Intelligent rule-based phishing websites classification

Rami M. Mohammad, Fadi Thabtah, Lee McCluskey

Research output: Contribution to journalArticle

55 Citations (Scopus)

Abstract

Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the 'induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.

LanguageEnglish
Pages153-160
Number of pages8
JournalIET Information Security
Volume8
Issue number3
DOIs
Publication statusPublished - 2014

Fingerprint

Websites
Data mining

Cite this

Mohammad, Rami M. ; Thabtah, Fadi ; McCluskey, Lee. / Intelligent rule-based phishing websites classification. In: IET Information Security. 2014 ; Vol. 8, No. 3. pp. 153-160.
@article{57a540c437604c48940f0554a6e2a293,
title = "Intelligent rule-based phishing websites classification",
abstract = "Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the 'induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.",
author = "Mohammad, {Rami M.} and Fadi Thabtah and Lee McCluskey",
year = "2014",
doi = "10.1049/iet-ifs.2013.0202",
language = "English",
volume = "8",
pages = "153--160",
journal = "IET Information Security",
issn = "1751-8709",
publisher = "Institution of Engineering and Technology",
number = "3",

}

Intelligent rule-based phishing websites classification. / Mohammad, Rami M.; Thabtah, Fadi; McCluskey, Lee.

In: IET Information Security, Vol. 8, No. 3, 2014, p. 153-160.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Intelligent rule-based phishing websites classification

AU - Mohammad, Rami M.

AU - Thabtah, Fadi

AU - McCluskey, Lee

PY - 2014

Y1 - 2014

N2 - Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the 'induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.

AB - Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the 'induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.

UR - http://www.scopus.com/inward/record.url?scp=84899720952&partnerID=8YFLogxK

U2 - 10.1049/iet-ifs.2013.0202

DO - 10.1049/iet-ifs.2013.0202

M3 - Article

VL - 8

SP - 153

EP - 160

JO - IET Information Security

T2 - IET Information Security

JF - IET Information Security

SN - 1751-8709

IS - 3

ER -