Title :
Detecting DNS-poisoning-based phishing attacks from their network performance characteristics
Author :
Kim, Heonhwan ; Huh, Jun Ho
Author_Institution :
Comput. Lab., Univ. of Cambridge, Cambridge, UK
Abstract :
Most of the existing phishing detection techniques are weak against domain name system (DNS)-poisoning-based phishing attacks. Proposed is a highly effective method for detecting such attacks: the network performance characteristics of websites are used for classification. To demonstrate how useful the approach is, the performance of four classification algorithms are explored: linear discriminant analysis, naïve Bayesian, K-nearest neighbour, and support vector machine. Over 10 000 real-world items of routing information have been observed during a one-week period. The experimental results show that the best-performing classification method - which uses the K-nearest neighbour algorithm - is capable of achieving a true positive rate of 99.4% and a false positive rate of 0.7%.
Keywords :
Web sites; belief networks; computer network performance evaluation; computer network security; pattern classification; support vector machines; Websites; classification algorithms; domain name system poisoning based phishing attacks; k-nearest neighbour; linear discriminant analysis; naive Bayesian; network performance characteristics; support vector machine;
Journal_Title :
Electronics Letters
DOI :
10.1049/el.2011.0399
