CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites - Citegraph

Paper Info

Title
CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites

Abstract
Phishing is a plague in cyberspace. Typically, phish detection methods either use human-verified URL blacklists or exploit Web page features via machine learning techniques. However, the former is frail in terms of new phish, and the latter suffers from the scarcity of effective features and the high false positive rate (FP). To alleviate those problems, we propose a layered anti-phishing solution that aims at (1) exploiting the expressiveness of a rich set of features with machine learning to achieve a high true positive rate (TP) on novel phish, and (2) limiting the FP to a low level via filtering algorithms. Specifically, we proposed CANTINA+, the most comprehensive feature-based approach in the literature including eight novel features, which exploits the HTML Document Object Model (DOM), search engines and third party services with machine learning techniques to detect phish. Moreover, we designed two filters to help reduce FP and achieve runtime speedup. The first is a near-duplicate phish detector that uses hashing to catch highly similar phish. The second is a login form filter, which directly classifies Web pages with no identified login form as legitimate. We extensively evaluated CANTINA+ with two methods on a diverse spectrum of corpora with 8118 phish and 4883 legitimate Web pages. In the randomized evaluation, CANTINA+ achieved over 92&percnt; TP on unique testing phish and over 99&percnt; TP on near-duplicate testing phish, and about 0.4&percnt; FP with 10&percnt; training phish. In the time-based evaluation, CANTINA+ also achieved over 92&percnt; TP on unique testing phish, over 99&percnt; TP on near-duplicate testing phish, and about 1.4&percnt; FP under 20&percnt; training phish with a two-week sliding window. Capable of achieving 0.4&percnt; FP and over 92&percnt; TP, our CANTINA+ has been demonstrated to be a competitive anti-phishing solution.

Year	DOI	Venue
2011	10.1145/2019599.2019606	ACM Trans. Inf. Syst. Secur.
Keywords	DocType	Volume
near-duplicate phish detector,near-duplicate testing phish,Detecting Phishing Web Sites,new phish,Web page feature,unique testing phish,Feature-Rich Machine Learning Framework,phish detection method,Web page,similar phish,training phish,novel phish	Journal	14
Issue	ISSN	Citations
2	1094-9224	119
PageRank	References	Authors
3.92	24	4

Search Limit

100119

Authors (4 rows)

Cited by (100 rows)

References (24 rows)

Name	Order	Citations	PageRank
Guang Xiang	1	382	18.31
Jason Hong	2	6706	518.75
Rosé Carolyn	3	2126	222.80
Lorrie Faith Cranor	4	6767	515.80

1