A survey on anti-phishing techniques: From conventional methods to machine learning

Downloads

Abstract

Phishing is a deceptive technique to steal confidential information like user credentials and bank account details
of web users. Employing technical and social engineering skills phishers make huge financial loss to web users
and large organizations alike, and it has become one of the serious cybercrime today. This paper discusses
different types of phishing techniques, their impacts, common indicators of phishing attacks, and analyses various
anti-phishing solutions from conventional methods implementing blacklist, white list, heuristics, fuzzy logic, visual
similarity, etc. to machine learning methods. The study provides gap analysis of conventional anti-phishing
techniques, and points out the challenges facing machine learning based approaches including proper feature
selection, diversity in data sets, imbalanced scenarios, and differences in evaluation metrics. This investigation
outlines the need for serious researches in this area since there is no foolproof solution to phishing as phishers
change their tactics very often to bypass anti-phishing detection systems.

Keywords:

Cyber security, phishing, social engineering, feature selection, machine learning, deep learning

Mathematics Subject Classification:

Mathematics
  • Pages: 319-328
  • Date Published: 01-01-2021
  • Vol. 9 No. 01 (2021): Malaya Journal of Matematik (MJM)

Abdelhamid, N., Thabtah, F., and Abdel-jaber, H. (2017). Phishing detection: A recent intelligent machine learning comparison based on models content and features. In 2017 IEEE international conference on intelligence and security informatics (ISI), pages 72-77. IEEE.

Aburrous, M., Hossain, M. A., Dahal, K., and Thabtah, F. (2010). Intelligent phishing detection system for e-banking using fuzzy data mining. Expert systems with applications, $37(12): 7913-7921$.

APWG. Phishing activity trends report. Technical report, Anti-Phishing Working Group, 2019 4th Quarter Report.

APWG. Phishing activity trends report. Technical report, Anti-Phishing Working Group, 2020 2nd Quarter Report.

bankinfosecurity.com (Last accessed November 29 , 2020). Phishing campaign tied to amazon prime day. https://www.bankinfosecurity.com/phishing-campaigntied-to-amazon-prime-day-a-12782.

Cao, Y., Han, W., and Le, Y. (2008). Anti-phishing based on automated individual white-list. In Proceedings of the 4th ACM workshop on Digital identity management, pages $51-60$.

Caputo, D. D., Pfleeger, S. L., Freeman, J. D., and Johnson, M. E. (2013). Going spear phishing: Exploring embedded training and awareness. IEEE Security & Privacy, $12(1): 28-$ 38.

Chen, J. and Guo, C. (2006). Online detection and prevention of phishing attacks. In 2006 First International Conference on Communications and Networking in China, pages 1-7. IEEE.

Cyren (2018). The phishing issue from targeted attacks to high-velocity phishing. Technical report, Cyber Threat Report.

Egan, G. (Last accessed November 29, 2020). State of the phish report: Attack rates rise, account compromise soars. proofpoint,threat protection. https://www.proofpoint.com/us/corporate-blog/post/2019. state-phish-report-attack-rates-rise-account-compromise soars.

El Aassal, A., Baki, S., Das, A., and Verma, R. M. (2020). An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access, 8:2217022192.

Google.com (Last accessed November 29, 2020). Safe browsing: Malware and phishing. https://transparencyreport.google.com/safe browsing/overview.

Joshi, Y., Saklikar, S., Das, D., and Saha, S. (2008). Phishguard: a browser plug-in for protection from phishing. In 2008 2nd International Conference on Internet Multimedia Services Architecture and Applications, pages 1-6. IEEE. [14] Kathrine, G. J. W., Praise, P. M., Rose, A. A., and Kalaivani, E. C. (2019). Variants of phishing attacks and their detection techniques. In 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), pages $255-259$. IEEE.

Kedem, O., Turgeman, A., Novick, I., Zaloum, A. B., Karabchevsky, L., Mintz, S., and Maor, R. U. (2019). Device, system, and method of detecting vishing attacks. US Patent App. 16/188,312.

Mao, J., Li, P., Li, K., Wei, T., and Liang, Z. (2013). Baitalarm: detecting phishing sites using similarity in fundamental visual features. In 2013 5th International Conference on Intelligent Networking and Collaborative Systems, pages 790-795. IEEE.

Mishra, S. and Soni, D. (2019). Sms phishing and mitigation approaches. In 2019 Twelfth International Conference on Contemporary Computing (IC3), pages 1-5. IEEE.

Nepper, P. and Nair, K. C. (Last accessed November 29,2020 ). Better password protections in chrome - how it works. https://security. googleblog.com/2019/12/betterpassword-protections-in-chrome.html.

PhishLabs (Last accessed November 29, 2020). Growing social engineering threats. Technical report, Phishing Trends And Intelligence Report.

Prakash, P., Kumar, M., Kompella, R. R., and Gupta, M. (2010). Phishnet: predictive blacklisting to detect phishing attacks. In 2010 Proceedings IEEE INFOCOM, pages 1-5. IEEE.

Prasad, R. and Rohokale, V. (2020). Cyber Security: The Lifeline of Information and Communication Technology. Springer.

Rao, R. S. and Ali, S. T. (2015). A computer vision technique to detect phishing attacks. In 2015 Fifth International Conference on Communication Systems and Network Technologies, pages 596-601. IEEE.

Sahingoz, O. K., Buber, E., Demir, O., and Diri, B. (2019). Machine learning based phishing detection from urls. Expert Systems with Applications, 117:345-357.

Shankar, A. and Shetty, R. (2019). A review on phishing attacks. International Journal of Applied Engineering Research, 14(9):2171-2175.

www.f5.com (Last accessed November 29, 2020). 2020 phishing and fraud report. https://www.f5.com/labs/articles/threat-intelligence/2020phishing-and-fraud-report.

www.proofpoint.com (Last accessed March 27, 2020). State of phish : An in-depth look at user awareness,vulnerability and resilience. Technical report, ProofPoint Annual Report.

www.us cert.gov (Last accessed November 29, 2020). Google docs phishing campaign. https://www.us- cert.gov/ncas/current-activity/2017/05/04/Google-DocsPhishing-Campaign.

Xiao, X., Zhang, D., Hu, G., Jiang, Y., and Xia, S. (2020). Cnn-mhsa: A convolutional neural network and multi-head self-attention combined approach for detecting phishing websites. Neural Networks.

Zhu, E., Chen, Y., Ye, C., Li, X., and Liu, F. (2019). Ofsnn: An effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access, 7:73271-73284.

Metrics

Metrics Loading ...

Published

01-01-2021

How to Cite

M. Noushad Rahim, and K.P. Mohamed Basheer. “A Survey on Anti-Phishing Techniques: From Conventional Methods to Machine Learning”. Malaya Journal of Matematik, vol. 9, no. 01, Jan. 2021, pp. 319-28, https://www.malayajournal.org/index.php/mjm/article/view/1026.

Issue

Vol. 9 No. 01 (2021): Malaya Journal of Matematik (MJM)

Section

Articles

License

Copyright (c) 2021 MJM

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.