RT info:eu-repo/semantics/article
T1 Phishing websites detection using a novel multipurpose dataset and web technologies features
A1 Sanchez Paniagua, Manuel
A1 Fidalgo Fernández, Eduardo
A1 Alegre Gutiérrez, Enrique
A1 Alaiz Rodríguez, Rocío
A2 Ingenieria de Sistemas y Automatica
K1 Informática
K1 Phishing detection
K1 Phishing dataset
K1 Web technologies
K1 Machine learning
K1 Login
K1 1203.17 Informática
K1 1
AB [EN] Phishing attacks are one of the most challenging social engineering cyberattacks due to the large amount of entities involved in online transactions and services. In these attacks, criminals deceive users to hijack their credentials or sensitive data through a login form which replicates the original website and submits the data to a malicious server. Many anti-phishing techniques have been developed in recent years, using different resource such as the URL and HTML code from legitimate index websites and phishing ones. These techniques have some limitations when predicting legitimate login websites, since, usually, no login forms are present in the legitimate class used for training the proposed model. Hence, in this work we present a methodology for phishing website detection in real scenarios, which uses URL, HTML, and web technology features. Since there is not any updated and multipurpose dataset for this task, we crafted the Phishing Index Login Websites Dataset (PILWD), an offline phishing dataset composed of 134,000 verified samples, that offers to researchers a wide variety of data to test and compare their approaches. Since approximately three-quarters of collected phishing samples request the introduction of credentials, we decided to crawl legitimate login websites to match the phishing standpoint. The developed approach is independent of third party services and the method relies on a new set of features used for the very first time in this problem, some of them extracted from the web technologies used by the on each specific website. Experimental results show that phishing websites can be detected with 97.95% accuracy using a LightGBM classifier and the complete set of the 54 features selected, when it was evaluated on PILWD dataset.
PB Elsevier
SN 0957-4174
LK https://hdl.handle.net/10612/17582
UL https://hdl.handle.net/10612/17582
NO Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., & Alaiz-Rodríguez, R. (2022). Phishing websites detection using a novel multipurpose dataset and web technologies features. Expert Systems with Applications, 207. https://doi.org/10.1016/J.ESWA.2022.118010
DS BULERIA. Repositorio Institucional de la Universidad de León
RD 14-jun-2024