SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das, Avisha; Baki, Shahryar; Aassal, Ayman El; Verma, Rakesh M.; Dunbar, Arthur

doi:10.1109/comst.2019.2957750

Cited by 87 publications

(80 citation statements)

References 234 publications

(794 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This work considers four supervised machine learning algorithms, which have extensively been used for phishing detection [12], namely: Multilayer Perceptron, Support Vector Machine, Naïve Bayes, and Decision Trees.…”

Section: Detection Methodsmentioning

confidence: 99%

“…As a result, if one needs to keep up with phishing campaigns, then it is important to use data-driven approaches instead of solely relying on static knowledge provided by blacklists. Supervised machine learning methods, particularly those applied for URL classification [12] 15have been successful in the past in determining if the class of URL is malicious or benign.…”

Section: Related Workmentioning

confidence: 99%

“…Existing literature often uses balanced datasets for training and testing, as seen in [54,55]. However, Das et al [12] state the concern that using a balanced test set does not reflect the real world. This holds true because real network traffic includes proportionally more benign instances than phishing ones.…”

Section: Data Collectionmentioning

confidence: 99%

“…For these reasons, the literature has explored data-driven approaches that aim to dynamically detect phishing domains using supervised or unsupervised machine learning [12]. However, the majority of approaches rely on single-layered models for detection, such as [13][14][15].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Towards a Multi-Layered Phishing Detection

Rendall

Nisioti

Mylonas

2020

Sensors

View full text Add to dashboard Cite

Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.

show abstract

Section: Detection Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Data Collectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards a Multi-Layered Phishing Detection

Rendall

Nisioti

Mylonas

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Internet browsers, email systems and other socio-technical systems require input from individual users. Such systems may be designed in a way that aims to protect users and organizations from external attackers as much as is possible (Das et al, 2020). How successful they are in doing so is highly reliant on the user (Pfeffel et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

McAlaney

Hills

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eyetracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.

show abstract

Adversarial Machine Learning in Text: A Case Study of Phishing Email Detection with RCNN Model

Lee

Verma

2020

Adversary-Aware Learning Techniques and Trends in Cybersecurity

View full text Add to dashboard Cite

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Cited by 87 publications

References 234 publications

Towards a Multi-Layered Phishing Detection

Towards a Multi-Layered Phishing Detection

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

Adversarial Machine Learning in Text: A Case Study of Phishing Email Detection with RCNN Model

Contact Info

Product

Resources

About