Detecting Phishing Using a Multi-Layered Social Engineering Framework

Q3 Computer Science

Journal of Cyber Security and Mobility Pub Date : 2023-01-01 DOI:10.32604/jcs.2023.043359

Kofi Sarpong Adu-Manu, Richard Kwasi Ahiable

{"title":"Detecting Phishing Using a Multi-Layered Social Engineering Framework","authors":"Kofi Sarpong Adu-Manu, Richard Kwasi Ahiable","doi":"10.32604/jcs.2023.043359","DOIUrl":null,"url":null,"abstract":"As businesses develop and expand with a significant volume of data, data protection and privacy become increasingly important. Research has shown a tremendous increase in phishing activities during and after COVID-19. This research aimed to improve the existing approaches to detecting phishing activities on the internet. We designed a multi-layered phish detection algorithm to detect and prevent phishing applications on the internet using URLs. In the algorithm, we considered technical dimensions of phishing attack prevention and mitigation on the internet. In our approach, we merge, Phishtank, Blacklist, Blocklist, and Whitelist to form our framework. A web application system and browser extension were developed to implement the algorithm. The multi-layer phish detector evaluated ten thousand URLs gathered randomly from the internet (five thousand phishing and five thousand legitimate URLs). The system was estimated to detect levels of accuracy, true-positive and false-positive values. The system level accuracy was recorded to be 98.16%. Approximately 49.6% of the websites were detected as illegitimate, whilst 49.8% were seen as legitimate.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cyber Security and Mobility","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32604/jcs.2023.043359","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

As businesses develop and expand with a significant volume of data, data protection and privacy become increasingly important. Research has shown a tremendous increase in phishing activities during and after COVID-19. This research aimed to improve the existing approaches to detecting phishing activities on the internet. We designed a multi-layered phish detection algorithm to detect and prevent phishing applications on the internet using URLs. In the algorithm, we considered technical dimensions of phishing attack prevention and mitigation on the internet. In our approach, we merge, Phishtank, Blacklist, Blocklist, and Whitelist to form our framework. A web application system and browser extension were developed to implement the algorithm. The multi-layer phish detector evaluated ten thousand URLs gathered randomly from the internet (five thousand phishing and five thousand legitimate URLs). The system was estimated to detect levels of accuracy, true-positive and false-positive values. The system level accuracy was recorded to be 98.16%. Approximately 49.6% of the websites were detected as illegitimate, whilst 49.8% were seen as legitimate.

查看原文本刊更多论文

基于多层社会工程框架的网络钓鱼检测

随着业务的发展和扩展，数据量越来越大，数据保护和隐私变得越来越重要。研究表明，在COVID-19期间和之后，网络钓鱼活动急剧增加。本研究旨在改进现有的检测网络钓鱼活动的方法。我们设计了一种多层网络钓鱼检测算法，用于检测和防止网络上使用url的网络钓鱼应用程序。在算法中，我们考虑了网络钓鱼攻击预防和缓解的技术维度。在我们的方法中，我们合并，钓鱼坦克，黑名单，黑名单和白名单，以形成我们的框架。开发了一个web应用系统和浏览器扩展来实现该算法。多层网络钓鱼探测器评估了从互联网上随机收集的1万个网址(5000个钓鱼网址和5000个合法网址)。据估计，该系统可以检测准确率、真阳性和假阳性值。系统级准确度为98.16%。大约49.6%的网站被检测为非法网站，而49.8%被视为合法网站。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Cyber Security and Mobility Computer Science-Computer Networks and Communications

CiteScore

2.30

自引率

0.00%

发文量

期刊介绍： Journal of Cyber Security and Mobility is an international, open-access, peer reviewed journal publishing original research, review/survey, and tutorial papers on all cyber security fields including information, computer & network security, cryptography, digital forensics etc. but also interdisciplinary articles that cover privacy, ethical, legal, economical aspects of cyber security or emerging solutions drawn from other branches of science, for example, nature-inspired. The journal aims at becoming an international source of innovation and an essential reading for IT security professionals around the world by providing an in-depth and holistic view on all security spectrum and solutions ranging from practical to theoretical. Its goal is to bring together researchers and practitioners dealing with the diverse fields of cybersecurity and to cover topics that are equally valuable for professionals as well as for those new in the field from all sectors industry, commerce and academia. This journal covers diverse security issues in cyber space and solutions thereof. As cyber space has moved towards the wireless/mobile world, issues in wireless/mobile communications and those involving mobility aspects will also be published.