Phishing or Not Phishing? A Survey on the Detection of Phishing Websites

Abstract: Phishing is a security threat with serious effects on individuals as well as on the targeted brands. Although this threat has been around for quite a long time, it is still very active and successful. In fact, the tactics used by attackers have been evolving continuously in the years to make the attacks more convincing and effective. In this context, phishing detection is of primary importance. The literature offers many diverse solutions that cope with this issue and in particular with the detection of phishi… Show more

“…[8][9][10][11][12][13] Many other solutions are based on machine learning models. [14][15][16][17][18][19][20][21][22][23] The main contributions offered by the literature are analyzed and discussed in a recent survey by Zieni et al 1 In the context of machine learning, the survey highlights that phishing detection approaches mainly differ for the features chosen to describe the properties of the websites and for the learning algorithms applied for the classification of the websites. The features considered in some papers 24,25 refer to the lexical and statistical properties of URL strings (i.e., URL-based features), whereas in other papers, 26,27 they refer to the content and visual appearance of a page (i.e., HTML-based features).…”

“…The main contributions offered by the literature are analyzed and discussed in a recent survey by Zieni et al 1 . In the context of machine learning, the survey highlights that phishing detection approaches mainly differ for the features chosen to describe the properties of the websites and for the learning algorithms applied for the classification of the websites.…”

“…Despite their simple implementation, these fraudulent attacks are very dangerous and might lead to various types of damages, such as monetary losses, identity thefts, and reputation damages. As indicated in the Phishing Activity Trends Report 1 published by Anti-Phishing Working Group (APWG) in December 2022, in total 1,270,883 phishing websites have been observed in the third quarter of 2022. As can be seen from the quarterly trend of phishing websites detected since 2018, shown in Figure 1, this number represents a new record, thus making this quarter the worst for phishing.…”

“…To protect individuals from the risks deriving from phishing attacks, the detection of phishing websites is of paramount importance (see, for example, Zieni et al 1 ). Approaches based on machine learning are particularly suitable for classifying sites as either phishing or legitimate.…”

“…To protect individuals from the risks deriving from phishing attacks, the detection of phishing websites is of paramount importance (see, for example, Zieni et al 1 …”

Explainable machine learning for phishing feature detection

“…[8][9][10][11][12][13] Many other solutions are based on machine learning models. [14][15][16][17][18][19][20][21][22][23] The main contributions offered by the literature are analyzed and discussed in a recent survey by Zieni et al 1 In the context of machine learning, the survey highlights that phishing detection approaches mainly differ for the features chosen to describe the properties of the websites and for the learning algorithms applied for the classification of the websites. The features considered in some papers 24,25 refer to the lexical and statistical properties of URL strings (i.e., URL-based features), whereas in other papers, 26,27 they refer to the content and visual appearance of a page (i.e., HTML-based features).…”

“…The main contributions offered by the literature are analyzed and discussed in a recent survey by Zieni et al 1 . In the context of machine learning, the survey highlights that phishing detection approaches mainly differ for the features chosen to describe the properties of the websites and for the learning algorithms applied for the classification of the websites.…”

“…Despite their simple implementation, these fraudulent attacks are very dangerous and might lead to various types of damages, such as monetary losses, identity thefts, and reputation damages. As indicated in the Phishing Activity Trends Report 1 published by Anti-Phishing Working Group (APWG) in December 2022, in total 1,270,883 phishing websites have been observed in the third quarter of 2022. As can be seen from the quarterly trend of phishing websites detected since 2018, shown in Figure 1, this number represents a new record, thus making this quarter the worst for phishing.…”

“…To protect individuals from the risks deriving from phishing attacks, the detection of phishing websites is of paramount importance (see, for example, Zieni et al 1 ). Approaches based on machine learning are particularly suitable for classifying sites as either phishing or legitimate.…”

“…To protect individuals from the risks deriving from phishing attacks, the detection of phishing websites is of paramount importance (see, for example, Zieni et al 1 …”

Explainable machine learning for phishing feature detection

Explainable Machine Learning for Bag of Words-Based Phishing Detection

Detection of phishing URLs with deep learning based on GAN-CNN-LSTM network and swarm intelligence algorithms