Assessing the severity of phishing attacks: A hybrid data mining approach

Decision Support Systems

Volumn 50, Issue 4, 2011, Pages 662-672

  Chen, Xi ^a   Bose, Indranil ^b   Leung, Alvin Chung Man ^b,c   Guo, Chenhui ^d  

^a ZHEJIANG UNIVERSITY   (China)

^b UNIVERSITY OF HONG KONG   (Hong Kong)

^c UNIVERSITY OF TEXAS AT AUSTIN   (United States)

^d UNIVERSITY OF ARIZONA   (United States)

Author keywords

Financial loss; Phishing; Risk; Supervised classification; Text phrase extraction; Variable importance

Indexed keywords

FINANCIAL LOSS; PHISHING; PHRASE EXTRACTION; SUPERVISED CLASSIFICATION; VARIABLE IMPORTANCE;

DATA MINING; FINANCE; INDUSTRY; LOSSES;

TEXT PROCESSING;

EID: 79151482463     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2010.08.020     Document Type: Article

References (55)

1. E. Airoldi, and B. Malin Data mining challenges for electronic safety: the case of fraudulent intent detection in e-mails Proceedings of the Workshop on Privacy and Security Aspects of Data Mining 2004, Brighton, UK 2004 57 66
2. F.K. Andoh-Baidoo, and K.-M. Osei-Bryson Exploring the characteristics of internet security breaches that impact the market value of breached firms Expert Systems with Applications 32 3 2007 703 725
3. A.Q. Ansari, T. Patki, A.B. Patki, and V. Kumar Integrated fuzzy logic and data mining: impact on cyber security Proceedings of the Fourth International Conference on Fuzzy Systems and Knowledge Discovery, Haikou, China 2007
4. APWG Phishing Activity Trends Report December 2005 2005 Anti-Phishing Working Group 1 15 (http://www.antiphishing.org/reports/apwg-report-DEC2005- FINAL.pdf )
5. APWG Phishing Activity Trends Report Second Half 2008 2009 Anti-Phishing Working Group 1 12 (http://www.antiphishing.org/reports/apwg-report-H2-2008.pdf )
6. B. Baesens, S. Viaene, D. Van den Poel, J. Vanthienen, and G. Dedene Bayesian neural network learning for repeat purchase modeling in direct marketing European Journal of Operational Research 138 1 2002 191 211
7. H. Berghel Phishing mongers, and posers Communications of the ACM 49 4 2006 21 25
8. I. Bose, and A.C.M. Leung Unveiling the mask of phishing: threats, preventive measures, and responsibilities Communications of the Association for Information Systems 19 24 2007 544 566
9. I. Bose, and R.K. Mahapatra Business data mining-a machine learning perspective Information & Management 39 3 2001 211 225
10. A. Brandt Phishing anxiety may make you miss messages PC World 23 10 2005 34
11. C.J.C. Burges A tutorial on support vector machines for pattern recognition Data Mining and Knowledge Discovery 2 2 1998 121 167
12. M. Chandrasekaran, K. Narayanan, and S. Upadhyaya Phishing e-mail detection based on structural properties Proceedings of NYS Cyber Security Conference, Albany, NY, USA 2006
13. N. Crockford An Introduction to Risk Management 1986 Woodhead-Faulkner Cambridge
14. R. Dhamija, and J.D. Tygar Phish, and HIPs: human interactive proofs to detect phishing attacks H.S. Baird, D.P. Lopresti, Proceedings of the Second International Workshop on Human Interactive Proofs, Bethlehem, PA, USA 2005 127 141
15. B. Ensor, A. Giordanelli, M.d. Lussanet, and T.v. Tongeren Many online banking users use few features 2007 Forrester Research 1 6
16. R. Feldman, and J. Sanger The Text Mining Handbook: Advanced Approaches in Analyzing Unstructured Data 2007 Cambridge University Press Cambridge, UK
17. C. Fellbaum WordNet: An Electronic Lexical Database 1998 The MIT Press Boston, MA, USA
18. I. Fette, N. Sadeh, and A. Tomasic Learning to detect phishing emails Proceedings of the Sixteenth International Conference on World Wide Web, Banff, Alberta, Canada 2007 649 656
19. W.N. Gansterer, and D. Polz E-mail classification for phishing defense, advances in information retrieval Proceedings of the Thirty-First European Conference on IR Research, Toulouse, France 2009 449 460
20. S. Garera, N. Provos, M. Chew, and A.D. Rubin A framework for detection and measurement of phishing attacks Proceedings of the 2007 ACM Workshop on Recurring Malcode, Alexandria, VA, USA 2007 1 8
21. G. Goth Phishing attacks rising, but dollar losses down IEEE Security & Privacy Magazine 3 1 2005 8
22. K. Ha, S. Cho, and D. MacLachlan Response models based on bagging neural networks Journal of Interactive Marketing 19 1 2005 17
23. C.M. Heilman, F. Kaefer, and S.D. Ramenofsky Determining the appropriate amount of data for classifying consumers for direct marketing purposes Journal of Interactive Marketing 17 3 2003 5 28
24. S. Hinde ID theft: the US legal fight back Computer Fraud & Security 2004 10 2004 7 9
25. C. Holton Identifying disgruntled employee systems fraud risk through text mining: a simple solution for a multi-billion dollar problem Decision Support Systems 46 4 2009 853 864
26. T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer Social phishing Communications of the ACM 50 10 2006 1 10
27. M. Jakobsson, and S. Myers Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft 2007 Wiley-Interscience Hoboken, NJ, USA
28. F. Kaefer, C.M. Heilman, and S.D. Ramenofsky A neural network application to consumer classification to improve the timing of direct marketing activities Computers & Operations Research 32 10 2005 2595 2615
29. A. Kankanhalli, H.-H. Teo, B.C.Y. Tan, and K.-K. Wei An integrative study of information systems security effectiveness International Journal of Information Management 23 2 2003 139 154
30. K. Kannan, J. Rees, and S. Sridhar Market reactions to information security breach announcements: an empirical analysis International Journal of Electronic Commerce 12 1 2007 69 91
31. A.G. Kotulic, and J.G. Clark Why there aren't more information security research studies? Information & Management 41 5 2004 597 607
32. P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong Lessons from a real world evaluation of anti-phishing training Proceedings of the eCrime Researchers Summit 2008 2008 Anti-phishing Working Group Atlanta, GA, USA 1 12
33. A.C.M. Leung, and I. Bose Indirect financial loss of phishing to global market Proceedings of the Twenty-Ninth International Conference on Information Systems, Paris, France 2008 1 15
34. E. Levy Criminals become tech savvy IEEE Security & Privacy 2 2 2004 65 68
35. Q. Liao, and X. Luo The phishing hook: issues and reality Journal of Internet Banking and Commerce 9 3 2004 1
36. K.D. Loch, H.H. Carr, and M.E. Warkentin Threats to information systems: today's reality, yesterday's understanding MIS Quarterly 16 2 1992 173 186
37. C. Ludl, S. McAllister, E. Kirda, and C. Kruegel On the effectiveness of techniques to detect phishing sites B.M. Hämmerli, R. Sommer, Proceedings of the Fourth International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Lucerne, Switzerland 2007 20 39
38. Z. Ma, O.R.L. Sheng, and G. Pant Discovering company revenue relations from news: a network approach Decision Support Systems 47 4 2009 408 414
39. A. McWilliams, and D. Siegel Event studies in management research: theoretical and empirical issues Academy of Management Journal 40 3 1997 626 657
40. T. Powell Ounce of ID theft protection worth more than agony of restoring good name, MyWestTexas.com 2008 (http://www.mywesttexas.com/articles/2008/05/ 26/news/opinion/columns/trish-powell/bbb-5-23.txt )
41. J.R. Quinlan C4.5: Programs for Machine Learning 1993 Morgan Kaufmann Publishers San Mateo, CA, USA
42. Rulequest Research, Is See5/C5.0 Better Than C4.5? Rulequest Research, 2008, (http://www.rulequest.com/see5-comparison.html ).
43. A. Saberi, M. Vahidi, and B.M. Bidgoli Learn to detect phishing scams using learning and ensemble methods Proceedings of the International Conferences on Web Intelligence and Intelligent Agent Technology Workshop, Silicon Valley, CA, USA 2007 311 314
44. A. Saltelli, K. Chan, and E.M. Scott Sensitivity Analysis 2000 Wiley Chichester, West Sussex, UK
45. N.P. Singh Online frauds in banks with phishing Journal of Internet Banking and Commerce 12 2 2007 1 27
46. T. Smith, and J. Jordan Banks' Top Phishing Fears-Financial Loss and Lost Customer Trust 2007 MarkMonitor San Francisco, CA, USA
47. C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin Intrusion detection by machine learning: a review Expert Systems with Applications 36 10 2009 1194 1200
48. T.-W. Wang, J. Rees, and K. Kannan Reading the disclosures with new eyes: bridging the gap between information security disclosures and incidents February 1, 2008 (http://ssrn.com/abstract=1083992 )
49. C.-P. Wei, R.H.L. Chiang, and C.-C. Wu Accommodating individual preferences in the categorization of documents: a personalized clustering approach Journal of Management Information Systems 23 2 2006 173 201
50. M.E. Whitman Threats to information security Communications of the ACM 46 8 2003 91 95
51. M. Workman Wisecrackers, a theory-grounded investigation of phishing and pretext social engineering threats to information security Journal of the American Society for Information Science and Technology 59 4 2008 662 674
52. J. Zhang, Z.-H. Du, and W. Liu A behavior-based detection approach to mass-mailing host Proceedings of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, China 2007 2140 2144
53. J.-.Z. Zhao, and H.-.K. Huang An intrusion detection system based on data mining and immune principles Proceedings of the First International Conference on Machine Learning and Cybernetics, Beijing, China 2002
54. J. Zhao, M. Zulkernine, and A. Haque Random-forests-based network intrusion detection systems IEEE Transactions on Systems, Man, and Cybernetics - Part C: Applications and Reviews 38 5 2008 649 659
55. D. Zhu, G. Premkumar, X. Zhang, and C.-.H. Chu Data mining for network intrusion detection: a comparison of alternative methods Decision Sciences 32 4 2001 635 660