Cited By
View all- Shariff SZhang XSanderson M(2017)On the credibility perception of news on TwitterComputers in Human Behavior10.1016/j.chb.2017.06.02675:C(785-796)Online publication date: 1-Oct-2017
An overview of phishing attacks and their detection techniques
Authors: 
Mehdi Dadkhah, Mohammad Davarpanah Jazi, Majid Saidi Mobarakeh, Shahaboddin Shamshirband, Xiaojun Wang, Sachin RasteAuthors Info & Claims
Pages 187 - 195
Abstract
With rapid spread of the internet and cyber space, it has gained numerous applications and has been used as a powerful tool for social collaborations, communications and trades. The internet has superior performance to the traditional ways, as well as many useful features. This has been a reason for its growing usage in online trade and emergence of electronic commerce e-commerce. Security is an essential requirement in electronic interactions. In this context, phishing attacks are among the most important challenges e-commerce is faced with. On the other hand, it is one of the mostly used methods for password stealing. In phishing attacks, the attacker redirects the victim to their fake web pages in order to steal their sensitive information such as passwords. Numerous methods have been devised to defeat such attacks. Web pages, e-mails and URLs used for phishing attacks have some features which can be used to identify fake pages. In this article, we try to introduce different types of phishing attacks and possible detection techniques for them, then discuss about advantages and disadvantages of each technique. Finally, we state that which anti phishing techniques can be used for detection of each phishing types.
References
[1]
Aburrous, M., Hossain, M.A., Dahal, K. and Thabatah, F. (2010a) 'Intelligent phishing detection system for e-banking using fuzzy data mining', Expert Systems with Applications, Vol. 37, No. 12, pp. 7913-7921.
[2]
Aburrous, M., Hossain, M.A., Dahal, K. and Thabtah, F. (2010b) 'Predicting phishing websites using classification mining techniques with experimental case studies', in Proceedings of Seventh International Conference on Information Technology (IEEE), pp. 176-181.
[3]
Agarwal, N., Renfro, S. and Bejar, A. (2009) 'Yahoo Sign-In seal and current anti-phishing solutions', in eCrime Researchers Summit, pp. 1-4.
[4]
Ali, M.M. and Rajamani, L. (2012) 'APD: ARM deceptive phishing detector system phishing detection in instant messengers using data mining approach', Global Trends in Computing and Communication Systems, Vol. 269, pp. 490-502 [online] https://link.springer.com/chapter/10.1007/978-3-642-29219-4_56.
[5]
Alkhateeb, F., Manasrah, A. and Bsoul, A. (2012) 'Bank web sites phishing detection and notification system based on semantic web technologies', International Journal of Security & its Applications, Vol. 6, No. 4, pp. 1-14.
[6]
Almomani, A., Gupta, B.B., Atawneh, S., Meulenberg, A. and Almomani, E. (2013) 'A survey of phishing email filtering techniques', Communications Surveys & Tutorials, Vol. 15, No. 4, pp. 2070-2090.
[7]
Alto, P. (2014) HP Networking Communication: Open SSL Vulnerabilities, pp. 1-4, Hewlett-Packard Development Company (White Paper).
[8]
Bian, K., Park, J.M., Hsiao, M.S., Belanger, F. and Hiller, J. (2009) 'Evaluation of online resources in assisting phishing detection', in Proceedings of Ninth Annual International Symposium on Applications and the Internet (IEEE), pp. 30-36.
[9]
Chawla, M. and Chouhan, S.S. (2014) 'A survey of phishing attack techniques', International Journal of Computer Applications, Vol. 93, No. 3, pp. 32-334.
[10]
Chen, J. and Guo, C. (2006) 'Online detection and prevention of phishing attacks', in Proceedings of First International Conference on Communications and Networking (IEEE), pp. 1-7.
[11]
Dadkhah, M. and Jazi, M.D. (2014a) 'A novel approach to deal with keyloggers', Oriental Journal of Computer Science & Technology, Vol. 7, No. 1, pp. 25-28.
[12]
Dadkhah, M. and Jazi, M.D. (2014b) 'Secure payment in e-commerce: deal with keyloggers and phishings', International Journal of Electronics Communication and Computer Engineering, Vol. 5, No. 3, pp. 656-660.
[13]
Dave, D.B., Ramanathan, V. and Wechsler, H. (2013) 'Phishing detection using traffic behavior, spectral clustering, and random forests', in Proceedings of International Conference on Intelligence and Security Informatics, pp. 67-72.
[14]
Desmedt, Y. (2005) 'Man-in-the-middle attack', in Encyclopedia of Cryptography and Security, pp. 759-759, Springer, USA.
[15]
Dunlop, M., Groat, S. and Shelly, D. (2010) 'Gold phish: using images for content-based phishing analysis', in Proceedings of Fifth International Conference on Internet Monitoring and Protection (IEEE), pp. 123-128.
[16]
Hong, J. (2012) 'The state of phishing attacks', Communications of the ACM, Vol. 55, No. 1, pp. 74-81.
[17]
Kazemian, H.B. and Ahmed, S. (2015) 'Comparisons of machine learning techniques for detecting malicious web pages', Expert Systems with Applications, Vol. 42, No. 3, pp. 1166-1177.
[18]
Khonji, M., Iraqi, Y. and Jones, A. (2013) 'Phishing detection: a literature survey', Communications Surveys & Tutorials, Vol. 15, No. 4, pp. 2091-2121.
[19]
Khonji, M., Jones, A. and Iraqi, Y. (2011) 'A novel phishing classification based on URL features', in Proceedings of GCC Conference and Exhibition (IEEE), pp. 221-224.
[20]
Larose, D. (2014) Discovering Knowledge in Data: An Introduction to Data Mining, Wiley, New York.
[21]
Li, S. and Schmitz, R. (2009) 'A novel anti-phishing framework based on honeypots', in eCrime Researchers Summit (IEEE), pp. 1-13.
[22]
Liao, N., Shengfeng, T. and Tinghua, W. (2009) 'Network forensics based on fuzzy logic and expert system', Computer Communications, Vol. 32, No. 17, pp. 1881-1892.
[23]
Liu, G., Qiu, B. and Wenyin, L. (2010) 'Automatic detection of phishing target from phishing webpage', in Proceedings of International Conference on Pattern Recognition (IEEE), pp. 4153-4156.
[24]
Pradhan, S.K. and Negi, A. (2014) 'An improved approach of dictionary based syntactic PR using trie', in Proceedings of International Conference on Electronic Systems, Signal Processing and Computing Technologies, pp. 386-391.
[25]
Reddy, V.P., Radha, V. and Jindal, M. (2011) 'Client side protection from phishing attack', International Journal of Advanced Engineering Sciences and Technologies, Vol. 3, No. 1, pp. 39-45.
[26]
Ruth, R.K., Priyanka, K., Anusha, K., Jyosthna, C.H. and Siva, P.Y.A. (2011) 'An effective strategy for identifying phishing websites using class-based approach', International Journal of Scientific & Engineering Research, Vol. 2, No. 12, pp. 1-7.
[27]
Sachin, R. (2013) SURL - Tweets and Phishing, E Scan Company [online] http://blog.escanav.com/2013/01/15/surl-tweets-and-phishing/?lang=en (accessed 20 March 2015).
[28]
Sanglerdsinlapachai, N. and Rungsawang, A. (2010) 'Using domain top-page similarity feature in machine learning-based web phishing detection', in Proceedings of Third International Conference on Knowledge Discovery and Data Mining (IEEE), pp. 187-190.
[29]
Shi, J. and Saleem, S. (2012) Phishing, University of Arizona [online] http://www.cs.arizona.edu/~collberg/Teaching/466-566/2012/Resources/presentations/2012/reports.pdf (accessed 20 March 2015).
[30]
Shreeram, V., Suban, M., Shanthi, P. and Manjula, K. (2010) 'Anti-phishing detection of phishing attacks using genetic algorithm', in Proceedings of IEEE International Conference on Communication Control and Computing Technologies (ICCCCT), pp. 447-450.
[31]
Zhuge, J., Holz, T., Song, C., Guo, J., Han, X. and Zou, W. (2009) Managing Information Risk and the Economics of Security, Springer, USA.
- An overview of phishing attacks and their detection techniques
Recommendations
Enterprise Credential Spear-phishing attack detection
Highlights- Detecting spear-phishing email attacks based on sender domains.
- Figuring out that the domain's sender is genuine or forgery.
- Providing a balanced trade-off between detecting targeted attacks and bypassing the genuine emails.
AbstractThe latest report by Kaspersky on email Spam and targeted Phishing attacks, by percentage, highlights the need of an urgent solution. Attachment-driven Spear-phishing struggles to succeed against many email providers’ malware-filtration systems, ...
Graphical abstractDisplay Omitted
Fighting against phishing attacks: state of the art and future challenges
In the last few years, phishing scams have rapidly grown posing huge threat to global Internet security. Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user's personal or financial ...
Defending against phishing attacks: taxonomy of methods, current issues and future directions
Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Inderscience Publishers
Geneva 15, Switzerland
Publication History
Published: 01 January 2017
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
Cited By
View all- Shariff SZhang XSanderson M(2017)On the credibility perception of news on TwitterComputers in Human Behavior10.1016/j.chb.2017.06.02675:C(785-796)Online publication date: 1-Oct-2017