A Tutorial on Support Vector Machines for Pattern Recognition
Data Mining and Knowledge Discovery
Cost-Sensitive Learning by Cost-Proportionate Example Weighting
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
On the Evolution of Clusters of Near-Duplicate Web Pages
LA-WEB '03 Proceedings of the First Conference on Latin American Web Congress
Detection of phishing webpages based on visual similarity
WWW '05 Special interest tracks and posters of the 14th international conference on World Wide Web
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
An introduction to ROC analysis
Pattern Recognition Letters - Special issue: ROC analysis in pattern recognition
Anomaly Based Web Phishing Page Detection
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Learning to detect phishing emails
Proceedings of the 16th international conference on World Wide Web
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
A framework for detection and measurement of phishing attacks
Proceedings of the 2007 ACM workshop on Recurring malcode
On the Effectiveness of Techniques to Detect Phishing Sites
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Visual-similarity-based phishing detection
Proceedings of the 4th international conference on Security and privacy in communication netowrks
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
A hybrid phish detection approach by identity discovery and keywords retrieval
Proceedings of the 18th international conference on World wide web
Detecting visually similar Web pages: Application to phishing detection
ACM Transactions on Internet Technology (TOIT)
A hierarchical adaptive probabilistic approach for zero hour phish detection
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
A robust defense mechanism to prevent phishing attack using parse tree validation
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Statistical cross-language Web content quality assessment
Knowledge-Based Systems
Context-aware web security threat prevention
Proceedings of the 2012 ACM conference on Computer and communications security
Sophisticated phishers make more spelling mistakes: using URL similarity against phishing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Intelligent phishing detection and protection scheme for online transactions
Expert Systems with Applications: An International Journal
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Phishing is a plague in cyberspace. Typically, phish detection methods either use human-verified URL blacklists or exploit Web page features via machine learning techniques. However, the former is frail in terms of new phish, and the latter suffers from the scarcity of effective features and the high false positive rate (FP). To alleviate those problems, we propose a layered anti-phishing solution that aims at (1) exploiting the expressiveness of a rich set of features with machine learning to achieve a high true positive rate (TP) on novel phish, and (2) limiting the FP to a low level via filtering algorithms. Specifically, we proposed CANTINA+, the most comprehensive feature-based approach in the literature including eight novel features, which exploits the HTML Document Object Model (DOM), search engines and third party services with machine learning techniques to detect phish. Moreover, we designed two filters to help reduce FP and achieve runtime speedup. The first is a near-duplicate phish detector that uses hashing to catch highly similar phish. The second is a login form filter, which directly classifies Web pages with no identified login form as legitimate. We extensively evaluated CANTINA+ with two methods on a diverse spectrum of corpora with 8118 phish and 4883 legitimate Web pages. In the randomized evaluation, CANTINA+ achieved over 92% TP on unique testing phish and over 99% TP on near-duplicate testing phish, and about 0.4% FP with 10% training phish. In the time-based evaluation, CANTINA+ also achieved over 92% TP on unique testing phish, over 99% TP on near-duplicate testing phish, and about 1.4% FP under 20% training phish with a two-week sliding window. Capable of achieving 0.4% FP and over 92% TP, our CANTINA+ has been demonstrated to be a competitive anti-phishing solution.