HYBRID FEATURES - BASED PREDICTION FOR NOVEL PHISH WEBSITES
DOI:
https://doi.org/10.11113/jt.v78.10026Keywords:
Hybrid features, novel phish websites, prediction susceptibility, co-occurrence criterion, phishness inductionAbstract
Phishers frequently craft novel deceptions on their websites and circumvent existing anti-phishing techniques for insecure intrusions, users’ digital identity theft, and then illegal profits. This raises the needs to incorporate new features for detecting novel phish websites and optimizing the existing anti-phishing techniques. In this light, 58 new hybrid features were proposed in this paper and their prediction susceptibilities were evaluated by using feature co-occurrence criterion and a baseline machine learning algorithm. Empirical test and analysis showed the significant outcomes of the proposed features on detection performance. As a result, the most influential features are identified, and new insights are offered for further detection improvement.Â
References
Khonji, M., Iraqi, Y. and Jones, A. 2013. Phishing Detection: A Literature Survey. Communications Surveys and Tutorials, IEEE. 15(4): 2091-2121.
Purkait, S. 2012. Phishing Counter Measures and Their Effectiveness-Literature Review. Information Management and Computer Security. 20(5): 382-420.
Gowtham, R., Krishnamurthi, I. and Kumar, K. 2014. An Efficacious Method for Detecting Phishing Webpage Through Target Domain Identification. Decision Support Systems.
Rader, M. A. and Rahman, S. S. M. 2013. Exploring Historical and Emerging Phishing Techniques and Mitigating the Associated Security Risks. International Journal of Network Security and Its Applications. 5(4).
San Martino, A. and Perramon, X. 2010. Phishing Secrets: History, Effects, Countermeasures. IJ Network Security. 11(3):163-171.
He, M., Horng, S.-J., Fan, P., Khan, M. K., Run, R.-S., Lai, J.-L. and Sutanto, A. 2011. An Efficient Phishing Webpage Detector. Expert Systems with Applications. 38(10): 12018-12027.
Whittaker, C. , Ryner, B. and Nazif, M. 2010. March. Large-scale Automatic Classification of Phishing Pages. In NDSS.10
Kordestani, H. and Shajari, M. 2013. An Entice Resistant Automatic Phishing Detection. 5th Conference in Information and Knowledge Technology (IKT). 134-139.
Shahriar, H. and Zulkernine, M. 2012. Trustworthiness Testing of Phishing Websites: a Behavior Model-Based Approach. Future Generation Computer Systems. 28(8): 1258-1271.
Islam, R. and Abawajy, J. 2013. A Multi-tier Phishing Detection and Filtering Approach. Journal of Network and Computer Applications. 36(1): 324-335.
Gowtham, R. and Krishnamurthi, I. 2014. A Comprehensive and Efficacious Architecture for Detecting Phishing Webpages. Computers and Security. 40: 23-37.
Barraclough, P., Hossain, M., Tahir, M., Sexton, G. and Aslam, N. 2013. Intelligent Phishing Detection and Protection Scheme for Online Transactions. Expert Systems with Applications. 40(11): 4697-4706.
Aburrous, M., Hossain, M., Dahal, K. and Thabtah, F. 2010. Associative Classification Techniques for Predicting e-Banking Phishing Websites. 2010 International Conference on Multimedia Computing and Information Technology (MCIT).
Olivo, C.K., Santin, A.O. and Oliveira, L.S. 2013. Obtaining the Threat Model for E-mail Phishing. Applied Soft Computing. 13(12): 4841-4848.
Alnajim, A. and Munro, M. 2009. An Anti-Phishing Approach that Uses Training Intervention for Phishing Websites Detection. Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations-Volume.
Pan, Y. and Ding, X. 2006. Anomaly Based Web Phishing Page Detection. In Computer Security Applications Conference (ACSAC'06). 381-392.
Joshi, Y., Saklikar, S., Das, D. and Saha, S. 2008. PhishGuard: A Browser Plug-in for Protection from Phishing. 2nd International Conference in Internet Multimedia Services Architecture and Applications (IMSAA 2008). 1-6.
Likarish, P., Jung, E., Dunbar, D., Hansen, T. E. and Hourcade, J. P. 2008. B-apt: Bayesian Anti-Phishing Toolbar. IEEE International Conference in Communications (ICC'08). 1745-1749.
Yue, C. and Wang, H. 2010. BogusBiter: A Transparent Protection Against Phishing Attacks. College of William and Mary. ACM Transactions on Internet Technology. 10(2).
Shahriar, H. and Zulkernine, M. 2010. PhishTester: Automatic Testing of Phishing Attacks. Fourth International Conference in Secure Software Integration and Reliability Improvement (SSIRI).198-207.
Prakash, P., Kumar, M., Kompella, R. R. and Gupta, M. 2010. Phishnet: Predictive Blacklisting to Detect Phishing Attacks, In Proceedings of INFOCOM. IEEE. 1-5.
Fahmy, H. M. and Ghoneim, S. A. 2011. PhishBlock: A Hybrid Anti-Phishing Tool. International Conference in Communications, Computing and Control Applications (CCCA). 1-5.
Xiang, G., Hong, J., Rose, C. P. and Cranor, L. 2011. Cantina+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites. ACM Transactions on Information and System Security (TISSEC). 14(2).
Han, W., Cao, Y., Bertino, E. and Yong, J. 2012. Using Automated Individual White-List to Protect Web Digital Identities. Expert Systems with Applications. 39(15): 11861-11869.
Gastellier-Prevost, S., Granadillo, G. G. and Laurent, M. 2011. Decisive Heuristics to Differentiate Legitimate from Phishing Sites. Conference in Network and Information Systems Security (SAR-SSI). 1-9.
Zhuang, W. , Jiang, Q. and Xiong, T. 2012. An Intelligent Anti-Phishing Strategy Model for Phishing Website Detection. 32nd International Conference in Distributed Computing Systems Workshops (ICDCSW). 51-56.
Alkhozae, M. G. and Maratfi, O. A. 2011. Phishing Websites Detection Based On Phishing Characteristics in the Webpage Source Code. International Journal of Information and Communication Technology Research.
Nguyen, L. A. T., To, B. L., Nguyen, H. K. and Nguyen, M. H. 2013. Detecting Phishing Web Sites: A Heuristic URL-Based Approach. International Conference in Advanced Technologies for Communications (ATC). 597-602.
Zhang, J. and Wang, Y. 2012. A Real-Time Automatic Detection of Phishing URLs. 2nd International Conference in Computer Science and Network Technology (ICCSNT). 1212-1216.
Basnet, R. B. and Sung, A. H. 2012. Mining Web to Detect Phishing URLs. 11th International Conference in Machine Learning and Applications (ICMLA). 568-573.
Cardoso, E. , Jabour, I. , Laber, E. , Rodrigues, R. and Cardoso, P. 2011. An Efficient Language-Independent Method to Extract Content from News Webpages. In Proceedings of the 11th ACM symposium on Document engineering. 121-128.
Khonji, M., Iraqi, Y. and Jones, A. 2011. Lexical URL Analysis for Discriminating Phishing and Legitimate Websites. In Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference. ACM.
Uzun, E. , Agun, H. V. and Yerlikaya, T. 2013. A Hybrid Approach for Extracting Informative Content from Web Pages. Information Processing and Management. 49: 928-944.
Fu, L., Meng, Y., Xia, Y. and Yu, H. 2010. Web Content Extraction Based On Webpage Layout Analysis. 2nd International Conference in Information Technology and Computer Science (ITCS). 40-43.
Wang, H. , Zhu, B. and Wang, C. 2012. A Method of Detecting Phishing Web Pages Based On Feature Vectors Matching. Journal of Information and Computational Systems. 9: 4229-4235.
Lakshmi, V. S. and Vijaya, M. 2012. Efficient Prediction of Phishing Websites using Supervised Learning Algorithms. Procedia Engineering. 30: 798-805.
Huang, H. , Qian, L. and Wang, Y. 2012. A SVM-based Technique to Detect Phishing URLs. Information Technology Journal. 11: 921-925.
Downloads
Published
Issue
Section
License
Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.