Abstract
Phishing attacks use social engineering and some technical tricks to obtain users’ personal identity data, account credentials and details of your bank cards to impersonate users on the network. Organizations are not immune to these attacks, so they should implement an orderly phishing detection plan, with the aim of reducing risks from direct exposure. Phishing is perpetrated in various telematic services such as email, web, social networks and instant messaging, among others. This paper brings an updated study of the main existing mechanisms for the detection of phishing. Additionally, the most effective solutions in the literature will be highlighted, matching solutions for different services will be identified and the most effective solutions will be featured, with the aim of applying these approaches in future integrated solutions for the detection of phishing attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec: Internet Security Threat Report 2019 (2019)
Sumner, A., Yuan, X.: Mitigating phishing attacks: an overview. In: Proceedings of the 2019 ACM Southeast Conference, Kennesaw, GA, USA, pp. 72–77. ACM (2019)
Yassein, M.B., Aljawarneh, S., Wahsheh, Y.A.: Survey of online social networks threats and solutions. In: 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT), pp. 375–380 (2019)
Balim, C., Gunal, E.S.: Automatic detection of smishing attacks by machine learning methods. In: 2019 1st International Informatics and Software Engineering Conference (UBMYK), pp. 1–3 (2019)
Moul, K.A.: Avoid phishing traps. In: Proceedings of the 2019 ACM SIGUCCS Annual Conference, New Orleans, LA, USA, pp. 199–208. ACM (2019)
Chorghe, S.P., Shekokar, N.: A survey on anti-phishing techniques in mobile phones. In: 2016 International Conference on Inventive Computation Technologies (ICICT), pp. 1–5 (2016)
APWG: Phishing Activity Trends Report - 1st Quarter 2020, San Francisco, USA (2020)
APWG: Phishing Activity Trends Report - 2015–2019, San Francisco, USA (2019)
Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., Raghimi, O.: ENISA Threat Landscape Report 2018: 15 Top Cyberthreats and Trends, vol. 10 (2019)
Qabajeh, I., Thabtah, F., Chiclana, F.: A recent review of conventional vs. automated cybersecurity anti-phishing techniques. Comput. Sci. Rev. 29, 44–55 (2018). https://doi.org/10.1016/j.cosrev.2018.05.003
Althobaiti, K., Rummani, G., Vaniea, K.: A review of human- and computer-facing URL phishing features. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 182–191 (2019)
Tyagi, I., Shad, J., Sharma, S., Gaur, S., Kaur, G.: A novel machine learning approach to detect phishing websites. In: 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN), pp. 425–430 (2018)
Bikov, T.D., Iliev, T.B., Mihaylov, G.Y., Stoyanov, I.S.: Phishing in depth – modern methods of detection and risk mitigation. In: 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 447–450 (2019)
Marchal, S., Saari, K., Singh, N., Asokan, N.: Know your phish: novel techniques for detecting phishing sites and their targets. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 323–333 (2016)
Bell, S., Komisarczuk, P.: An analysis of phishing blacklists: Google safe browsing, OpenPhish, and PhishTank. In: Proceedings of the Australasian Computer Science Week Multiconference, Melbourne, VIC, Australia, p. 11. ACM (2020)
Pham, C., Nguyen, L.A.T., Tran, N.H., Huh, E., Hong, C.S.: Phishing-aware: a neuro-fuzzy approach for anti-phishing on fog networks. IEEE Trans. Netw. Service Manag. 15(3), 1076–1089 (2018). https://doi.org/10.1109/TNSM.2018.2831197
Nathezhtha, T., Sangeetha, D., Vaidehi, V.: WC-PAD: web crawling based phishing attack detection. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2019)
Zuraiq, A.A., Alkasassbeh, M.: Review: phishing detection approaches. In: 2019 2nd International Conference on new Trends in Computing Sciences (ICTCS), pp. 1–6 (2019)
Dou, Z., Khalil, I., Khreishah, A., Al-Fuqaha, A., Guizani, M.: Systematization of knowledge (SoK): a systematic review of software-based web phishing detection. IEEE Commun. Surv. Tutor. 19(4), 2797–2819 (2017). https://doi.org/10.1109/COMST.2017.2752087
Cuzzocrea, A., Martinelli, F., Mercaldo, F.: A machine-learning framework for supporting intelligent web-phishing detection and analysis. In: Proceedings of the 23rd International Database Applications & Engineering Symposium, Athens, Greece, pp. 1–3. ACM (2019)
Latif, R.M.A., Umer, M., Tariq, T., Farhan, M., Rizwan, O., Ali, G.: A smart methodology for analyzing secure e-banking and e-commerce websites. In: 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 589–596 (2019)
Sharma, H., Meenakshi, E., Bhatia, S.K.: A comparative analysis and awareness survey of phishing detection tools. In: 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 1437–1442 (2017)
Vrbančič, G., Fister, I., Podgorelec, V.: Swarm intelligence approaches for parameter setting of deep learning neural network: case study on phishing websites classification. In: Proceedings of the 8th International Conference on Web Intelligence, Mining and Semantics, Novi Sad, Serbia, pp. 1–8. ACM (2018)
Haruta, S., Asahina, H., Sasase, I.: Visual similarity-based phishing detection scheme using image and CSS with target website finder. In: GLOBECOM 2017 - 2017 IEEE Global Communications Conference, pp. 1–6 (2017)
Oest, A., Safaei, Y., Doupé, A., Ahn, G., Wardman, B., Tyers, K.: PhishFarm: a scalable framework for measuring the effectiveness of evasion techniques against browser phishing blacklists. In: 2019 IEEE Symposium on Security and Privacy, pp. 1344–1361 (2019)
Shyni, C.E., Sundar, A.D., Ebby, G.S.E.: Phishing detection in websites using parse tree validation. In: 2018 Recent Advances on Engineering, Technology and Computational Sciences (RAETCS), pp. 1–4 (2018)
Park, A.J., Quadari, R.N., Tsang, H.H.: Phishing website detection framework through web scraping and data mining. In: 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pp. 680–684 (2017)
Wang, Y., Duncan, I.: a novel method to prevent phishing by using OCR technology. In: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–5 (2019)
Patil, P., Rane, R., Bhalekar, M.: Detecting spam and phishing mails using SVM and obfuscation URL detection algorithm. In: 2017 International Conference on Inventive Systems and Control (ICISC), pp. 1–4 (2017)
Alswailem, A., Alabdullah, B., Alrumayh, N., Alsedrani, A.: Detecting phishing websites using machine learning. In: 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), pp. 1–6 (2019)
Barraclough, P., Sexton, G.: Phishing website detection fuzzy system modelling. In: 2015 Science and Information Conference (SAI), pp. 1384–1386 (2015)
Geng, G., Yan, Z., Lee, J., Jin, X., Liu, D.: An efficient antiphishing method to secure econsume. IEEE Consum. Electron. Mag. 8(6), 42–46 (2019). https://doi.org/10.1109/MCE.2019.2928585
Abdelhamid, N., Thabtah, F., Abdel-Jaber, H.: Phishing detection: a recent intelligent machine learning comparison based on models content and features. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 72–77 (2017)
Yadollahi, M.M., Shoeleh, F., Serkani, E., Madani, A., Gharaee, H.: An adaptive machine learning based approach for phishing detection using hybrid features. In: 2019 5th International Conference on Web Research (ICWR), pp. 281–286 (2019)
Adebowale, M.A., Lwin, K.T., Hossain, M.A.: Deep learning with convolutional neural network and long short-term memory for phishing detection. In: 2019 13th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), pp. 1–8 (2019)
Zhu, E., Chen, Y., Ye, C., Li, X., Liu, F.: OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access 7, 73271–73284 (2019). https://doi.org/10.1109/ACCESS.2019.2920655
AlEroud, A., Karabatis, G.: Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks. In: Proceedings of the Sixth International Workshop on Security and Privacy Analytics, New Orleans, USA, pp. 53–60. ACM (2020)
Huang, Y., Yang, Q., Qin, J., Wen, W.: Phishing URL detection via CNN and attention-based hierarchical RNN. In: 2019 18th IEEE International Conference on Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 112–119 (2019)
Huang, Y., Qin, J., Wen, W.: Phishing URL detection via capsule-based neural network. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 22–26 (2019)
Fang, Y., Zhang, C., Huang, C., Liu, L., Yang, Y.: Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism. IEEE Access 7, 56329–56340 (2019). https://doi.org/10.1109/ACCESS.2019.2913705
Pongchanchai, N., Visoottiviseth, V., Ou, K., Yamai, N., Kitagawa, N.: Countermeasure against spoofed e-mails using display name as a user authenticator. In: 2018 Seventh ICT International Student Project Conference (ICT-ISPC), pp. 1–6 (2018)
Bagui, S., Nandi, D., Bagui, S., White, R.J.: Classifying phishing email using machine learning and deep learning. In: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–2 (2019)
Park, G., Rayz, J.: Ontological detection of phishing emails. In: 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 2858–2863 (2018)
Douzi, S., Amar, M., Ouahidi, B.E.: Advanced phishing filter using autoencoder and denoising autoencoder. In: Proceedings of the International Conference on Big Data and Internet of Thing, London, United Kingdom, pp. 125–129. ACM (2017)
Form, L.M., Chiew, K.L., Sze, S.N., Tiong, W.K.: Phishing email detection technique by using hybrid features. In: 2015 9th International Conference on IT in Asia, pp. 1–5 (2015)
Xiujuan, W., Chenxi, Z., Kangfeng, Z., Haoyang, T., Yuanrui, T.: Detecting spear-phishing emails based on authentication. In: 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS), pp. 450–456 (2019)
Verma, R., Rai, N.: Phish-IDetector: message-ID based automatic phishing detection. In: 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), pp. 427–434 (2015)
Bhadane, A., Mane, S.B.: Detecting lateral spear phishing attacks in organisations. IET Inf. Secur. 13(2), 133–140 (2019). https://doi.org/10.1049/iet-ifs.2018.5090
Fang, L., Bailing, W., Junheng, H., Yushan, S., Yuliang, W.: A proactive discovery and filtering solution on phishing websites. In: 2015 IEEE International Conference on Big Data (Big Data), pp. 2348–2355 (2015)
Bell, S., Komisarczuk, P.: Measuring the effectiveness of Twitter’s URL shortener (t.co) at protecting users from phishing and malware attacks. In: Proceedings of the Australasian Computer Science Week Multiconference, Melbourne, Australia, p. 11. ACM (2020)
Al-Janabi, M., Quincey, E.D., Andras, P.: Using supervised machine learning algorithms to detect suspicious URLs in online social networks. In: Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017, Sydney, Australia, pp. 1104–1111. ACM (2017)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hernández Dominguez, A., Baluja García, W. (2021). Updated Analysis of Detection Methods for Phishing Attacks. In: Singh, P.K., Veselov, G., Vyatkin, V., Pljonkin, A., Dodero, J.M., Kumar, Y. (eds) Futuristic Trends in Network and Communication Technologies. FTNCT 2020. Communications in Computer and Information Science, vol 1395. Springer, Singapore. https://doi.org/10.1007/978-981-16-1480-4_5
Download citation
DOI: https://doi.org/10.1007/978-981-16-1480-4_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-1479-8
Online ISBN: 978-981-16-1480-4
eBook Packages: Computer ScienceComputer Science (R0)