skip to main content
10.1145/2660267.2662362acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

POSTER: Proactive Blacklist Update for Anti-Phishing

Published: 03 November 2014 Publication History

Abstract

This study explores the existing blacklists to discover suspected URLs that refer to on-the-fly phishing threats in real time. We propose a PhishTrack framework that includes redirection tracking and form tracking components to update the phishing blacklists. It actively finds phishing URLs as early as possible. Experimental results show that our proactive phishing update method is an effective and efficient approach for improving the coverage of the blacklists. In practice, our solution is complementary to the existing anti-phishing techniques for providing secured web surfing.

References

[1]
Aaron, G., Rasmussen, R., and Routt, A. 2014. Global phishing survey: trends and domain name use in 2H2013. An APWG Industry Advisory, available online at http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2013.pdf
[2]
Abu-Nimeh, S., Nappa, D., Wang, X., and Nair, S. 2007. A comparison of machine learning techniques for phishing detection. In Proceedings of the 2nd Anti-Phishing Working Group Annual eCrime Researchers Summit (Pittsburgh, Pennsylvania, USA, October 4--5, 2007). eCrime'07, 60--69.
[3]
Blum, A., Wardman, B., Solorio, T., and Warner, G. 2010. Lexical feature based phishing URL detection using online learning. In Proceedings of 3rd CCS Workshop on Security and Artificial Intelligence (Chicago, Illinois, USA, October 8, 2010). AISec'10. 54--60.
[4]
Chen, K.-T., Chen, J.-Y., Huang, C.-R., and Chen, C.-S. 2009. Fighting phishing with discriminative keypoint features. IEEE Internet Computing, 13, 3 (May/June 2009), 56--63.
[5]
Downs, J. S., Holbrook, M., and Cranor L. F. 2007. Behavioral response to phishing risk. In Proceedings of the 2nd Anti-Phishing Working Group Annual eCrime Researchers Summit (Pittsburgh, Pennsylvania, USA, October 4--5, 2007). eCrime'07, 37--44
[6]
Hong, J. 2012. The state of phishing attacks. Commun. ACM, 55, 1 (January 2012), 74--81.
[7]
Lee, L.-H., Juan, Y.-C., Lee, K.-C., Tseng, W.-L., Chen, H.-H., and Tseng, Y.-H. 2012. Context-aware web security threat prevention. In Proceedings of the 19th ACM Conference on Computer and Communications Security (Raleigh, NC, USA, October 16--18, 2012). CCS'12. 992--994.
[8]
Lee, L.-H., Lee, K.-C., Juan, Y.-C., Chen, H.-H., and Tseng, Y.-H. 2014. Users' behavioral prediction for phishing detection. In Proceedings of the 23rd International World Wide Web Conference (Seoul, Korea, April 7--11, 2014). WWW'14. 337--338.
[9]
Ma, J., Saul, L. K., Savage, S., and Voelker, G. M. 2011. Learning to detect malicious URLs. ACM Trans. Intell. Syst. Technol. 2, 3 (April 2011), Article 30.
[10]
PhishTank, available online at http://www.phishtank.com.
[11]
Prakash, P., Kumar, M., Kompella, R. R., and Gupta, M. 2010. PhishNet: predictive blacklisting to detect phishing attacks. In Proceedings of the 29th IEEE Conference on Computer Communications (San Diego, CA, USA, March 15--19, 2010). INFOCOM'10, 1--5.
[12]
Xiang, G., Hong, J., Rose, C. P., and Cranor, L. F. 2011. CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inform. Syst. Se. 14, 2 (September. 2011), Article 21.

Cited By

View all
  • (2025)Phish Fighter: Self Updating Machine Learning Shield Against Phishing Kits Based on HTML Code AnalysisIEEE Access10.1109/ACCESS.2025.352599813(4460-4486)Online publication date: 2025
  • (2024)Exploring Multi-attribute Selection Strategies for Effective Phishing Detection with Machine LearningAdvanced Network Technologies and Intelligent Computing10.1007/978-3-031-64076-6_20(304-318)Online publication date: 8-Aug-2024
  • (2023)Hybrid Optimization Algorithm to Mitigate Phishing URL Attacks In Smart Cities2023 3rd International Conference on Innovative Practices in Technology and Management (ICIPTM)10.1109/ICIPTM57143.2023.10118171(1-5)Online publication date: 22-Feb-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Check for updates

Author Tags

  1. cyber crime
  2. phishing threat detection
  3. web security

Qualifiers

  • Poster

Funding Sources

Conference

CCS'14
Sponsor:

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)20
  • Downloads (Last 6 weeks)4
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Phish Fighter: Self Updating Machine Learning Shield Against Phishing Kits Based on HTML Code AnalysisIEEE Access10.1109/ACCESS.2025.352599813(4460-4486)Online publication date: 2025
  • (2024)Exploring Multi-attribute Selection Strategies for Effective Phishing Detection with Machine LearningAdvanced Network Technologies and Intelligent Computing10.1007/978-3-031-64076-6_20(304-318)Online publication date: 8-Aug-2024
  • (2023)Hybrid Optimization Algorithm to Mitigate Phishing URL Attacks In Smart Cities2023 3rd International Conference on Innovative Practices in Technology and Management (ICIPTM)10.1109/ICIPTM57143.2023.10118171(1-5)Online publication date: 22-Feb-2023
  • (2023)Uncovering the Cloak: A Systematic Review of Techniques Used to Conceal Phishing WebsitesIEEE Access10.1109/ACCESS.2023.329306311(71925-71939)Online publication date: 2023
  • (2023)Phishing or Not Phishing? A Survey on the Detection of Phishing WebsitesIEEE Access10.1109/ACCESS.2023.324713511(18499-18519)Online publication date: 2023
  • (2023)A comprehensive survey of phishing: mediums, intended targets, attack and defence techniques and a novel taxonomyInternational Journal of Information Security10.1007/s10207-023-00768-x23:2(819-848)Online publication date: 19-Oct-2023
  • (2021)Phishing Website Detection Based on Deep Convolutional Neural Network and Random Forest Ensemble LearningSensors10.3390/s2124828121:24(8281)Online publication date: 10-Dec-2021
  • (2021)Hacks Hit the Phish: Phish Attack Detection Based on Hacks SearchWireless Algorithms, Systems, and Applications10.1007/978-3-030-86137-7_33(299-309)Online publication date: 9-Sep-2021
  • (2020)COMAR: Classification of Compromised versus Maliciously Registered Domains2020 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP48549.2020.00045(607-623)Online publication date: Sep-2020
  • (2019)A Review of Human- and Computer-Facing URL Phishing Features2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW.2019.00027(182-191)Online publication date: Jun-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media