A Hybrid Approach to Detect Zero Day Phishing Websites
نویسندگان
چکیده
Phishing is a significant problem that tricks unsuspecting users into revealing private information involving fraudulent email and websites. This causes tremendous economic loss every year. In this paper, we proposed a novel hybrid phish detection method based on phishing blacklists and phishing properties. We used some fresh phish from PhishTank that were recently added to test that it can be detected by blacklist or not. We found that 70 % of the phishing websites in our dataset lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at zero hour. Another check used in this approach is phishing characteristics. Phishing characteristics are properties occur in phishing websites. It caught significantly more phish at zero hour than those using only blacklists. Finally we tested this approach on a set of legitimate URLs for false positives, and did not find any mislabeling.
منابع مشابه
Phishing Dynamic Evolving Neural Fuzzy Framework for Online Detection Zero-day Phishing Email
Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick financial organization and customers. Criminals try to lure online users by convincing them to reveal the username, passwords, credit card number and updating account information or fill billing information. One of the main problems of phishing email detection is the unknown “zero-day” phishing ...
متن کاملTrustworthiness testing of phishing websites: A behavior model-based approach
Phishing attacks allure website users to visit fake web pages and provide their personal information. However, testing of phishing websites is challenging. Unlike traditional web-based program testing, we do not know the response of form submissions in advance. There exists lack of efforts to help anti-phishing professionals who manually verify a reported phishing site and take further actions....
متن کاملPhishing Websites Classification using Hybrid SVM and KNN Approach
Phishing is a potential web threat that includes mimicking official websites to trick users by stealing their important information such as username and password related to financial systems. The attackers use social engineering techniques like email, SMS and malware to fraud the users. Due to the potential financial losses caused by phishing, it is essential to find effective approaches for ph...
متن کاملDetecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning
The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...
متن کاملLearning to Detect Phishing Webpages
Phishing has become a lucrative business for cyber criminals whose victims range from end users to large corporations and government organizations. Though Internet users are generally becoming more aware of phishing websites, cyber scammers come up with novel schemes that circumvent phishing filters and often succeed in fooling even savvy users. Recent studies to detect phishing and malicious w...
متن کامل