Heuristic-based Approach for Phishing Site Detection Using URL Features

Damage caused by phishing attacks that target personal user information is increasing. Phishing involves sending an email to a user or inducing a phishing page to steal a user’s personal information. This type of attack can be detected by blacklist-based detection techniques; however, these methods have some disadvantages and the numbers of victims have therefore continued to increase. In this paper, we propose a heuristic-based phishing detection technique that uses uniform resource locator (URL) features. We identified features that phishing site URLs contain. The proposed method employs those features for phishing detection. The technique was evaluated with a dataset of 3,000 phishing site URLs and 3,000 legitimate site URLs. The results demonstrate that the proposed technique can detect more than 98.23% of phishing sites. Keywords—phishing sites, URL-based features, heuristic, machine learning

[1]  Suku Nair,et al.  A comparison of machine learning techniques for phishing detection , 2007, eCrime '07.

[2]  Weili Han,et al.  Anti-phishing based on automated individual white-list , 2008, DIM '08.

[3]  Youssef Iraqi,et al.  Phishing Detection: A Literature Survey , 2013, IEEE Communications Surveys & Tutorials.

[4]  Junshan Tan,et al.  Countermeasure Techniques for Deceptive Phishing Attack , 2009, 2009 International Conference on New Trends in Information and Service Science.

[5]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[6]  Wei-Hong Wang,et al.  A Static Malicious Javascript Detection Using SVM , 2013 .

[7]  Tsuhan Chen,et al.  Malicious web content detection by machine learning , 2010, Expert Syst. Appl..

[8]  Kevin Joshua Abela AN AUTOMATED MALWARE DETECTION SYSTEM FOR ANDROID USING BEHAVIOR-BASED ANALYSIS AMDA , 2013 .

[9]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.

[10]  Jun Ho Huh,et al.  Phishing Detection with Popular Search Engines: Simple and Effective , 2011, FPS.

[11]  T. L. McCluskey,et al.  Intelligent rule-based phishing websites classification , 2014, IET Inf. Secur..

[12]  Sri Ramakrishna,et al.  FEATURE SELECTION METHODS AND ALGORITHMS , 2011 .

[13]  Ba Lam To,et al.  A novel approach for phishing detection using URL-based heuristic , 2014, 2014 International Conference on Computing, Management and Telecommunications (ComManTel).

[14]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[15]  Firdous Kausar,et al.  Hybrid Client Side Phishing Websites Detection Approach , 2014 .

[16]  A. Sardana,et al.  A PageRank based detection technique for phishing web sites , 2012, 2012 IEEE Symposium on Computers & Informatics (ISCI).