Phish storm: Detecting phishing with streaming analytics

IEEE Transactions on Network and Service Management

Volumn 11, Issue 4, 2014, Pages 458-471

  Marchal, Samuel ^a   Francois, Jerome ^b   State, Radu ^a   Engel, Thomas ^a  

^a UNIVERSITY OF LUXEMBOURG   (Luxembourg)

^b INRIA   (France)

Author keywords

Big Data; Machine Learning; Mining and Statistical Methods; Phishing Detection; Search Engine Query Data; Security Management; STORM; URL Rating; Word Relatedness

Indexed keywords

ARTIFICIAL INTELLIGENCE; BIG DATA; CLASSIFICATION (OF INFORMATION); COMPUTER CRIME; DATA STRUCTURES; FILTRATION; HTTP; INTERNET; LEARNING SYSTEMS; STORMS;

CLASSIFICATION RATES; EFFICIENT IMPLEMENTATION; EXPERIMENTAL EVIDENCE; PHISHING DETECTIONS; PREVENTION TECHNIQUES; QUERY DATUM; SECURITY MANAGEMENT; WORD RELATEDNESS;

SEARCH ENGINES;

EID: 84919932072     PISSN: 19324537     EISSN: None     Source Type: Journal    
DOI: 10.1109/TNSM.2014.2377295     Document Type: Article

References (48)

1. "Gartner Survey Shows Phishing Attacks Escalated in 2007, " Gartner Research, Stamford, CT, USA, Tech. Rep., 2007.
2. "2010 Identity Fraud Survey Report, " Javelin Strategy & Research, Pleasanton, CA, USA, Tech. Rep., 2010.
3. P. J. Nero, B. Wardman, H. Copes, and G. Warner, "Phishing: Crime that pays, " in Proc. eCrime, 2011, pp. 1-10.
4. "Global phishing survey: Trends and domain name use, " Anti-Phishing Working Group, Lexington, MA, USA, Tech. Rep. 1H2014, 2014.
5. "SSAC advisory on fast flux hosting and DNS, " ICANN Security and Stability Advisory Committee, Los Angeles, CA, USA, Tech. Rep. SAC 025, 2008.
6. "Phishing Activity Trends Report, " Anti-Phishing Working Group, Lexington, MA, USA, Tech. Rep. 2nd Quarter 2014, 2014.
7. K. W. Church and P. Hanks, "Word association norms, mutual information, and lexicography, " Comput. Linguistics, vol. 16, no. 1, pp. 22-29, Mar. 1990.
8. R. L. Cilibrasi and P. M. Vitanyi, "The Google similarity distance, " Trans. Knowl. Data Eng., vol. 19, no. 3, pp. 370-383, Mar. 2007.
9. P. Kolb, "Disco: A multilingual database of distributionally similar words, " in Proc. KONVENS, 2008, pp. 33-44.
10. G. A. Miller, "WordNet: A lexical database for English, " Commun. ACM, vol. 38, no. 11, pp. 39-41, Nov. 1995.
11. S. Marchal, J. François, R. State, and T. Engel, "PhishScore: Hacking phishers' minds, " in Proc. 10th Int. CNSM, 2014, pp. 46-54.
12. P. Mockapetris, RFC 1034: Domain Names-Concepts and Facilities 1987.
13. P. Mockapetris, RFC 1035: Domain Names-Implementation and Specification 1987.
14. P. Mockapetris and K. Dunlap, "Development of the domain name system, " in Proc. ACM SIGCOMM, 1988, pp. 123-133.
15. S. Garera, N. Provos, M. Chew, and A. D. Rubin, "A framework for detection and measurement of phishing attacks, " in Proc. ACM Workshop Recurring Malcode, 2007, pp. 1-8.
16. T. Segaran and J. Hammerbacher, Beautiful Data: The Stories Behind Elegant Data Solutions. Sebastopol, CA, USA: O'Reilly Media, 2009.
17. S. Marchal, J. François, R. State, and T. Engel, "Proactive discovery of phishing related domain names, " in Research in Attacks, Intrusions, and Defenses. New York, NY, USA: Springer-Verlag, 2012, pp. 190-209.
18. T. K. Landauer and S. T. Dumais, "A solution to Plato's problem: The latent semantic analysis theory of acquisition, induction, and representation of knowledge, " Psychological Rev., vol. 104, no. 2, pp. 211-240, Apr. 1997.
19. P. Turney, "Mining the web for synonyms: PMI-IR versus LSA on TOEFL, " in Proc. 12th Eur. Conf. Mach. Learn., 2001, pp. 491-502, Springer.
20. B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors, " Commun. ACM, vol. 13, no. 7, pp. 422-426, Jul. 1970.
21. L. Michael, W. Nejdl, O. Papapetrou, and W. Siberski, "Improving distributed join efficiency with extended bloom filter operations, " in Proc. 21st Int. Conf. Adv. Inf. Netw. Appl., 2007, pp. 187-194.
22. M. Khonji, Y. Iraqi, and A. Jones, "Lexical URL analysis for discriminating phishing and legitimate e-mail messages, " in Proc. ICITST, 2011, pp. 422-427.
23. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, "Identifying suspicious URLs: An application of large-scale online learning, " in Proc. 26th Annu. Int. Conf. Mach. Learn., 2009, pp. 681-688, ACM.
24. A. Le, A. Markopoulou, and M. Faloutsos, "PhishDef: URL names say it all, " in Proc. IEEE INFOCOM, 2011, pp. 191-195.
25. P. Prakash, M. Kumar, R. Kompella, and M. Gupta, "PhishNet: Predictive blacklisting to detect phishing attacks, " in Proc. IEEE INFOCOM, 2010, pp. 1-5.
26. G. Forman and M. Scholz, "Apples-to-apples in cross-validation studies: Pitfalls in classifier performance measurement, " SIGKDD Exploration Newslett., vol. 12, no. 1, pp. 49-57, Jun. 2010.
27. M. Hall et al., "The WEKA data mining software: An update, " ACM SIGKDD Explorations Newslett., vol. 11, no. 1, pp. 10-18, Jun. 2009.
28. L. Breiman, "Random forests, " Mach. Learn., vol. 45, no. 1, pp. 5-32, Oct. 2001.
29. S. Yadav, A. K. K. Reddy, A. N. Reddy, and S. Ranjan, "Detecting algorithmically generated domain-flux attacks with DNS traffic analysis, " IEEE/ACM Trans. Netw., vol. 20, no. 5, pp. 1663-1677, Oct. 2012.
30. T.-C. Chen, S. Dick, and J. Miller, "Detecting visually similar web pages: Application to phishing detection, " ACM Trans. Internet Technol., vol. 10, no. 2, pp. 1-38, May 2010.
31. E. Medvet, E. Kirda, and C. Kruegel, "Visual-similarity-based phishing detection, " in Proc. 4th Int. Conf. Security Privacy Commun. Netw., 2008, pp. 1-6, ACM.
32. G. Xiang and J. I. Hong, "A hybrid phish detection approach by identity discovery and keywords retrieval, " in Proc. 18th Int. Conf. World Wide We b, 2009, pp. 571-580, ACM.
33. Y. Zhang, J. I. Hong, and L. F. Cranor, "Cantina: A content-based approach to detecting phishing web sites, " in Proc. 16th Int. Conf. World Wide Web, 2007, pp. 639-648, ACM.
34. T.-C. Chen, T. Stepan, S. Dick, and J. Miller, "An anti-phishing system employing diffused information, " ACM Trans. Inf. Syst. Security, vol. 16, no. 4, pp. 1-31, Apr. 2014.
35. M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, "Building a dynamic reputation system for DNS, " in Proc. 19th Usenix Security Symp., 2010, pp. 18-18.
36. L. Bilge, S. Sen, D. Balzarotti, E. Kirda, and C. Kruegel, "Exposure: A passive DNS analysis service to detect and report malicious domains, " vol. 16, no. 4, pp. 1-28, Apr. 2014.
37. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, "Beyond blacklists: Learning to detect malicious web sites from suspicious URLs, " in Proc. 15th ACM SIGKDD Int. Conf. Knowl. Discovery Data Mining, 2009, pp. 1245-1254, ACM.
38. J. Zhang, P. Porras, and J. Ullrich, "Highly predictive blacklisting, " in Proc. 17th Conf. Security Symp., 2008, pp. 107-122, USENIX Association.
39. P. Barraclough, G. Sexton, M. Hossain, and N. Aslam, "Intelligent phish-ing detection parameter framework for e-banking transactions based on neuro-fuzzy, " in Proc. SAI, 2014, pp. 545-555.
40. J. Zhang et al., "Parsing and detecting phishing pages based on semantic understanding of text, " J. Inf. & Comput. Sci., vol. 9, no. 6, pp. 1521-1534, 2012.
41. V. Ramanathan and H. Wechsler, "phishGILLNET phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training, " EURASIP J. Multimedia Inf. Security, vol. 2012, no. 1, pp. 1-22, Mar. 2012.
42. S. Marchal, J. François, R. State, and T. Engel, "Semantic based DNS forensics, " in Proc. IEEE Int. WIFS, 2012, pp. 91-96.
43. L. Cao, T. Probst, and R. Kompella, "PhishLive: A view of phishing and malware attacks from an edge router, " in Proc. 14th Int. Conf. Passive Active Meas.-PAM, 2013, pp. 239-249, Springer-Verlag.
44. B. Braun, M. Johns, J. Koestler, and J. Posegga, "PhishSafe: Leveraging modern JavaScript API's for transparent and robust protection, " in Proc. 4th ACM Conf. Data Appl. Security Privacy-CODASPY, 2014, pp. 61-72, ACM.
45. N. Spirin and J. Han, "Survey on web spam detection: Principles and algorithms, " SIGKDD Exploration Newslett., vol. 13, no. 2, pp. 50-64, Dec. 2012.
46. J. Rech, ACM SIGSOFT Softw. Eng. Notes, vol. 32, no. 2, pp. 1-2, Mar. 2007.
47. J. Ginsberg et al., "Detecting influenza epidemics using search engine query data, " Nature, vol. 457, no. 7232, pp. 1012-1014, 2008.
48. H. Liu, J. He, Y. Gu, H. Xiong, and X. Du, "Detecting and tracking topics and events from web search logs, " ACM Trans. Inf. Syst., vol. 30, no. 4, pp. 21:1-21:29, Nov. 2012.