A keyword-based combination approach for detecting phishing webpages

Ding, Yan; Luktarhan, Nurbol; Li, Keqin; Slamu, Wushour

doi:10.1016/j.cose.2019.03.018

Cited by 52 publications

(28 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Phishing: Online phishing attacks, such as phishing webpages or phishing emails, are one type of cybercrimes that can lure users to reveal sensitive or credential information and steal private or financial information through social engineering attacks [40] or using other fraudulent, illegal activities [1]. These malicious activities can cause severe economic losses and threaten credibility and financial security of OSN users.…”

Section: B Luringmentioning

confidence: 99%

“…Influencing user's option or decision, advertising, reputation loss [224] Luring Phishing Attackers trick users into revealing sensitive information related to work, financial credentials, or even personal data to be used in fraudulent activities Confidential personal data leakage, launch advertising campaigns, pornography [1,40,194]…”

Section: F Relationships Between Online Social Deception Social Netmentioning

confidence: 99%

“…• Confusion Matrix [10,17,21,28,40,49,50,61,78,88,89,91,95,102,107,108,113,115,117,135,162,166,174,175,177,178,186,199,206,222]: The confusion matrix is made of True Positive (TP), False Positive (FP), True Negative (TN), and False Negative (FN). They are the basic components for other accuracy metrics, such as precision and recall.…”

Section: B Metricsmentioning

confidence: 99%

See 2 more Smart Citations

Online Social Deception and Its Countermeasures: A Survey

et al. 2021

View full text Add to dashboard Cite

We are living in an era when online communication over social network services (SNSs) have become an indispensable part of people's everyday lives. As a consequence, online social deception (OSD) in SNSs has emerged as a serious threat in cyberspace, particularly for users vulnerable to such cyberattacks. Cyber attackers have exploited the sophisticated features of SNSs to carry out harmful OSD activities, such as financial fraud, privacy threat, or sexual/labor exploitation. Therefore, it is critical to understand OSD and develop effective countermeasures against OSD for building trustworthy SNSs. In this paper, we conduct an extensive survey, covering (i) the multidisciplinary concept of social deception; (ii) types of OSD attacks and their unique characteristics compared to other social network attacks and cybercrimes; (iii) comprehensive defense mechanisms embracing prevention, detection, and response (or mitigation) against OSD attacks along with their pros and cons; (iv) datasets/metrics used for validation and verification; and (v) legal and ethical concerns related to OSD research. Based on this survey, we provide insights into the effectiveness of countermeasures and the lessons learned from the existing literature. We conclude our survey with in-depth discussions on the limitations of the state-of-the-art and suggest future research directions in OSD research.

show abstract

Section: B Luringmentioning

confidence: 99%

Section: F Relationships Between Online Social Deception Social Netmentioning

confidence: 99%

See 1 more Smart Citation

Online Social Deception and Its Countermeasures: A Survey

et al. 2021

View full text Add to dashboard Cite

show abstract

“…technology combined with heuristics to classify websites into legitimate and phishing [30]. The approach enters the title tag of the webpage as a search keyword into 'Baidu' search engine and marks it as legitimate if the website is within the top ten results from searching and skips the next steps.…”

Section: Ding Et Al (2019) Used Search Engine Based Detectionmentioning

confidence: 99%

“…The ratio of links pointing to the same domain vs other domain is evaluated and if the outer domain links are beyond a threshold, it is declared as phishing. From literature [30], it has been found that a 36% threshold of webpages pointing to a foreign domain is most effective in finding the phishing websites and hence this value is used.…”

Section: Phase 2: Hyperlinks Extraction and Analysismentioning

confidence: 99%

Browser Extension based Hybrid Anti-Phishing Framework using Feature Selection

Maurya¹,

Saini²,

Jain³

2019

IJACSA

View full text Add to dashboard Cite

Phishing is one of the socially engineered cybersecurity attacks where the attacker impersonates a genuine and legitimate website source and sends emails with the intention of stealing sensitive personal information. The phishing websites' URLs are usually spread through emails by luring the users to click on them or by embedding the link to fake website replicating any genuine e-commerce website inside the invoice or other documents. The phishing problem is very wide and no single solution exists to mitigate all the vulnerabilities properly. Thus, multiple techniques are often combined and implemented to mitigate specific attacks. The primary objective of this paper is to propose an efficient and effective anti-phishing solution that can be implemented at the client-side in the form of a browser extension and should be capable to handle real-time scenarios and zero-day attacks. The proposed approach works efficiently for any phishing link carrier mode as the execution on clicking on any link or manually entering URL in the browser doesn't proceed unless the proposed framework approves that the website associated with that URL is genuine. Also, the proposed framework is capable to handle DNS cache poisoning attacks even if the system's DNS cache is somehow infected. This paper first presents a comprehensive review that broadly discusses the phishing life cycle and available anti-phishing countermeasures. The proposed framework considers the pros and cons of existing methodologies and presents a robust solution by combining the best features to ensure that a fast and accurate response is achieved. The effectiveness of the approach is tested in a real-time dataset consisting of live phishing and legitimate website URLs and the framework is found to be 98.1% accurate in identifying websites correctly in very less time.

show abstract