Systematization of Knowledge (SoK)

A Systematic Review of Software-Based Web Phishing Detection

Zuochao Dou, Issa Khalil, Abdallah Khreishah, Ala Al-Fuqaha, Mohsen Guizani

Research output: Contribution to journalReview article

7 Citations (Scopus)

Abstract

Phishing is a form of cyber attack that leverages social engineering approaches and other sophisticated techniques to harvest personal information from users of websites. The average annual growth rate of the number of unique phishing websites detected by the Anti Phishing Working Group is 36.29% for the past six years and 97.36% for the past two years. In the wake of this rise, alleviating phishing attacks has received a growing interest from the cyber security community. Extensive research and development have been conducted to detect phishing attempts based on their unique content, network, and URL characteristics. Existing approaches differ significantly in terms of intuitions, data analysis methods, as well as evaluation methodologies. This warrants a careful systematization so that the advantages and limitations of each approach, as well as the applicability in different contexts, could be analyzed and contrasted in a rigorous and principled way. This paper presents a systematic study of phishing detection schemes, especially software based ones. Starting from the phishing detection taxonomy, we study evaluation datasets, detection features, detection techniques, and evaluation metrics. Finally, we provide insights that we believe will help guide the development of more effective and efficient phishing detection schemes.

Original languageEnglish
Article number8036198
Pages (from-to)2797-2819
Number of pages23
JournalIEEE Communications Surveys and Tutorials
Volume19
Issue number4
DOIs
Publication statusPublished - 1 Oct 2017

Fingerprint

Websites
Taxonomies

Keywords

  • Phishing
  • Phishing website detection
  • software based methods

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Systematization of Knowledge (SoK) : A Systematic Review of Software-Based Web Phishing Detection. / Dou, Zuochao; Khalil, Issa; Khreishah, Abdallah; Al-Fuqaha, Ala; Guizani, Mohsen.

In: IEEE Communications Surveys and Tutorials, Vol. 19, No. 4, 8036198, 01.10.2017, p. 2797-2819.

Research output: Contribution to journalReview article

Dou, Zuochao ; Khalil, Issa ; Khreishah, Abdallah ; Al-Fuqaha, Ala ; Guizani, Mohsen. / Systematization of Knowledge (SoK) : A Systematic Review of Software-Based Web Phishing Detection. In: IEEE Communications Surveys and Tutorials. 2017 ; Vol. 19, No. 4. pp. 2797-2819.
@article{30b5c7a20a514c1b9b197b7e8e20d336,
title = "Systematization of Knowledge (SoK): A Systematic Review of Software-Based Web Phishing Detection",
abstract = "Phishing is a form of cyber attack that leverages social engineering approaches and other sophisticated techniques to harvest personal information from users of websites. The average annual growth rate of the number of unique phishing websites detected by the Anti Phishing Working Group is 36.29{\%} for the past six years and 97.36{\%} for the past two years. In the wake of this rise, alleviating phishing attacks has received a growing interest from the cyber security community. Extensive research and development have been conducted to detect phishing attempts based on their unique content, network, and URL characteristics. Existing approaches differ significantly in terms of intuitions, data analysis methods, as well as evaluation methodologies. This warrants a careful systematization so that the advantages and limitations of each approach, as well as the applicability in different contexts, could be analyzed and contrasted in a rigorous and principled way. This paper presents a systematic study of phishing detection schemes, especially software based ones. Starting from the phishing detection taxonomy, we study evaluation datasets, detection features, detection techniques, and evaluation metrics. Finally, we provide insights that we believe will help guide the development of more effective and efficient phishing detection schemes.",
keywords = "Phishing, Phishing website detection, software based methods",
author = "Zuochao Dou and Issa Khalil and Abdallah Khreishah and Ala Al-Fuqaha and Mohsen Guizani",
year = "2017",
month = "10",
day = "1",
doi = "10.1109/COMST.2017.2752087",
language = "English",
volume = "19",
pages = "2797--2819",
journal = "IEEE Communications Surveys and Tutorials",
issn = "1553-877X",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "4",

}

TY - JOUR

T1 - Systematization of Knowledge (SoK)

T2 - A Systematic Review of Software-Based Web Phishing Detection

AU - Dou, Zuochao

AU - Khalil, Issa

AU - Khreishah, Abdallah

AU - Al-Fuqaha, Ala

AU - Guizani, Mohsen

PY - 2017/10/1

Y1 - 2017/10/1

N2 - Phishing is a form of cyber attack that leverages social engineering approaches and other sophisticated techniques to harvest personal information from users of websites. The average annual growth rate of the number of unique phishing websites detected by the Anti Phishing Working Group is 36.29% for the past six years and 97.36% for the past two years. In the wake of this rise, alleviating phishing attacks has received a growing interest from the cyber security community. Extensive research and development have been conducted to detect phishing attempts based on their unique content, network, and URL characteristics. Existing approaches differ significantly in terms of intuitions, data analysis methods, as well as evaluation methodologies. This warrants a careful systematization so that the advantages and limitations of each approach, as well as the applicability in different contexts, could be analyzed and contrasted in a rigorous and principled way. This paper presents a systematic study of phishing detection schemes, especially software based ones. Starting from the phishing detection taxonomy, we study evaluation datasets, detection features, detection techniques, and evaluation metrics. Finally, we provide insights that we believe will help guide the development of more effective and efficient phishing detection schemes.

AB - Phishing is a form of cyber attack that leverages social engineering approaches and other sophisticated techniques to harvest personal information from users of websites. The average annual growth rate of the number of unique phishing websites detected by the Anti Phishing Working Group is 36.29% for the past six years and 97.36% for the past two years. In the wake of this rise, alleviating phishing attacks has received a growing interest from the cyber security community. Extensive research and development have been conducted to detect phishing attempts based on their unique content, network, and URL characteristics. Existing approaches differ significantly in terms of intuitions, data analysis methods, as well as evaluation methodologies. This warrants a careful systematization so that the advantages and limitations of each approach, as well as the applicability in different contexts, could be analyzed and contrasted in a rigorous and principled way. This paper presents a systematic study of phishing detection schemes, especially software based ones. Starting from the phishing detection taxonomy, we study evaluation datasets, detection features, detection techniques, and evaluation metrics. Finally, we provide insights that we believe will help guide the development of more effective and efficient phishing detection schemes.

KW - Phishing

KW - Phishing website detection

KW - software based methods

UR - http://www.scopus.com/inward/record.url?scp=85030253690&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030253690&partnerID=8YFLogxK

U2 - 10.1109/COMST.2017.2752087

DO - 10.1109/COMST.2017.2752087

M3 - Review article

VL - 19

SP - 2797

EP - 2819

JO - IEEE Communications Surveys and Tutorials

JF - IEEE Communications Surveys and Tutorials

SN - 1553-877X

IS - 4

M1 - 8036198

ER -