PhishWHO: Phishing webpage detection via identity keywords extraction and target domain name finder

Tan, Choon Lin; Chiew, Kang Leng; Wong, KokSheik; Sze, San Nah

doi:10.1016/j.dss.2016.05.005

Cited by 88 publications

(28 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…from unsuspecting users by masking as a trustworthy entity. For example, the victim receives an e-mail from an adversary with a threatening message such as a possible bank or social media account termination or fake alert on illegal transaction (Lin Tan et al, 2016), directing him to a fraudulent website that mimics a legitimate one. The adversary can use any information that the victim enters in the phishing website to steal identity or money (Whittaker et al, 2010).…”

Section: Introductionmentioning

confidence: 99%

Comparison of Classification Algorithms for Detection of Phishing Websites

Vaitkevicius¹,

Marcinkevičius²

2020

Informatica

View full text Add to dashboard Cite

Phishing activities remain a persistent security threat, with global losses exceeding 2.7 billion USD in 2018, according to the FBI's Internet Crime Complaint Center. In literature, different generations of phishing websites detection methods have been observed. The oldest methods include manual blacklisting of known phishing websites' URLs in the centralized database, but they have not been able to detect newly launched phishing websites. More recent studies have attempted to solve phishing websites detection as a supervised machine learning problem on phishing datasets, designed on features extracted from phishing websites' URLs. These studies have shown some classification algorithms performing better than others on differently designed datasets but have not distinguished the best classification algorithm for the phishing websites detection problem in general. The purpose of this research is to compare classic supervised machine learning algorithms on all publicly available phishing datasets with predefined features and to distinguish the best performing algorithm for solving the problem of phishing websites detection, regardless of a specific dataset design. Eight widely used classification algorithms were configured in Python using the Scikit Learn library and tested for classification accuracy on all publicly available phishing datasets. Later, classification algorithms were ranked by accuracy on different datasets using three different ranking techniques while testing the results for a statistically significant difference using Welch's T-Test. The comparison results are presented in this paper, showing ensembles and neural networks outperforming other classical algorithms.

show abstract

Section: Introductionmentioning

confidence: 99%

Comparison of Classification Algorithms for Detection of Phishing Websites

Vaitkevicius¹,

Marcinkevičius²

2020

Informatica

View full text Add to dashboard Cite

show abstract

“…On the other hand, target-dependent methods identify phishing webpages by highlighting the difference between the current webpage and its phishing target [11], [12]. The key idea is to discover the phishing target of a suspicious webpage.…”

Section: A Background Information and Literature Review For Phishingmentioning

confidence: 99%

SPWalk: Similar Property Oriented Feature Learning for Phishing Detection

Liu

2020

IEEE Access

View full text Add to dashboard Cite

Detecting phishing webpages is an essential task that protects legitimate websites and their users from various malicious activities. To classify the suspect webpage as phishing or legitimate, robust and effective features used for classification are in demand. However, recent phishing attacks usually make phishing webpages resemble the legitimate webpages in visual and functional aspects. This poses a greater difficulty for feature extraction. We herein propose SPWalk, an unsupervised feature learning algorithm for phishing detection. In SPWalk, similar property nodes refer to a collection of phishing webpages or legitimate webpages. We first construct a weblink network with nodes representing webpages. The edges between nodes represent the reference relationships that connect webpages through hyperlinks or similar textual content. Then, SPWalk applies the network embedding technique to mapping nodes into a low-dimensional vector space. A biased random walk procedure efficiently integrates both structural information between nodes and URL information of each node. The effectiveness and robustness of SPWalk come from three points. (1). Phishing attackers do not have full control over reference relationships. (2). The structural regularities generated by diverse reference relationships can be exploited to discriminate between phishing and legitimate webpages. (3). Node URL information makes the learned node representations more suited for phishing detection. Using node as numeric features, we conduct experiments to classify webpages as legitimate or phishing. We demonstrate the superiority of SPWalk over state-of-the-art techniques on phishing detection, especially in terms of precision (over 95%). Even in the case that phishing webpages are well camouflaged by attackers for evading detection, SPwalk exhibits better classification efficacy consistently. INDEX TERMS Feature learning, network embedding, phishing detection, similar property.

show abstract

“…Abutair and Belghith (2017) used both lexical features and some external features dependent on the Jaccard Index and Alexa ranks to build a phishing detection system using a casebased reasoning model. Tan et al proposed an identity keyword extraction and target domain finder for extracting features from the textual contents of websites and search engines (Tan et al 2016;Tan et al 2017). Xiang et al (2017) built a C5.0-based phishing site detection model by extracting four classes of features, which include address bar-based features, abnormal-based features, JavaScript-based features, and domain-based features.…”

Section: Related Studies On Identifying Malicious Attacksmentioning

confidence: 99%

“…Zhongyi Hu, Raymond Chiong, Ilung Pranata, Yukun Bao, and Yuqing Lin. Malicious Web Domain Identification using Online Credibility and Performance Data by Considering the Class Imbalance Issue, Industrial Management & Data Systems, 2018, Accepted, DOI: 10.1108/IMDS-02-2018 Some studies also built malicious web domain identification models using machine learning techniques with features extracted from web page content (Zhang et al 2011;Moghimi and Varjani 2016;Tan et al 2016). Instead of extracting features from URLs or web page content, we explored the use of online credibility and performance data to identify malicious web domains with machine learning techniques (Hu et al 2016).…”

Section: Introductionmentioning

confidence: 99%

Malicious web domain identification using online credibility and performance data by considering the class imbalance issue

Chiong

Pranata

et al. 2019

IMDS

View full text Add to dashboard Cite

Purpose -Malicious web domain identification is of significant importance to the security protection of Internet users. With online credibility and performance data, this paper aims to investigate the use of machine learning techniques for malicious web domain identification by considering the class imbalance issue (i.e., there are more benign web domains than malicious ones). Design/methodology/approach -We propose an integrated resampling approach to handle class imbalance by combining the Synthetic Minority Over-sampling TEchnique (SMOTE) and Particle Swarm Optimisation (PSO), a population-based meta-heuristic algorithm. We use the SMOTE for over-sampling and PSO for under-sampling. Findings -By applying eight well-known machine learning classifiers, the proposed integrated resampling approach is comprehensively examined using several imbalanced web domain datasets with different imbalance ratios. Compared to five other well-known resampling approaches, experimental results confirm that the proposed approach is highly effective. Practical implications -This study not only inspires the practical use of online credibility and performance data for identifying malicious web domains, but also provides an effective resampling approach for handling the class imbalance issue in the area of malicious web domain identification. Originality/value -Online credibility and performance data is applied to build malicious web domain identification models using machine learning techniques. An integrated resampling approach is proposed to address the class imbalance issue. The performance of the proposed approach is confirmed based on real-world datasets with different imbalance ratios.

show abstract

PhishWHO: Phishing webpage detection via identity keywords extraction and target domain name finder

Cited by 88 publications

References 16 publications

Comparison of Classification Algorithms for Detection of Phishing Websites

Comparison of Classification Algorithms for Detection of Phishing Websites

SPWalk: Similar Property Oriented Feature Learning for Phishing Detection

Malicious web domain identification using online credibility and performance data by considering the class imbalance issue

Contact Info

Product

Resources

About