Phishing detection: A literature survey

IEEE Communications Surveys and Tutorials

Volumn 15, Issue 4, 2013, Pages 2091-2121

  Khonji, Mahmoud ^a   Iraqi, Youssef ^a   Jones, Andrew ^a  

^a KHALIFA UNIVERSITY   (United Arab Emirates)

Author keywords

Email classification; Phishing; Phishing detection; Security; Social engineering

Indexed keywords

EMAIL CLASSIFICATION; PHISHING; PHISHING DETECTIONS; SECURITY; SOCIAL ENGINEERING;

ELECTRONIC MAIL; SURVEYS;

COMPUTER CRIME;

EID: 84888328281     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2013.032213.00009     Document Type: Review

References (54)

1. S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs, "Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions," in Proceedings of the 28th international conference on Human factors in computing systems, ser. CHI '10. New York, NY, USA: ACM, 2010, pp. 373-382.
2. B. Krebs, "HBGary Federal hacked by Anonymous," http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/, 2011, accessed December 2011.
3. B. Schneier, "Lockheed Martin hack linked to RSA's SecurID breach," http://www.schneier.com/blog/archives/2011/05/lockheed martin.html, 2011, accessed December 2011.
4. C. Whittaker, B. Ryner, and M. Nazif, "Large-scale automatic classification of phishing pages," in NDSS '10, 2010.
5. X. Dong, J. Clark, and J. Jacob, "Modelling user-phishing interaction," in Human System Interactions, 2008 Conference on, may 2008, pp. 627-632.
6. W. D. Yu, S. Nargundkar, and N. Tiruthani, "A phishing vulnerability analysis of web based systems," in Proceedings of the 13th IEEE Symposium on Computers and Communications (ISCC 2008). Marrakech, Morocco: IEEE, July 2008, pp. 326-331.
7. Anti-Phishing Working Group (APWG), "Phishing activity trends report - second half 2010," http://apwg.org/reports/apwg report h2 2010.pdf, 2010, accessed
8. Anti-Phishing Working Group (APWG), "Phishing activity trends report - first half 2011," http://apwg.org/reports/apwg trends report h1 2011.pdf, 2011, accessed December 2011.
9. Anti-Phishing Working Group (APWG), "Phishing activity trends report - second half 2011," http://apwg.org/reports/apwg trends report h2 2011.pdf, 2011, accessed July 2012.
10. B. Schneier, "Details of the RSA hack," http://www.schneier. com/blog/archives/2011/08/details of the.html, 2011, accessed December 2011.
11. P. Kumaraguru, Y. Rhee, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge, "Protecting people from phishing: the design and evaluation of an embedded training email system," in Proceedings of the SIGCHI conference on Human factors in computing systems, ser. CHI '07. New York, NY, USA: ACM, 2007, pp. 905-914. (Pubitemid 47581678)
12. A. Alnajim and M. Munro, "An anti-phishing approach that uses training intervention for phishing websites detection," in Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations. Washington, DC, USA: IEEE Computer Society, 2009, pp. 405-410.
13. S. Gorling, "The Myth of User Education," Proceedings of the 16th Virus Bulletin International Conference, 2006.
14. G. Gaffney, "The myth of the stupid user," http://www. infodesign.com.au/articles/themythofthestupiduser, accessed March 2011.
15. A. Stone, "Natural-language processing for intrusion detection," Computer, vol. 40, no. 12, pp. 103-105, dec. 2007.
16. S. Abu-Nimeh, D. Nappa, X. Wang, and S. Nair, "A comparison of machine learning techniques for phishing detection," in Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, ser. eCrime '07. New York, NY, USA: ACM, 2007, pp. 60-69.
17. C. Yue and H. Wang, "Anti-phishing in offense and defense," in Computer Security Applications Conference, 2008. ACSAC 2008. Annual, 8-12 2008, pp. 345-354.
18. P. Knickerbocker, D. Yu, and J. Li, "Humboldt: A distributed phishing disruption system," in eCrime Researchers Summit, 2009, pp. 1-12.
19. L. James, Phishing Exposed. Syngress Publishing, 2005.
20. J. S. Downs, M. Holbrook, and L. F. Cranor, "Behavioral response to phishing risk," in Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, ser. eCrime '07. New York, NY, USA: ACM, 2007, pp. 37-44.
21. H. Huang, J. Tan, and L. Liu, "Countermeasure techniques for deceptive phishing attack," in International Conference on New Trends in Information and Service Science, 2009. NISS '09, 2009, pp. 636-641.
22. T. Moore and R. Clayton, "Examining the impact of website take-down on phishing," in eCrime '07: Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit. New York, NY, USA: ACM, 2007, pp. 1-13.
23. S. Egelman, L. F. Cranor, and J. Hong, "You've been warned: an empirical study of the effectiveness of web browser phishing warnings," in Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, ser. CHI '08. New York, NY, USA: ACM, 2008, pp. 1065-1074.
24. M. Wu, R. C. Miller, and S. L. Garfinkel, "Do security toolbars actually prevent phishing attacks?" in Proceedings of the SIGCHI conference on Human Factors in computing systems, ser. CHI '06, New York, NY, USA, 2006, pp. 601-610. (Pubitemid 44032148)
25. S. Sheng, B. Wardman, G. Warner, L. F. Cranor, J. Hong, and C. Zhang, "An empirical analysis of phishing blacklists," in Proceedings of the 6th Conference in Email and Anti-Spam, ser. CEAS'09, Mountain view, CA, July 2009.
26. Google, "Google safe browsing API," http://code.google.com/ apis/safebrowsing/, accessed Oct 2011.
27. Google, "Protocolv2Spec," http://code.google.com/p/google- safebrowsing/ wiki/Protocolv2Spec, accessed Oct 2011.
28. P. Prakash, M. Kumar, R. R. Kompella, and M. Gupta, "Phishnet: predictive blacklisting to detect phishing attacks," in INFOCOM'10: Proceedings of the 29th conference on Information communications. Piscataway, NJ, USA: IEEE Press, 2010, pp. 346-350.
29. Y. Cao, W. Han, and Y. Le, "Anti-phishing based on automated individual white-list," in DIM '08: Proceedings of the 4th ACM workshop on Digital identity management. New York, NY, USA: ACM, 2008, pp. 51-60.
30. N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell, "Client-side defense against web-based identity theft," in NDSS. The Internet Society, 2004.
31. T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, "Measuring and Detecting Fast-Flux Service Networks," in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2008.
32. P. Likarish, D. Dunbar, and T. E. Hansen, "Phishguard: A browser plug-in for protection from phishing," in 2nd International Conference on Internet Multimedia Services Architecture and Applications, 2008. IMSAA 2008, 2008, pp. 1-6.
33. D. L. Cook, V. K. Gurbani, and M. Daniluk, "Phishwish: A stateless phishing filter using minimal rules," in Financial Cryptography and Data Security, G. Tsudik, Ed. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 182-186.
34. Y. Zhang, J. I. Hong, and L. F. Cranor, "Cantina: a content-based approach to detecting phishing web sites," in Proceedings of the 16th international conference on World Wide Web, ser. WWW '07. New York, NY, USA: ACM, 2007, pp. 639-648. (Pubitemid 47582293)
35. T. A. Phelps and R. Wilensky, "Robust Hyperlinks and Locations," DLib Magazine, vol. 6, no. 7/8, Jul. 2000.
36. M. Sharifi and S. H. Siadati, "A phishing sites blacklist generator," in Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications, ser. AICCSA '08. Washington, DC, USA: IEEE Computer Society, 2008, pp. 840-843.
37. K.-T. Chen, J.-Y. Chen, C.-R. Huang, and C.-S. Chen, "Fighting phishing with discriminative keypoint features," Internet Computing, IEEE, vol. 13, no. 3, pp. 56-63, may-june 2009.
38. C.-R. Huang, C.-S. Chen, and P.-C. Chung, "Contrast context histograman efficient discriminating local descriptor for object recognition and image matching," Pattern Recogn., vol. 41, pp. 3071-3077, October 2008.
39. M. Hara, A. Yamada, and Y. Miyake, "Visual similarity-based phishing detection without victim site information," in IEEE Symposium on Computational Intelligence in Cyber Security, 2009. CICS '09, 2009, pp. 30-36.
40. G. Liu, B. Qiu, and L. Wenyin, "Automatic detection of phishing target from phishing webpage," in Pattern Recognition (ICPR), 2010 20th International Conference on, aug. 2010, pp. 4153-4156.
41. H. Kim and J. Huh, "Detecting dns-poisoning-based phishing attacks from their network performance characteristics," Electronics Letters, vol. 47, no. 11, pp. 656-658, 26 2011.
42. H. Zhang, G. Liu, T. Chow, and W. Liu, "Textual and visual contentbased anti-phishing: A bayesian approach," IEEE Transactions on Neural Networks, vol. 22, no. 10, pp. 1532-1546, oct. 2011.
43. A. Y. Fu, L. Wenyin, and X. Deng, "Detecting phishing web pages with visual similarity assessment based on earth mover's distance (emd)," IEEE Trans. Dependable Secur. Comput., vol. 3, no. 4, pp. 301-311, Oct. 2006. (Pubitemid 44837033)
44. L. Ma, B. Ofoghi, P. Watters, and S. Brown, "Detecting phishing emails using hybrid features," in Proceedings of the 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, ser. UIC-ATC '09. Washington, DC, USA: IEEE Computer Society, 2009, pp. 493-497.
45. P. Likarish, D. Dunbar, and T. E. Hansen, "B-apt: Bayesian anti-phishing toolbar," in IEEE International Conference on Communications, 2008. ICC '08, 2008, pp. 1745-1749.
46. A. Bergholz, J. De Beer, S. Glahn, M.-F. Moens, G. Paaß, and S. Strobel, "New filtering approaches for phishing email," J. Comput. Secur., vol. 18, pp. 7-35, January 2010.
47. F. Toolan and J. Carthy, "Phishing detection using classifier ensembles," in eCrime Researchers Summit, 2009. eCRIME '09., 20 2009-oct. 21 2009, pp. 1-9.
48. "How to recognize phishing email messages or links," http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx, accessed March 2011.
49. "How not to get hooked by a phishing scam," http://www.onguardonline.gov/topics/phishing.aspx, accessed March 2011.
50. "Avoiding getting hooked by phishers," http://www.fraud.org/ tips/internet/phishing.htm, accessed March 2011.
51. S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge, "Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish," in Proceedings of the 3rd symposium on Usable privacy and security, ser. SOUPS '07. New York, NY, USA: ACM, 2007, pp. 88-99. (Pubitemid 350229382)
52. C. V. Zhou, C. Leckie, S. Karunasekera, and T. Peng, "A self-healing, self-protecting collaborative intrusion detection architecture to traceback fast-flux phishing domains," in NOMS Workshops 2008. IEEE Network Operations and Management Symposium Workshops, 2008, 2008, pp. 321-327.
53. L. Cranor, S. Egelman, J. Hong, and Y. Zhang, "Phinding phish: An evaluation of anti-phishing toolbars," www.cylab.cmu.edu/files/ cmucylab06018.pdf, 2006, accessed Oct 2011.
54. W. D. Yu, S. Nargundkar, and N. Tiruthani, "Phishcatch-a phishing detection tool," in 33rd Annual IEEE International on Computer Software and Applications Conference, 2009. COMPSAC '09, 2009, pp. 451-456.