Phishing URL Detection: A Network-based Approach Robust to Evasion

by   Taeri Kim, et al.

Many cyberattacks start with disseminating phishing URLs. When clicking these phishing URLs, the victim's private information is leaked to the attacker. There have been proposed several machine learning methods to detect phishing URLs. However, it still remains under-explored to detect phishing URLs with evasion, i.e., phishing URLs that pretend to be benign by manipulating patterns. In many cases, the attacker i) reuses prepared phishing web pages because making a completely brand-new set costs non-trivial expenses, ii) prefers hosting companies that do not require private information and are cheaper than others, iii) prefers shared hosting for cost efficiency, and iv) sometimes uses benign domains, IP addresses, and URL string patterns to evade existing detection methods. Inspired by those behavioral characteristics, we present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns, i.e., robust to evasion. In the network approach, a phishing URL will be still identified as phishy even after evasion unless a majority of its neighbors in the network are evaded at the same time. Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods, e.g., F-1 of 0.89 for our method vs. 0.84 for the best feature-based method.


page 4

page 6

page 12


Scope resolution of predicted negation cues: A two-step neural network-based approach

Neural network-based methods are the state of the art in negation scope ...

BotShape: A Novel Social Bots Detection Approach via Behavioral Patterns

An essential topic in online social network security is how to accuratel...

Dormant Neural Trojans

We present a novel methodology for neural network backdoor attacks. Unli...

Understanding the Security of Deepfake Detection

Deepfakes pose growing challenges to the trust of information on the Int...

A Comparative Study of Fruit Detection and Counting Methods for Yield Mapping in Apple Orchards

We present new methods for apple detection and counting based on recent ...

HinDom: A Robust Malicious Domain Detection System based on Heterogeneous Information Network with Transductive Classification

Domain name system (DNS) is a crucial part of the Internet, yet has been...

Majority Voting Approach to Ransomware Detection

Crypto-ransomware remains a significant threat to governments and compan...

Please sign up or login with your details

Forgot password? Click here to reset