PhishMon: A Machine Learning Framework for Detecting Phishing Webpages

Niakanlahiji, Amirreza; Chu, Bill; Al-Shaer, Ehab

doi:10.1109/isi.2018.8587410

Cited by 36 publications

(18 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Several studies analyzed the importance and impact of the features used for learning [2], [14], [15], [17], [18], [20], [22], [26], [28], [29], [37], [40], [44], [56], [64]. Table 2 summarizes them from four aspects: 1) feature ranking methods, 2) top five features, and 3) dataset ratio and 4) dataset sources.…”

Section: B Feature Importancementioning

confidence: 99%

An In-Depth Benchmarking and Evaluation of Phishing Detection Research for Security Needs

et al. 2020

View full text Add to dashboard Cite

We perform an in-depth, systematic benchmarking study and evaluation of phishing features on diverse and extensive datasets. We propose a new taxonomy of features based on the interpretation and purpose of each feature. Next, we propose a benchmarking framework called 'PhishBench,' which enables us to evaluate and compare the existing features for phishing detection systematically and thoroughly under identical experimental conditions, i.e., unified system specification, datasets, classifiers, and evaluation metrics. PhishBench is a first in the field of benchmarking phishing related research and incorporates thorough and systematic evaluation and feature comparison. We use PhishBench to test methods published in the phishing literature on new and diverse datasets to check their robustness and scalability. We study how dataset characteristics, e.g., varying legitimate to phishing ratios and increasing the size of imbalanced datasets, affect classification performance. Our results show that the imbalanced nature of phishing attacks affects the detection systems' performance and researchers should take this into account when proposing a new method. We also found that retraining alone is not enough to defeat new attacks. New features and techniques are required to stop attackers from fooling detection systems. INDEX TERMS Feature engineering, feature taxonomy, framework, phishing email, phishing URL, phishing website.

show abstract

Section: B Feature Importancementioning

confidence: 99%

An In-Depth Benchmarking and Evaluation of Phishing Detection Research for Security Needs

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Normal browsing involves two methods known as request and response to allow a user to browse through the web server content. Both methods contain headers which can reveal web applications and their infrastructure [ 24 ]. The request comprises headers such as “Accept”, “Accept-Encoding”, “Accept-Language”, “Authorization”, “Connection”, “Content-Length”, and “Content-Type” [ 25 ].…”

Section: Http Manipulationmentioning

confidence: 99%

“…The sensor utilizes HTTP response code to send message to a requestor once an HTTP has been tampered. Niakanlahiji, et al [ 24 ], on the other hand, adopted the response header in recognizing phishing websites.…”

Section: Http Manipulationmentioning

confidence: 99%

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

show abstract

“…The utilization of deep learning out how to order URLs to distinguish Web guests' aims significant hypothetical has and scientific esteem for Web security inquire about, giving new plans to shrewd ideas for security identification. Amirreza Niakanlahiji et al [4] proposed PhishMon, another component rich AI structure to perceive phishing site pages. It relies upon a great deal of fifteen novel highlights that can be efficiently enlisted from a site page without requiring pariah organizations, for instance, web records, or WHOIS servers.…”

Section: Literature Surveymentioning

confidence: 99%