Title: Complementing Blacklists: An Enhanced Technique to Learn Detection of Zero-Hour Phishing URLs
Issue Number: | Vol. 4, No. 4 |
Year of Publication: | Dec - 2015 |
Page Numbers: | 508-520 |
Authors: | Thomas Nagunwa |
Journal Name: | International Journal of Cyber-Security and Digital Forensics (IJCSDF) - Hong Kong |
DOI: http://dx.doi.org/10.17781/P001971
Abstract:
Increased phishing attacks despite existing anti-phishing tools suggests that the tools are not catching up with the attacks technically. Majority of the tools depend on blacklists which are way short in tackling zero-hour attacks, while existing heuristic tools are also less performing. We propose a machine learning classifier to complement a blacklist approach. The classifier uses a wide range of predictive features compared to those in similar studies, categorized as URL characteristics, web page contents, domain features and domain reputation/ranking. Using six different machine learning algorithms and a dataset of 890 URLs, our classifier achieved the best performance compared to similar solutions with an accuracy of 99.89%, 0.0% false positive and 0.1% false negative. Domain reputation features were the most predictive while web page content features were the least ones. Individually, blacklist reputation and Alexa ranking were the most influential features whereas popup login windows and hexadecimal number were the least ones.