Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing URLs

2013 IEEE International Conference on Communications (ICC) Pub Date : 2013-06-09 DOI:10.1109/ICC.2013.6654816

W. Chu, Bin B. Zhu, Feng Xue, X. Guan, Zhongmin Cai

{"title":"Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing URLs","authors":"W. Chu, Bin B. Zhu, Feng Xue, X. Guan, Zhongmin Cai","doi":"10.1109/ICC.2013.6654816","DOIUrl":null,"url":null,"abstract":"Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.","PeriodicalId":6368,"journal":{"name":"2013 IEEE International Conference on Communications (ICC)","volume":"16 1","pages":"1990-1994"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"55","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2013.6654816","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 55

Abstract

Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.

查看原文本刊更多论文

利用从不可访问的网络钓鱼url中提取的功能，保护敏感站点免受网络钓鱼攻击

网络钓鱼是全球第三大网络安全威胁，也是中国第一大网络安全威胁。从2011年6月到2012年6月，仅中国就有6169万网络钓鱼受害者，每年的经济损失总额超过46.4亿美元。这些网络钓鱼攻击高度集中在几个主要网站上。许多网络钓鱼网页的寿命都很短。在本文中，我们假设防止网络钓鱼攻击的网站是已知的，并且仅使用词法和域特征研究基于机器学习的网络钓鱼检测的有效性，这些特征即使在网络钓鱼网页不可访问时也是可用的。然后，我们在我们的网络钓鱼检测器中选择了一组最优的特征，该检测器的检测率优于98%，假阳性率为0.64%或更低。当网络钓鱼url的分布发生变化时，检测器仍然有效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 IEEE International Conference on Communications (ICC)

自引率

0.00%

发文量