A Methodical Overview on Phishing Detection along with an Organized Way to Construct an Anti-Phishing Framework

2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS) Pub Date : 2019-03-15 DOI:10.1109/ICACCS.2019.8728356

Srushti Patil, Sudhir Dhage

{"title":"A Methodical Overview on Phishing Detection along with an Organized Way to Construct an Anti-Phishing Framework","authors":"Srushti Patil, Sudhir Dhage","doi":"10.1109/ICACCS.2019.8728356","DOIUrl":null,"url":null,"abstract":"Phishing is a security attack to acquire personal information like passwords, credit card details or other account details of a user by means of websites or emails. Phishing websites look similar to the legitimate ones which make it difficult for a layman to differentiate between them. As per the reports of Anti Phishing Working Group (APWG) published in December 2018, phishing against banking services and payment processor was high. Almost all the phishy URLs use HTTPS and use redirects to avoid getting detected. This paper presents a focused literature survey of methods available to detect phishing websites. A comparative study of the in-use anti-phishing tools was accomplished and their limitations were acknowledged. We analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is our major contribution. Also, a step wise procedure of designing an anti-phishing model is discussed to construct an efficient framework which adds to our contribution. Observations made out of this study are stated along with recommendations on existing systems.","PeriodicalId":249139,"journal":{"name":"2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS)","volume":"258 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACCS.2019.8728356","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 42

Abstract

Phishing is a security attack to acquire personal information like passwords, credit card details or other account details of a user by means of websites or emails. Phishing websites look similar to the legitimate ones which make it difficult for a layman to differentiate between them. As per the reports of Anti Phishing Working Group (APWG) published in December 2018, phishing against banking services and payment processor was high. Almost all the phishy URLs use HTTPS and use redirects to avoid getting detected. This paper presents a focused literature survey of methods available to detect phishing websites. A comparative study of the in-use anti-phishing tools was accomplished and their limitations were acknowledged. We analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is our major contribution. Also, a step wise procedure of designing an anti-phishing model is discussed to construct an efficient framework which adds to our contribution. Observations made out of this study are stated along with recommendations on existing systems.

查看原文本刊更多论文

网络钓鱼检测的系统概述以及有组织地构建反网络钓鱼框架的方法

网络钓鱼是一种安全攻击，通过网站或电子邮件获取用户的个人信息，如密码、信用卡详细信息或其他帐户详细信息。网络钓鱼网站看起来与合法网站相似，这使得外行人很难区分它们。根据反网络钓鱼工作组(APWG)在2018年12月发布的报告，针对银行服务和支付处理器的网络钓鱼很高。几乎所有的钓鱼网址都使用HTTPS并使用重定向来避免被检测到。本文提出了一个集中的文献调查方法，可用于检测网络钓鱼网站。对目前使用的反网络钓鱼工具进行了比较研究，并承认了它们的局限性。我们分析了过去使用的基于url的特性，以便根据当前场景改进它们的定义，这是我们的主要贡献。此外，本文还讨论了反网络钓鱼模型的分步设计过程，以构建一个有效的框架，为我们的研究做出贡献。本研究的观察结果连同对现有系统的建议一并陈述。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS)

自引率

0.00%

发文量