Skip to main content
SpringerLink
Log in

A Systematic Review on Phishing Detection: A Perspective Beyond a High Accuracy in Phishing Detection

  • Conference paper
  • First Online:
Applied Informatics (ICAI 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1643))

Included in the following conference series:

  • 447 Accesses

Abstract

Phishing is one of the cyberattacks most feared by users who use transactional services over the Internet, although there are a lot of studies focused on detecting phishing attacks showing high accuracy, those have problems acting with the effectiveness required to prevent people to fall into these attacks in the early stages. In this article, a state-of-the-art overview of phishing detection is shown using a systematic literature review methodology for studies addressed between 2016 and 2022, such as other survey papers between 2020 and 2022, focused on the different detection stages, information sources, phishing characterization, and different methods used in the literature. Found that 83% of applications works selected are focused on the mitigation stage, where the methodologies act in reactive ways using statics features that provides high accuracy but turn the models fail through time. Finally, conclusions will be presented to highlight the importance of using brand information and mixing different methods to improve stage detection and assure durability in the detection model. The article’s contribution is focused on establishing another perspective that encourages future research and future related works to consider their models beyond a high accuracy and start thinking about how these models can to provide effective solutions that could be integrated into production environments to protect the users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. apwg: Phishing activity trends report Q4 2021 (2022). http://www.apwg.org

  2. Athulya, A.A.: Towards the detection of phishing attacks Praveen K TIFAC-CORE in cyber security Amrita Vishwa Vidyapeetham (2020). ISBN 9781728155180

    Google Scholar 

  3. Patil, V., Thakkar, P., Shah, C., Bhat, T., Godse, S.P.: Detection and prevention of phishing websites using machine learning approach. In: 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), pp. 1–5 (2018). https://doi.org/10.1109/ICCUBEA.2018.8697412

  4. Das, A., Baki, S., Aassal, A.E., Verma, R., Dunbar, A.: SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22(1), 671–708 (2020). https://doi.org/10.1109/COMST.2019.2957750. ISSN 1553-877X VO - 22

    Article  Google Scholar 

  5. Ya, J., Liu, T., Zhang, P., Shi, J., Guo, L., Gu, Z.: NeuralAS: DeepWord-based spoofed URLs detection against strong similar samples. In: 2019 International Joint Conference on Neural Networks (IJCNN), pp. 1–7 (2019). ISBN 2161-4407 VO. https://doi.org/10.1109/IJCNN.2019.8852416

  6. Nakamura, A., Dobashi, F.: Proactive phishing sites detection. In: IEEE/WIC/ACM International Conference on Web Intelligence, Series WI 2019, pp. 443–448. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3350546.3352565. ISBN 9781450369343

  7. Buber, E., Demir, Ö., Sahingoz, O.K.: Feature selections for the machine learning based detection of phishing websites. In: 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), pp. 1–5 (2017). https://doi.org/10.1109/IDAP.2017.8090317. ISBN: VO

  8. Adil, M., Khan, R., Ghani, M.A.N.U.: Preventive techniques of phishing attacks in networks. In: 2020 3rd International Conference on Advancements in Computational Sciences (ICACS), pp. 1–8 (2020). https://doi.org/10.1109/ICACS47775.2020.9055943. ISBN: VO

  9. Spaulding, J., Upadhyaya, S., Mohaisen, A.: The landscape of domain name typosquatting: techniques and countermeasures. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 284–289 (2016). https://doi.org/10.1109/ARES.2016.84. ISBN: VO

  10. Starov, O., Zhou, Y., Wang, J.: Detecting malicious campaigns in obfuscated JavaScript with scalable behavioral analysis. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 218–223 (2019). https://doi.org/10.1109/SPW.2019.00048. ISBN: VO

  11. Ginsberg, A., Yu, C.: Rapid homoglyph prediction and detection. In: 2018 1st International Conference on Data Intelligence and Security (ICDIS), pp. 17–23 (2018). https://doi.org/10.1109/ICDIS.2018.00010. ISBN: VO

  12. Li, X., Geng, G., Yan, Z., Chen, Y., Lee, X.: Phishing detection based on newly registered domains. In: 2016 IEEE International Conference on Big Data (Big Data), pp. 3685–3692 (2016). https://doi.org/10.1109/BigData.2016.7841036. ISBN: VO

  13. Li, J., Wang, S.: PhishBox: an approach for phishing validation and detection. In: 2017 IEEE 15th International Conference on Dependable, Autonomic and Secure Computing, 15th International Conference on Pervasive Intelligence and Computing, 3rd International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech), pp. 557–564 (2017). https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.101. ISBN: VO

  14. Li, Q., Cheng, M., Wang, J., Sun, B.: LSTM based phishing detection for big email data. IEEE Trans. Big Data 1 (2020). https://doi.org/10.1109/TBDATA.2020.2978915. ISSN 2332–7790 VO

  15. Eshmawi, A., Nair, S.: The roving proxy framewrok for SMS spam and phishing detection. In: 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), pp. 1–6 (2019). https://doi.org/10.1109/CAIS.2019.8769562. ISBN: VO

  16. Balim, C., Gunal, E.S.: Automatic detection of smishing attacks by machine learning methods. In: 2019 1st International Informatics and Software Engineering Conference (UBMYK), pp. 1–3 (2019). https://doi.org/10.1109/UBMYK48245.2019.8965429. ISBN: VO

  17. Dalgic, F.C., Bozkir, A.S., Aydos, M.: Phish-IRIS: a new approach for vision based brand prediction of phishing web pages via compact visual descriptors. In: 2018 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), pp. 1–8 (2018). https://doi.org/10.1109/ISMSIT.2018.8567299. ISBN: VO

  18. Yan, X., Xu, Y., Xing, X., Cui, B., Guo, Z., Guo, T.: Trustworthy network anomaly detection based on an adaptive learning rate and momentum in IIoT. IEEE Trans. Ind. Inform. 1 (2020). https://doi.org/10.1109/TII.2020.2975227. ISSN 1941-0050 VO

  19. Sahoo, P.K.: Data mining a way to solve phishing attacks. In: 2018 International Conference on Current Trends towards Converging Technologies (ICCTCT), pp. 1–5 (2018). https://doi.org/10.1109/ICCTCT.2018.8550910. ISBN: VO

  20. Baykara, M., Gürel, Z.Z.: Detection of phishing attacks. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–5 (2018). https://doi.org/10.1109/ISDFS.2018.8355389. ISBN: VO

  21. Lingam, G., Rout, R.R., Somayajulu, D.V.L.N.: Detection of social botnet using a trust model based on spam content in Twitter network. In: 2018 IEEE 13th International Conference on Industrial and Information Systems (ICIIS), pp. 280–285 (2018). https://doi.org/10.1109/ICIINFS.2018.8721318. ISBN 2164-7011 VO

  22. Lingam, G., Rout, R.R., Somayajulu, D.V.L.N.: Deep Q-learning and particle swarm optimization for bot detection in online social networks. In: 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–6 (2019). https://doi.org/10.1109/ICCCNT45670.2019.8944493. ISBN: VO

  23. Sharma, H., Meenakshi, E., Bhatia, S.K.: A comparative analysis and awareness survey of phishing detection tools. In: 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 1437–1442 (2017). https://doi.org/10.1109/RTEICT.2017.8256835. ISBN: VO

  24. Pande, D.N., Voditel, P.S.: Spear phishing: diagnosing attack paradigm. In: 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 2720–2724 (2017). https://doi.org/10.1109/WiSPNET.2017.8300257. ISBN: VO

  25. DomainWatch, DomainWatch - Domain WHOIS Search, Website Information. https://domainwat.ch/

  26. urlscan, URL and website scanner. https://urlscan.io/

  27. Zhu, E., Ye, C., Liu, D., Liu, F., Wang, F., Li, X.: An effective neural network phishing detection model based on optimal feature selection. In: 2018 IEEE International Conference on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pp. 781–787 (2018). https://doi.org/10.1109/BDCloud.2018.00117. ISBN: VO

  28. Yang, P., Zhao, G., Zeng, P.: Phishing website detection based on multidimensional features driven by deep learning. IEEE Access 7, 15 196–15 209 (2019). https://doi.org/10.1109/ACCESS.2019.2892066. ISBN: 2169-3536 VO - 7

  29. Aung, E.S., Yamana, H.: URL-based phishing detection using the entropy of non-alphanumeric characters. In: Proceedings of the 21st International Conference on Information Integration and Web-Based Applications & Services, iiWAS2019, v. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3366030.3366064. ISBN 9781450371797

  30. McGahagan, J.. Bhansali, ,D, Gratian, M., Cukier, M.: A comprehensive evaluation of HTTP header features for detecting malicious websites. In: 2019 15th European Dependable Computing Conference (EDCC), pp. 75–82 (2019). https://doi.org/10.1109/EDCC.2019.00025. ISBN 2641-810X VO

  31. Yuan, H., Chen, X., Li, Y., Yang, Z., Liu, W.: Detecting phishing websites and targets based on URLs and webpage links. In: 2018 24th International Conference on Pattern Recognition (ICPR), pp. 3669–3674 (2018). https://doi.org/10.1109/ICPR.2018.8546262. ISBN 1051-4651 VO

  32. Mondal, S., Maheshwari, D., Pai, N., Biwalkar, A.: A review on detecting phishing URLs using clustering algorithms. In: 2019 International Conference on Advances in Computing, Communication and Control (ICAC3), pp. 1–6 (2019). https://doi.org/10.1109/ICAC347590.2019.9036837. ISBN: VO

  33. Megha, N., Babu, K.R.R., Sherly, E.: An intelligent system for phishing attack detection and prevention. In: 2019 International Conference on Communication and Electronics Systems (ICCES), pp. 1577–1582 (2019). https://doi.org/10.1109/ICCES45898.2019.9002204. ISBN: VO

  34. Ali, W., Ahmed, A.A.: Hybrid intelligent phishing website prediction using deep neural networks with genetic algorithm-based feature selection and weighting. IET Inf. Secur. 13(6), 659–669 (2019). https://doi.org/10.1049/iet-ifs.2019.0006. ISSN 1751-8717 VO - 13

    Article  Google Scholar 

  35. Huang, Y., Qin, J., Wen, W.: Phishing URL detection via capsule-based neural network. In: 2019 IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 22–26 (2019). https://doi.org/10.1109/ICASID.2019.8925000. ISBN 2163-5056 VO

  36. Nathezhtha, T., Sangeetha, D., Vaidehi, V.: WC-PAD: web crawling based phishing attack detection. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2019). https://doi.org/10.1109/CCST.2019.8888416. ISBN 2153-0742 VO

  37. Baral, G., Arachchilage, N.A.G.: Building condence not to be phished through a gamified approach: conceptualising user’s self-efficacy in phishing threat avoidance behaviour. In: 2019 Cybersecurity and Cyberforensics Conference (CCC), pp. 102–110 (2019). https://doi.org/10.1109/CCC.2019.000-1. ISBN: VO

  38. Anand, A., Gorde, K., Moniz, J.R.A., Park, N., Chakraborty, T., Chu, B.: Phishing URL detection with oversampling based on text generative adversarial networks. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 1168–1177 (2018). https://doi.org/10.1109/BigData.2018.8622547. ISBN: VO

  39. Zuraiq, A.A., Alkasassbeh, M.: Review: phishing detection approaches. In: 2019 2nd International Conference on new Trends in Computing Sciences (ICTCS), pp. 1–6 (2019). https://doi.org/10.1109/ICTCS.2019.8923069. ISBN: VO

  40. Concone, F., Re, G.L., Morana, M., Ruocco, C.: Assisted labeling for spam account detection on Twitter. In: 2019 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 359–366 (2019). https://doi.org/10.1109/SMARTCOMP.2019.00073. ISBN: VO

  41. Yazhmozhi, V.M., Janet, B.: Natural language processing and machine learning based phishing website detection system. In: 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pp. 336–340 (2019). https://doi.org/10.1109/I-SMAC47947.2019.9032492. ISBN: VO

  42. Yao, W., Ding, Y., Li, X.: LogoPhish: a new two-dimensional code phishing attack detection method. In: 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pp. 231–236 (2018). https://doi.org/10.1109/BDCloud.2018.00045. ISBN: VO

  43. Xiang, G., Hong, J., Rose, C.P., Cranor, L.: CANTINA+: a featurerich machine learning framework for detecting phishing web sites (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidad Nacional de Colombia, Bogotá, Colombia

    Daniel Alejandro Barreiro Herrera & Jorge Eliecer Camargo Mendoza

Authors
  1. Daniel Alejandro Barreiro Herrera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge Eliecer Camargo Mendoza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Daniel Alejandro Barreiro Herrera or Jorge Eliecer Camargo Mendoza .

Editor information

Editors and Affiliations

  1. Universidad Distrital Francisco Jose de Caldas, Bogota, Colombia

    Hector Florez

  2. Universidad Continental, Arequipa, Peru

    Henry Gomez

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Barreiro Herrera, D.A., Camargo Mendoza, J.E. (2022). A Systematic Review on Phishing Detection: A Perspective Beyond a High Accuracy in Phishing Detection. In: Florez, H., Gomez, H. (eds) Applied Informatics. ICAI 2022. Communications in Computer and Information Science, vol 1643. Springer, Cham. https://doi.org/10.1007/978-3-031-19647-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19647-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19646-1

  • Online ISBN: 978-3-031-19647-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation