Mahmoud Khonji

Phishing Detection: A Literature Survey

This article surveys the literature on the detection of phishing attacks. Phishing attacks target vulnerabilities that exist in systems due to the human factor. Many cyber attacks are spread via mechanisms that exploit weaknesses found in end-users, which makes users the weakest element in the security chain. The phishing problem is broad and no single silver-bullet solution exists to mitigate all the vulnerabilities effectively, thus multiple techniques are often implemented to mitigate specific attacks. This paper aims at surveying many of the recently proposed phishing mitigation techniques. A high-level overview of various categories of phishing mitigation techniques is also presented, such as: detection, offensive defense, correction, and prevention, which we belief is critical to present where the phishing detection techniques fit in the overall mitigation process.

A novel Phishing classification based on URL features

Phishing is the process of illicitly obtaining data through social engineering via electronic communication channels. As reported by the Anti-Phishing Working Group (APWG)1, Phishing attacks are growing in volume and sophistication. As a result, the need to improve Phishing detection methods increases. We introduce a simple and novel Phishing classification feature that aims toward supplementing existing classifiers by detecting a subset of Phishing attacks.

A study of feature subset evaluators and feature subset searching methods for phishing classification

Phishing is a semantic attack that aims to take advantage of the naivety of users of electronic services (e.g. e-banking). A number of solutions have been proposed to minimize the impact of phishing attacks. The most accurate email phishing classifiers, that are publicly known, use machine learning techniques. Previous work in phishing email classification via machine learning have primarily focused on enhancing the classification accuracy by studying the addition of novel features, ensembles, or classification algorithms. This study follows a different path by taking advantage of previously proposed features. The primary focus of this paper is to enhance the classification accuracy of phishing email classifiers by finding an effective feature subset out of a number of previously proposed features, by evaluating various feature selection methods. The selected feature subset in this study resulted in a classification model with an f1 score of 99.396% for 21 heuristic features and a single classifier.

Lexical URL analysis for discriminating phishing and legitimate websites

A study that aims to evaluate the practical effectiveness of website classification by lexically analyzing URL tokens in addition to a novel tokenization mechanism to increase prediction accuracy. The study analyzes over 70,000 legitimate and phishing URLs collected over 6 months period from PhishTank1, Khalifa University HTTP logs and volunteers using an experimental HTTP proxy server. A statistical classification model is then constructed and evaluated to measure the practical effectiveness of the lexical URL analysis presented in this paper.