Obtaining the threat model for e-mail phishing

Phishing is a kind of embezzlement that uses social engineering in order to obtain personal information from its victims, aiming to cause losses. In the technical literature only the hit rate of the classifiers is mentioned to justify the effectiveness of the phishing detecting techniques. Aspects such as the accuracy of the classifier results (false positive rate), computational effort and the number of features used for phishing detection are rarely taken into account. In this work we propose a technique that yields the minimum set of relevant features providing reliability, good performance and flexibility to the phishing detection engine. The experimental results reported in this work show that the proposed technique could be used to optimize the detection engine of the anti-phishing scheme.

[1]  Khalil El-Khatib,et al.  Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[2]  Katja Hose,et al.  Partout: a distributed engine for efficient RDF processing , 2012, WWW.

[3]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[4]  Russell Greiner,et al.  PALO: A Probabilistic Hill-Climbing Algorithm , 1996, Artif. Intell..

[5]  Farid Melgani,et al.  Toward an Optimal SVM Classification System for Hyperspectral Remote Sensing Images , 2006, IEEE Transactions on Geoscience and Remote Sensing.

[6]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[7]  Vijay K. Gurbani,et al.  Phishwish: A Stateless Phishing Filter Using Minimal Rules , 2008, Financial Cryptography.

[8]  Cheng-Lung Huang,et al.  A distributed PSO-SVM hybrid system with feature selection and parameter optimization , 2008, Appl. Soft Comput..

[9]  Mineichi Kudo,et al.  Comparison of algorithms that select features for pattern classifiers , 2000, Pattern Recognit..

[10]  Andrew H. Sung,et al.  Detection of Phishing Attacks: A Machine Learning Approach , 2008, Soft Computing Applications in Industry.

[11]  Amir Herzberg,et al.  DNS-based email sender authentication mechanisms: A critical review , 2009, Comput. Secur..

[12]  Musa A. Mammadov,et al.  Profiling Phishing Emails Based on Hyperlink Information , 2010, 2010 International Conference on Advances in Social Networks Analysis and Mining.

[13]  Kiran Lakkaraju,et al.  A taxonomy and adversarial model for attacks against network log anonymization , 2009, SAC '09.

[14]  Sung Deok Cha,et al.  Empirical evaluation of SVM-based masquerade detection using UNIX commands , 2005, Comput. Secur..

[15]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[16]  Sunghun Kim,et al.  Reducing Features to Improve Bug Prediction , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[17]  Greg Aaron The state of phishing , 2010 .

[18]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[19]  El-Sayed M. El-Alfy,et al.  Using GMDH-based networks for improved spam detection and email feature analysis , 2011, Appl. Soft Comput..

[20]  Robert P. W. Duin,et al.  Variance estimation for two-class and multi-class ROC analysis using operating point averaging , 2008, 2008 19th International Conference on Pattern Recognition.

[21]  Norman M. Sadeh,et al.  Learning to detect phishing emails , 2007, WWW '07.

[22]  Chuanxiong Guo,et al.  Online Detection and Prevention of Phishing Attacks , 2006, 2006 First International Conference on Communications and Networking in China.

[23]  Gwi-Tae Park,et al.  Performance Comparison Between Backpropagation, Neuro-Fuzzy Network, and SVM , 2006, CSR.

[24]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.