SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective
作者: Avisha Das , Shahryar Baki , Ayman El Aassal , Rakesh Verma , Arthur Dunbar
DOI: 10.1109/COMST.2019.2957750
关键词:
摘要: Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given prevalence these attacks, considerable research has been conducted on problems along multiple dimensions. We reexamine existing from perspective unique needs security domain, which we call challenges : real-time detection, active attacker, dataset quality base-rate fallacy. explain then survey phishing/spear solutions in their light. This viewpoint consolidates literature illuminates several opportunities improving solutions. organize based detection techniques different vectors (e.g., URLs, websites, emails) with studies user awareness. For examine properties dataset, feature extraction, algorithms used, performance evaluation metrics. work can help guide development more effective defenses phishing, email future, as well provide a framework thorough comparison.
arxiv.org
sci-hub.se 参考文章(249)
Hyunsang Choi, Heejo Lee, Bin B. Zhu, Detecting malicious web links and identifying their attack types usenix conference on web application development. pp. 11- 11 ,(2011)
Brad Wardman, Gary Warner, Alan Sprague, Jason Britt, Clustering potential phishing websites using DeepMD5 usenix conference on large scale exploits and emergent threats. pp. 10- 10 ,(2012)
Dennis F. Galletta, Brian Kimball Dunn, Gregory D. Moody, Jon Walker, Which Phish Get Caught? An Exploratory Study of Individual Susceptibility to Phishing. international conference on information systems. ,(2011)
Frank Reichartz, André Bergholz, Siehyun Strobel, Gerhard Paass, Jeong Ho Chang, Improved Phishing Detection using Model-Based Features. conference on email and anti-spam. ,(2008)
Tzipora Halevi, James Lewis, Nasir Memon, A pilot study of cyber security and privacy related behavior and personality traits the web conference. pp. 737- 744 ,(2013) , 10.1145/2487788.2488034
Kathryn Parsons, Agata McCormac, Malcolm Pattinson, Marcus Butavicius, Cate Jerram, Phishing for the Truth: A Scenario-Based Experiment of Users’ Behavioural Response to Emails Security and Privacy Protection in Information Processing Systems. pp. 366- 378 ,(2013) , 10.1007/978-3-642-39218-4_27
Lung-Hao Lee, Kuei-Ching Lee, Yen-Cheng Juan, Hsin-Hsi Chen, Yuen-Hsien Tseng, Users' behavioral prediction for phishing detection Proceedings of the 23rd International Conference on World Wide Web - WWW '14 Companion. pp. 337- 338 ,(2014) , 10.1145/2567948.2577320
Ibrahim Mohammed Alseadoon, Ernest Foo, Taizan Chan, Mohd Fairuz Iskandar Othman, Typology of phishing email victims based on their behavioural response Science & Engineering Faculty. ,(2013)
Samuel Marchal, Jérôme François, Radu State, Thomas Engel, Proactive Discovery of Phishing Related Domain Names Research in Attacks, Intrusions, and Defenses. ,vol. 7462, pp. 190- 209 ,(2012) , 10.1007/978-3-642-33338-5_10
D. Kevin McGrath, Minaxi Gupta, Behind phishing: an examination of phisher modi operandi LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 4- ,(2008)