Title: Complementing Blacklists: An Enhanced Technique to Learn Detection of Zero-Hour Phishing URLs

Issue Number: Vol. 4, No. 4
Year of Publication: Dec - 2015
Page Numbers: 508-520
Authors: Thomas Nagunwa
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P001971


Increased phishing attacks despite existing anti-phishing tools suggests that the tools are not catching up with the attacks technically. Majority of the tools depend on blacklists which are way short in tackling zero-hour attacks, while existing heuristic tools are also less performing. We propose a machine learning classifier to complement a blacklist approach. The classifier uses a wide range of predictive features compared to those in similar studies, categorized as URL characteristics, web page contents, domain features and domain reputation/ranking. Using six different machine learning algorithms and a dataset of 890 URLs, our classifier achieved the best performance compared to similar solutions with an accuracy of 99.89%, 0.0% false positive and 0.1% false negative. Domain reputation features were the most predictive while web page content features were the least ones. Individually, blacklist reputation and Alexa ranking were the most influential features whereas popup login windows and hexadecimal number were the least ones.