Litcius/Paper detail

Phishing URL Detection

Taeri Kim, Noseong Park, Jiwon Hong, Sang‐Wook Kim

2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security26 citationsDOI

Abstract

Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There have been proposed several machine learning methods to detect phishing URLs. However, it still remains under-explored to detect phishing URLs with evasion, i.e., phishing URLs that pretend to be benign by manipulating patterns. In many cases, the attacker i) reuses prepared phishing web pages because making a completely brand-new set costs non-trivial expenses, ii) prefers hosting companies that do not require private information and are cheaper than others, iii) prefers shared hosting for cost efficiency, and iv) sometimes uses benign domains, IP addresses, and URL string patterns to evade existing detection methods. Inspired by those behavioral characteristics, we present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns, i.e., robust to evasion. In the network approach, a phishing URL will be still identified as phishy even after evasion unless a majority of its neighbors in the network are evaded at the same time. Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods, e.g., F-1 of 0.891 for our method vs. 0.840 for the best feature-based method.

Topics & Concepts

PhishingComputer scienceEvasion (ethics)Private information retrievalComputer securityBlacklistingWorld Wide WebThe InternetImmune systemBiologyImmunologySpam and Phishing DetectionInternet Traffic Analysis and Secure E-votingAdvanced Malware Detection Techniques