Detecting Phishing Emails the Natural Language Way

Verma, Rakesh M.; Shashidhar, Narasimha; Hossain, Nabil

doi:10.1007/978-3-642-33167-1_47

Cited by 70 publications

(54 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other checks can also be carried out. For example, to look at differences between displayed and actual domain names [13] or carry out an NLP analysis of the actual email text [38]. If the email is delivered and the person clicks, post-click detection can also occur.…”

Section: Related Workmentioning

confidence: 99%

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Volkamer

Renaud

Reinheimer

et al. 2017

Computers & Security

View full text Add to dashboard Cite

We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection.We evaluated TORPEDO's effectiveness, as compared to the worst case 'status bar' as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

show abstract

Section: Related Workmentioning

confidence: 99%

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Volkamer

Renaud

Reinheimer

et al. 2017

Computers & Security

View full text Add to dashboard Cite

show abstract

“…This work differs from theirs in several respects: we consider many other classifiers than they do and we analyze more lexical features, including the character distributions of the URLs. More on phishing email detection can be found in [24,23].…”

Section: Related Researchmentioning

confidence: 99%

On the Character of Phishing URLs

Verma

Dyer

2015

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Self Cite

View full text Add to dashboard Cite

Phishing attacks resulted in an estimated $3.2 billion dollars worth of stolen property in 2007, and the success rate for phishing attacks is increasing each year [17]. Phishing attacks are becoming harder to detect and more elusive by using short time windows to launch attacks. In order to combat the increasing effectiveness of phishing attacks, we propose that combining statistical analysis of website URLs with machine learning techniques will give a more accurate classification of phishing URLs. Using a two-sample Kolmogorov-Smirnov test along with other features we were able to accurately classify 99.3% of our dataset, with a false positive rate of less than 0.4%. Thus, accuracy of phishing URL classification can be greatly increased through the use of these statistical measures.

show abstract

“…Previous researchers [14,27] have considered URL classification based on link analysis only by proposing systems which use search engine based features as well as web site popularity and blacklists as major attributes for URL detection. However, with search engines rate-limiting queries and charging for them, methods based on Web search are becoming infeasible.…”

Section: Introductionmentioning

confidence: 99%

“…However, with search engines rate-limiting queries and charging for them, methods based on Web search are becoming infeasible. There have been some phishing URL detection attempts in the past using special symbols [20], domain information [27,29], or single-character distributions [26], but few have investigated character N-grams as features for phishing URL detection. Moreover, mostly batch machine learning algorithms have been used for phishing URL classification and analysis.…”

Section: Introductionmentioning

confidence: 99%

What's in a URL

Verma

Das

2017

Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics

Self Cite

View full text Add to dashboard Cite

Phishing is an online social engineering attack with the goal of digital identity theft carried out by pretending to be a legitimate entity. The attacker sends an attack vector commonly in the form of an email, chat session, blog post etc., which contains a link (URL) to a malicious website hosted to elicit private information from the victims.We focus on building a system for URL analysis and classification to primarily detect phishing attacks. URL analysis is attractive to maintain distance between the attacker and the victim, rather than visiting the website and getting features from it. It is also faster than Internet search, retrieving content from the destination web site and network-level features used in previous research.We investigate several facets of URL analysis, e.g., performance analysis on both balanced and unbalanced datasets in a static as well as live experimental setup and online versus batch learning.

show abstract

Detecting Phishing Emails the Natural Language Way

Cited by 70 publications

References 25 publications

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

On the Character of Phishing URLs

What's in a URL

Contact Info

Product

Resources

About