Andrei Butnaru
Towards Lightweight URL-Based Phishing Detection
Butnaru, Andrei; Mylonas, Alexios; Pitropakis, Nikolaos
Abstract
Nowadays, the majority of everyday computing devices, irrespective of their size and operating system, allow access to information and online services through web browsers. However, the pervasiveness of web browsing in our daily life does not come without security risks. This widespread practice of web browsing in combination with web users’ low situational awareness against cyber attacks, exposes them to a variety of threats, such as phishing, malware and profiling. Phishing attacks can compromise a target, individual or enterprise, through social interaction alone. Moreover, in the current threat landscape phishing attacks typically serve as an attack vector or initial step in a more complex campaign. To make matters worse, past work has demonstrated the inability of denylists, which are the default phishing countermeasure, to protect users from the dynamic nature of phishing URLs. In this context, our work uses supervised machine learning to block phishing attacks, based on a novel combination of features that are extracted solely from the URL. We evaluate our performance over time with a dataset which consists of active phishing attacks and compare it with Google Safe Browsing (GSB), i.e., the default security control in most popular web browsers. We find that our work outperforms GSB in all of our experiments, as well as performs well even against phishing URLs which are active one year after our model’s training.
Journal Article Type | Article |
---|---|
Acceptance Date | Jun 10, 2021 |
Online Publication Date | Jun 13, 2021 |
Publication Date | 2021-06 |
Deposit Date | Jun 19, 2021 |
Publicly Available Date | Jun 21, 2021 |
Journal | Future Internet |
Publisher | MDPI |
Peer Reviewed | Peer Reviewed |
Volume | 13 |
Issue | 6 |
Article Number | 154 |
DOI | https://doi.org/10.3390/fi13060154 |
Keywords | phishing; supervised machine learning; classifier; heuristics; URL-based phishing |
Public URL | http://researchrepository.napier.ac.uk/Output/2781649 |
Files
Towards Lightweight URL-Based Phishing Detection
(345 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
Copyright Statement
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
You might also like
An Enhanced Cyber Attack Attribution Framework
(2018)
Presentation / Conference Contribution
Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
(2017)
Presentation / Conference Contribution
Cloud Security, Privacy, and Trust Baselines
(2016)
Book Chapter
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search