PhishMon: A machine learning framework for detecting phishing webpages

Amirreza Niakanlahiji; Bei Tseng Chu; Ehab Al-Shaer

doi:10.1109/ISI.2018.8587410

PhishMon: A machine learning framework for detecting phishing webpages

Amirreza Niakanlahiji, Bei Tseng Chu, Ehab Al-Shaer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

42 Scopus citations

Abstract

Despite numerous research efforts, phishing attacks remain prevalent and highly effective in luring unsuspecting users to reveal sensitive information, including account credentials and social security numbers. In this paper, we propose PhishMon, a new feature-rich machine learning framework to detect phishing webpages. It relies on a set of fifteen novel features that can be efficiently computed from a webpage without requiring third-party services, such as search engines, or WHOIS servers. These features capture various characteristics of legitimate web applications as well as their underlying web infrastructures. Emulation of these features is costly for phishers as it demands to spend significantly more time and effort on their underlying infrastructures and web applications; in addition to the efforts required for replicating the appearance of target websites. Through extensive evaluation on a dataset consisting of 4,800 distinct phishing and 17,500 distinct benign webpages, we show that PhishMon can distinguish unseen phishing from legitimate webpages with a very high degree of accuracy. In our experiments, PhishMon achieved 95.4% accuracy with 1.3% false positive rate on a dataset containing unique phishing instances.

Original language	English
Title of host publication	2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
Editors	Dongwon Lee, Ghita Mezzour, Ponnurangam Kumaraguru, Nitesh Saxena
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	220-225
Number of pages	6
ISBN (Electronic)	9781538678480
DOIs	https://doi.org/10.1109/ISI.2018.8587410
State	Published - 24 Dec 2018
Externally published	Yes

Publication series

Name	2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018

Bibliographical note

Publisher Copyright:
© 2018 IEEE.

Keywords

Anti Phishing
Machine Learning Framework

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems and Management
Safety, Risk, Reliability and Quality
Communication

Access to Document

10.1109/ISI.2018.8587410

Cite this

Niakanlahiji, A., Chu, B. T., & Al-Shaer, E. (2018). PhishMon: A machine learning framework for detecting phishing webpages. In D. Lee, G. Mezzour, P. Kumaraguru, & N. Saxena (Eds.), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 (pp. 220-225). Article 8587410 (2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2018.8587410

Niakanlahiji, Amirreza ; Chu, Bei Tseng ; Al-Shaer, Ehab. / PhishMon : A machine learning framework for detecting phishing webpages. 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. editor / Dongwon Lee ; Ghita Mezzour ; Ponnurangam Kumaraguru ; Nitesh Saxena. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 220-225 (2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018).

@inproceedings{1f45198202ce4fc5a65865900eaba365,

title = "PhishMon: A machine learning framework for detecting phishing webpages",

abstract = "Despite numerous research efforts, phishing attacks remain prevalent and highly effective in luring unsuspecting users to reveal sensitive information, including account credentials and social security numbers. In this paper, we propose PhishMon, a new feature-rich machine learning framework to detect phishing webpages. It relies on a set of fifteen novel features that can be efficiently computed from a webpage without requiring third-party services, such as search engines, or WHOIS servers. These features capture various characteristics of legitimate web applications as well as their underlying web infrastructures. Emulation of these features is costly for phishers as it demands to spend significantly more time and effort on their underlying infrastructures and web applications; in addition to the efforts required for replicating the appearance of target websites. Through extensive evaluation on a dataset consisting of 4,800 distinct phishing and 17,500 distinct benign webpages, we show that PhishMon can distinguish unseen phishing from legitimate webpages with a very high degree of accuracy. In our experiments, PhishMon achieved 95.4% accuracy with 1.3% false positive rate on a dataset containing unique phishing instances.",

keywords = "Anti Phishing, Machine Learning Framework",

author = "Amirreza Niakanlahiji and Chu, {Bei Tseng} and Ehab Al-Shaer",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.",

year = "2018",

month = dec,

day = "24",

doi = "10.1109/ISI.2018.8587410",

language = "English",

series = "2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "220--225",

editor = "Dongwon Lee and Ghita Mezzour and Ponnurangam Kumaraguru and Nitesh Saxena",

booktitle = "2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018",

address = "United States",

}

Niakanlahiji, A, Chu, BT & Al-Shaer, E 2018, PhishMon: A machine learning framework for detecting phishing webpages. in D Lee, G Mezzour, P Kumaraguru & N Saxena (eds), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018., 8587410, 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018, Institute of Electrical and Electronics Engineers Inc., pp. 220-225. https://doi.org/10.1109/ISI.2018.8587410

PhishMon: A machine learning framework for detecting phishing webpages. / Niakanlahiji, Amirreza; Chu, Bei Tseng; Al-Shaer, Ehab.
2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. ed. / Dongwon Lee; Ghita Mezzour; Ponnurangam Kumaraguru; Nitesh Saxena. Institute of Electrical and Electronics Engineers Inc., 2018. p. 220-225 8587410 (2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - PhishMon

T2 - A machine learning framework for detecting phishing webpages

AU - Niakanlahiji, Amirreza

AU - Chu, Bei Tseng

AU - Al-Shaer, Ehab

PY - 2018/12/24

Y1 - 2018/12/24

N2 - Despite numerous research efforts, phishing attacks remain prevalent and highly effective in luring unsuspecting users to reveal sensitive information, including account credentials and social security numbers. In this paper, we propose PhishMon, a new feature-rich machine learning framework to detect phishing webpages. It relies on a set of fifteen novel features that can be efficiently computed from a webpage without requiring third-party services, such as search engines, or WHOIS servers. These features capture various characteristics of legitimate web applications as well as their underlying web infrastructures. Emulation of these features is costly for phishers as it demands to spend significantly more time and effort on their underlying infrastructures and web applications; in addition to the efforts required for replicating the appearance of target websites. Through extensive evaluation on a dataset consisting of 4,800 distinct phishing and 17,500 distinct benign webpages, we show that PhishMon can distinguish unseen phishing from legitimate webpages with a very high degree of accuracy. In our experiments, PhishMon achieved 95.4% accuracy with 1.3% false positive rate on a dataset containing unique phishing instances.

AB - Despite numerous research efforts, phishing attacks remain prevalent and highly effective in luring unsuspecting users to reveal sensitive information, including account credentials and social security numbers. In this paper, we propose PhishMon, a new feature-rich machine learning framework to detect phishing webpages. It relies on a set of fifteen novel features that can be efficiently computed from a webpage without requiring third-party services, such as search engines, or WHOIS servers. These features capture various characteristics of legitimate web applications as well as their underlying web infrastructures. Emulation of these features is costly for phishers as it demands to spend significantly more time and effort on their underlying infrastructures and web applications; in addition to the efforts required for replicating the appearance of target websites. Through extensive evaluation on a dataset consisting of 4,800 distinct phishing and 17,500 distinct benign webpages, we show that PhishMon can distinguish unseen phishing from legitimate webpages with a very high degree of accuracy. In our experiments, PhishMon achieved 95.4% accuracy with 1.3% false positive rate on a dataset containing unique phishing instances.

KW - Anti Phishing

KW - Machine Learning Framework

UR - http://www.scopus.com/inward/record.url?scp=85061039558&partnerID=8YFLogxK

U2 - 10.1109/ISI.2018.8587410

DO - 10.1109/ISI.2018.8587410

M3 - Conference contribution

AN - SCOPUS:85061039558

T3 - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018

SP - 220

EP - 225

BT - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018

A2 - Lee, Dongwon

A2 - Mezzour, Ghita

A2 - Kumaraguru, Ponnurangam

A2 - Saxena, Nitesh

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Niakanlahiji A, Chu BT, Al-Shaer E. PhishMon: A machine learning framework for detecting phishing webpages. In Lee D, Mezzour G, Kumaraguru P, Saxena N, editors, 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 220-225. 8587410. (2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018). doi: 10.1109/ISI.2018.8587410

PhishMon: A machine learning framework for detecting phishing webpages

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this