciendo uso de criterios léxicos y de ofuscación de la URL. Estas, clasificadas por medio de técnicas de aprendizaje automático como Logistic Regression, Support Vector Machine y Random Forest; demostrando que los tres clasificadores implementados mantienen una relación de eficacia y rendimiento con porcentajes de precisión del 98%, y, tiempos de respuesta satisfactorio. Es preciso aclarar que Random Forest puede estar sujeto a mejoras, ya que se pretende detectar de manera automática las URLs maliciosas y este clasificador tarda en promedio 16 segundos en hacerlo. Como resultado general del diseño, se obtiene un modelo de libre distribución que puede ser utilizado de forma masiva por diferentes usuarios en la red, capaz de detectar de forma precisa URLs maliciosas.

show abstract

“…Some of the works such as Gastellier-Prevost et al[10], Li et al[14], Mohammad et al[15], Shirazi et al[25], Rao and Pais[20], Tharani and Arachchilage[29] consists of heuristics such as presence of black listed words, IP address, special characters (*, /, ?, −), protocols, ports used and the brand name in the URL. There exists and Zhou[2], Chiew et al[8], da Silva et al[27], Jain and Gupta[13]…”

mentioning

confidence: 99%

Application of word embedding and machine learning in detecting phishing websites

Rao¹,

Umarekar

Pais

2021

Telecommun Syst

View full text Add to dashboard Cite

Phishing is an attack whose aim is to gain personal information such as passwords, credit card details etc. from online users by deceiving them through fake websites, emails or any legitimate internet service. There exists many techniques to detect phishing sites such as third-party based techniques, source code based methods and URL based methods but still users are getting trapped into revealing their sensitive information. In this paper, we propose a new technique which detects phishing sites with word embeddings using plain text and domain specific text extracted from the source code. We applied various word embedding for the evaluation of our model using ensemble and multimodal approaches. From the experimental evaluation, we observed that multimodal with domain specific text achieved a significant accuracy of 99.34% with TPR of 99.59%, FPR of 0.93%, and MCC of 98.68%

show abstract

Heuristic-based strategy for Phishing prediction: A survey of URL-based approach

Cited by 44 publications

References 10 publications

A hybrid DNN–LSTM model for detecting phishing URLs

A hybrid DNN–LSTM model for detecting phishing URLs

Classifying Malicious URLs Using Gated Recurrent Neural Networks

Application of word embedding and machine learning in detecting phishing websites

Contact Info

Product

Resources

About