Phishing URL Detection: A Network-based Approach Robust to Evasion
Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There have been proposed several machine learning methods to detect phishing URLs. However, it still remains under-explored to detect phishing...
Saved in:
| Published in | arXiv.org |
|---|---|
| Main Authors | , , , |
| Format | Paper |
| Language | English |
| Published |
Ithaca
Cornell University Library, arXiv.org
03.09.2022
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There have been proposed several machine learning methods to detect phishing URLs. However, it still remains under-explored to detect phishing URLs with evasion, i.e., phishing URLs that pretend to be benign by manipulating patterns. In many cases, the attacker i) reuses prepared phishing web pages because making a completely brand-new set costs non-trivial expenses, ii) prefers hosting companies that do not require private information and are cheaper than others, iii) prefers shared hosting for cost efficiency, and iv) sometimes uses benign domains, IP addresses, and URL string patterns to evade existing detection methods. Inspired by those behavioral characteristics, we present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns, i.e., robust to evasion. In the network approach, a phishing URL will be still identified as phishy even after evasion unless a majority of its neighbors in the network are evaded at the same time. Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods, e.g., F-1 of 0.89 for our method vs. 0.84 for the best feature-based method. |
|---|---|
| AbstractList | Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There have been proposed several machine learning methods to detect phishing URLs. However, it still remains under-explored to detect phishing URLs with evasion, i.e., phishing URLs that pretend to be benign by manipulating patterns. In many cases, the attacker i) reuses prepared phishing web pages because making a completely brand-new set costs non-trivial expenses, ii) prefers hosting companies that do not require private information and are cheaper than others, iii) prefers shared hosting for cost efficiency, and iv) sometimes uses benign domains, IP addresses, and URL string patterns to evade existing detection methods. Inspired by those behavioral characteristics, we present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns, i.e., robust to evasion. In the network approach, a phishing URL will be still identified as phishy even after evasion unless a majority of its neighbors in the network are evaded at the same time. Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods, e.g., F-1 of 0.89 for our method vs. 0.84 for the best feature-based method. |
| Author | Taeri Kim Kim, Sang-Wook Park, Noseong Hong, Jiwon |
| Author_xml | – sequence: 1 fullname: Taeri Kim – sequence: 2 givenname: Noseong surname: Park fullname: Park, Noseong – sequence: 3 givenname: Jiwon surname: Hong fullname: Hong, Jiwon – sequence: 4 givenname: Sang-Wook surname: Kim fullname: Kim, Sang-Wook |
| BookMark | eNqNi8sKgkAUQIcoyMp_uNBamEdmtLMXLSJCai2j3VKLGfOO9fu56ANancU5Z8T6xhrsMU8qJYLFTMoh84kqzrmcRzIMlcdWp6KkojR3uCQH2KDD3JXWLCGGI7qPbR5BpgmvENd1Y3VeQGKzlhw4C9u3pq6dsMFNPwn9H8dsutue1_ugG14tkksr2zamU6mMhBA8FEqq_6ovg_06dQ |
| ContentType | Paper |
| Copyright | 2022. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| Copyright_xml | – notice: 2022. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. |
| DBID | 8FE 8FG ABJCF ABUWG AFKRA AZQEC BENPR BGLVJ CCPQU DWQXO HCIFZ L6V M7S PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
| DatabaseName | ProQuest SciTech Collection ProQuest Technology Collection Materials Science & Engineering Collection ProQuest Central (Alumni) ProQuest Central ProQuest Central Essentials ProQuest Central Technology Collection ProQuest One Community College ProQuest Central SciTech Premium Collection (Proquest) (PQ_SDU_P3) ProQuest Engineering Collection ProQuest Engineering Database Publicly Available Content Database ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Academic ProQuest One Academic UKI Edition ProQuest Central China Engineering Collection |
| DatabaseTitle | Publicly Available Content Database Engineering Database Technology Collection ProQuest Central Essentials ProQuest One Academic Eastern Edition ProQuest Central (Alumni Edition) SciTech Premium Collection ProQuest One Community College ProQuest Technology Collection ProQuest SciTech Collection ProQuest Central China ProQuest Central ProQuest Engineering Collection ProQuest One Academic UKI Edition ProQuest Central Korea Materials Science & Engineering Collection ProQuest One Academic Engineering Collection |
| DatabaseTitleList | Publicly Available Content Database |
| Database_xml | – sequence: 1 dbid: 8FG name: ProQuest Technology Collection url: https://search.proquest.com/technologycollection1 sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Physics |
| EISSN | 2331-8422 |
| Genre | Working Paper/Pre-Print |
| GroupedDBID | 8FE 8FG ABJCF ABUWG AFKRA ALMA_UNASSIGNED_HOLDINGS AZQEC BENPR BGLVJ CCPQU DWQXO FRJ HCIFZ L6V M7S M~E PIMPY PQEST PQQKQ PQUKI PRINS PTHSS |
| ID | FETCH-proquest_journals_27111051323 |
| IEDL.DBID | BENPR |
| IngestDate | Thu Oct 10 15:59:50 EDT 2024 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-proquest_journals_27111051323 |
| OpenAccessLink | https://www.proquest.com/docview/2711105132?pq-origsite=%requestingapplication% |
| PQID | 2711105132 |
| PQPubID | 2050157 |
| ParticipantIDs | proquest_journals_2711105132 |
| PublicationCentury | 2000 |
| PublicationDate | 20220903 |
| PublicationDateYYYYMMDD | 2022-09-03 |
| PublicationDate_xml | – month: 09 year: 2022 text: 20220903 day: 03 |
| PublicationDecade | 2020 |
| PublicationPlace | Ithaca |
| PublicationPlace_xml | – name: Ithaca |
| PublicationTitle | arXiv.org |
| PublicationYear | 2022 |
| Publisher | Cornell University Library, arXiv.org |
| Publisher_xml | – name: Cornell University Library, arXiv.org |
| SSID | ssj0002672553 |
| Score | 3.4167373 |
| SecondaryResourceType | preprint |
| Snippet | Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There... |
| SourceID | proquest |
| SourceType | Aggregation Database |
| SubjectTerms | Cybercrime Machine learning Phishing Robustness URLs Websites |
| Title | Phishing URL Detection: A Network-based Approach Robust to Evasion |
| URI | https://www.proquest.com/docview/2711105132 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3NS8MwFH-4FsHb_MKPOQJ6DY6kTauXsWnrEFdKcbDbaNqAp3Vbs6t_uy9ZpgdhxxBIyON9_t6PF4CHgTJZK6soj8OABkxV9MlMoK0jVUqBGaqwHdNpJiaz4H0ezh3g1jpa5d4nWkddN5XByB9ZhFaJGsTZcLWm5tco0111X2h0wGdYKQw88MdJlhe_KAsTEebM_J-jtdEj7YKflyu1OYUjtTyDY0u6rNpzGOdfOwSIzIoP8qq0pUUtn8mIZDt2NjVBpiYjN_ibFI3ctprohmAGbHCuC7hPk8-XCd1fvHDK0S7-nsIvwcMqX10BkRyLgxAFVMciQNOPS4m1m7Rtr0hW8hp6h066Obx9CyfM8PZNJ4T3wNObrbrDaKplHzpx-tZ3gsPV9Dv5AfGJfXE |
| link.rule.ids | 783,787,12777,21400,33385,33756,43612,43817 |
| linkProvider | ProQuest |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LSwMxEB60RezNJ1qrBvQalGQ3u3qR-lhX3S6ltNDbsskGeurWbvr_naSpHoSeAwkZJvP45ssMwO29tlErU5THYUADphV9sB1oq0iXUmCEKlzFdJCLdBJ8TsOpB9waT6vc2ERnqKtaWYz8jkX4KlGDOHtafFM7NcpWV_0IjV1oBxx9tf0pnrz_YixMRBgx839m1vmO5ADaw3Khl4ewo-dHsOcol6o5hufhbI3_kMkoI6_aOFLU_JH0Sb7mZlPrYirS922_yaiWq8YQUxOMfy3KdQI3ydv4JaWbgwuvGk3xdxF-Ci3M8fUZEMkxNQhRPFUsAnz4cSkxc5Ou6BVJJc-ht22n7vbla9hPx4OsyD7yrwvoMMvgtzUR3oOWWa70JfpVI6-c8H4A73985Q |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Phishing+URL+Detection%3A+A+Network-based+Approach+Robust+to+Evasion&rft.jtitle=arXiv.org&rft.au=Taeri+Kim&rft.au=Park%2C+Noseong&rft.au=Hong%2C+Jiwon&rft.au=Kim%2C+Sang-Wook&rft.date=2022-09-03&rft.pub=Cornell+University+Library%2C+arXiv.org&rft.eissn=2331-8422 |