PhishDef: URL names say it all

Phishing is an increasingly sophisticated method to steal personal user information using sites that pretend to be legitimate. In this paper, we take the following steps to identify phishing URLs. First, we carefully select lexical features of the URLs that are resistant to obfuscation techniques used by attackers. Second, we evaluate the classification accuracy when using only lexical features, both automatically and hand-selected, vs. when using additional features. We show that lexical features are sufficient for all practical purposes. Third, we thoroughly compare several classification algorithms, and we propose to use an online method (AROW) that is able to overcome noisy training data. Based on the insights gained from our analysis, we propose PhishDef, a phishing detection system that uses only URL names and combines the above three elements. PhishDef is a highly accurate method (when compared to state-of-the-art approaches over real datasets), lightweight (thus appropriate for online and client-side deployment), proactive (based on online classification rather than blacklists), and resilient to training data inaccuracies (thus enabling the use of large noisy training data).

• Publication year

  2010

• Venue

  2011 Proceedings IEEE INFOCOM

• Publication date

  2010-09-12

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/INFCOM.2011.5934995arXiv 1009.2275
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• PhishNet: Predictive Blacklisting to Detect Phishing Attacks

  2010cited by this paper
• Large-Scale Automatic Classification of Phishing Pages

  2010cited by this paper
• Beyond blacklists: learning to detect malicious web sites from suspicious URLs

  2009cited by this paper
• A Comparison of Tools for Detecting Fake Websites

  2009cited by this paper
• Identifying suspicious URLs: an application of large-scale online learning

  2009influential reference
• LIBLINEAR: A Library for Large Linear Classification

  2008cited by this paper
• Confidence-weighted linear classification

  2008cited by this paper
• Exact Convex Confidence-Weighted Learning

  2008cited by this paper
• Behind Phishing: An Examination of Phisher Modi Operandi

  2008cited by this paper
• Improved Phishing Detection using Model-Based Features

  2008cited by this paper
• A framework for detection and measurement of phishing attacks

  2007cited by this paper
• Cantina: a content-based approach to detecting phishing web sites

  2007cited by this paper
• Learning to detect phishing emails

  2007cited by this paper
• Open Directory Project

  2003cited by this paper
• Noname manuscript No. (will be inserted by the editor) Adaptive Regularization of Weight Vectors

  year unknowncited by this paper

• A zero-trust decentralized identifier specification based machine learning against cyber-attacks in blockchain based self-sovereign identity

  2026cites this paper
• Augmenting Malware URL Detection via Lexical Features and Hybrid Machine Learning Approaches

  2025cites this paper
• From Past to Present: A Survey of Malicious URL Detection Techniques, Datasets and Code Repositories

  2025cites this paper
• Be Aware of What You Let Pass: Demystifying URL-based Authentication Bypass Vulnerability in Java Web Applications

  2025cites this paper
• Cost-Sensitive User Modeling for Predicting Phishing Susceptibility

  2025cites this paper
• WebGuard++:Interpretable Malicious URL Detection via Bidirectional Fusion of HTML Subgraphs and Multi-Scale Convolutional BERT

  2025cites this paper
• Enhance the machine learning algorithm performance in phishing detection with keyword features

  2025cites this paper
• An Approach for Efficient and Accurate Phishing Website Prediction Using Improved ML Classifier Performance for Feature Selection

  2024cites this paper
• Malicious URL Detection using Machine Learning and CSV

  2024cites this paper
• Graph-based phishing detection: URLGBM model driven by machine learning

  2024cites this paper
• Digital Fortress - Web Application Malware Detection

  2024cites this paper
• URL and Domain Obfuscation Techniques - Prevalence and Trends Observed on Phishing Data

  2024cites this paper
• Enhancing Malicious URL Detection: A Novel Framework Leveraging Priority Coefficient and Feature Evaluation

  2024cites this paper
• Phishing Detection Dataset: Feature Engineering and Selection

  2024cites this paper
• Phishing Detection System Through Hybrid Machine Learning Based on URL

  2023cites this paper
• A Web Attack Detection Method Based on DistilBERT and Feature Fusion for Power Micro-Application Server

  2023cites this paper
• Machine Learning Models Stacking in the Malicious Links Detecting

  2023cites this paper
• Effectiveness of Certificate Transparency (CT) Check and Other Datapoints in Countering Phishing Attacks

  2023cites this paper
• Explainable machine learning for phishing feature detection

  2023cites this paper
• IDTracker: Discovering Illicit Website Communities via Third-party Service IDs

  2023cites this paper
• A Large-Scale Pretrained Deep Model for Phishing URL Detection

  2023cites this paper
• Feature Selections for Phishing URLs Detection Using Combination of Multiple Feature Selection Methods

  2023cites this paper
• Phishing or Not Phishing? A Survey on the Detection of Phishing Websites

  2023cites this paper
• Content-Agnostic Detection of Phishing Domains using Certificate Transparency and Passive DNS

  2022cites this paper
• HyperMan: detecting misbehavior in online forums based on hyperlink posting behavior

  2022cites this paper
• Equivocal URLs: Understanding the Fragmented Space of URL Parser Implementations

  2022cites this paper
• Enhancing Cryptocurrency Blocklisting: A Secure, Trustless, and Effective Realization

  2022cites this paper
• The Web Attack Detection System for Internet of Things via Ensemble Classification

  2022cites this paper
• AI-Powered Phishing Detection: Protecting Enterprises from Advanced Social Engineering Attacks

  2022cites this paper
• Phishing Website Detection With Semantic Features Based on Machine Learning Classifiers: A Comparative Study

  2022cites this paper
• A lightweight and proactive rule-based incremental construction approach to detect phishing scam

  2022cites this paper
• I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior

  2022cites this paper
• Logistic Regression based Machine Learning Technique for Phishing Website Detection

  2022cites this paper
• URL-Based Dynamic Monitoring of Android Malware using Machine Learning

  2022cites this paper
• Comparative Analysis of Machine Learning Classifiers for Phishing Detection

  2022cites this paper
• Identifying the Phishing Websites Using the Patterns of TLS Certificates

  2021cites this paper
• Detecting and Classifying Phishing Websites by Machine Learning

  2021cites this paper
• Phishing websites detection via CNN and multi-head self-attention on imbalanced datasets

  2021cites this paper
• Analysis of third-party request structures to detect fraudulent websites

  2021cites this paper
• LinkMan: hyperlink-driven misbehavior detection in online security forums

  2021cites this paper
• Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits

  2021cites this paper
• Phishing Detection using Deep Learning

  2021cites this paper
• An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment

  2021cites this paper
• A Novel Web Attack Detection System for Internet of Things via Ensemble Classification

  2021cites this paper
• PhishMatch: A Layered Approach for Effective Detection of Phishing URLs

  2021influential citation
• A Survey on Web Phishing Detection Techniques

  2021cites this paper
• Towards Lightweight URL-Based Phishing Detection

  2021cites this paper
• Where are you taking me?Understanding Abusive Traffic Distribution Systems

  2021cites this paper
• Detection of Fraudulent Websites Through Third-party Request Structure

  2021cites this paper
• Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs

  2021cites this paper
• Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints

  2020cites this paper
• Topical classification of domain names based on subword embeddings

  2020cites this paper
• Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?

  2020cites this paper
• Analysis of Phishing Website Detection Using CNN and Bidirectional LSTM

  2020cites this paper
• Classifying and clustering malicious advertisement uniform resource locators using deep learning

  2020cites this paper
• Detection of Phishing URLs by Using Deep Learning Approach and Multiple Features Combinations

  2020cites this paper
• Reliability and Robustness analysis of Machine Learning based Phishing URL Detectors

  2020influential citation
• Why Johnny can't rely on anti-phishing educational interventions to protect himself against contemporary phishing attacks?

  2020influential citation
• Web-Based Classification for Safer Browsing

  2020cites this paper
• Towards Adversarial Phishing Detection

  2020cites this paper
• A Review on Phishing—Machine Vision and Learning Approaches

  2020cites this paper
• Robust Malicious Domain Detection

  2020cites this paper
• An Optimal Technique For Predictive Phishing Detection

  2020cites this paper
• Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

  2020cites this paper
• Towards Fighting Cybercrime: Malicious URL Attack Type Detection using Multiclass Classification

  2020cites this paper
• Learning-based models to detect runtime phishing activities using URLs

  2020cites this paper
• Less is More: Robust and Novel Features for Malicious Domain Detection

  2020cites this paper
• SPWalk: Similar Property Oriented Feature Learning for Phishing Detection

  2020cites this paper
• Detection of Phishing Websites by Using Machine Learning-Based URL Analysis

  2020cites this paper
• Malicious URL Detection Using Supervised Machine Learning Techniques

  2020cites this paper
• PhishHaven—An Efficient Real-Time AI Phishing URLs Detection System

  2020cites this paper
• An Evasion Attack against ML-based Phishing URL Detectors

  2020influential citation
• A Novel Visual Similarity-based Phishing Detection Scheme using Hue Information with Auto Updating Database

  2019cites this paper
• Phishing URL Detection via CNN and Attention-Based Hierarchical RNN

  2019cites this paper
• SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

  2019cites this paper
• A Comprehensive Evaluation of HTTP Header Features for Detecting Malicious Websites

  2019cites this paper
• Optimization of URL-Based Phishing Websites Detection through Genetic Algorithms

  2019cites this paper
• Mecanismo de proteção contra phishing

  2019cites this paper
• NeuralAS: Deep Word-Based Spoofed URLs Detection Against Strong Similar Samples

  2019cites this paper
• A keyword-based combination approach for detecting phishing webpages

  2019cites this paper
• MeshTrust: A CDN-Centric Trust Model for Reputation Management on Video Traffic

  2019cites this paper
• Pixel based Classification of Poultry Farm using Satellite Images

  2019cites this paper
• Phishing Website Detection Based on Multidimensional Features Driven by Deep Learning

  2019cites this paper
• Detection of URL based Phishing Attacks using Machine Learning

  2019cites this paper
• Machine learning based phishing detection from URLs

  2019cites this paper
• Malicious Face Book Application Using FRAppE Algorithm

  2019cites this paper
• Machine Learning Features for Malicious URL Filtering- The Survey

  2019influential citation
• A Comparative Study of Detection of Phishing URL

  2019cites this paper
• PDRCNN: Precise Phishing Detection with Recurrent Convolutional Neural Networks

  2019cites this paper
• Everything Is in the Name - A URL Based Approach for Phishing Detection

  2019cites this paper
• Tear Off Your Disguise: Phishing Website Detection Using Visual and Network Identities

  2019cites this paper
• A Hybrid Approach for Anomaly Detection in Social Networks

  2019cites this paper
• Tuning the False Positive Rate / False Negative Rate with Phishing Detection Models

  2019cites this paper
• Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack

  2019cites this paper
• URLNet: Learning a URL Representation with Deep Learning for Malicious URL Detection

  2018cites this paper
• NEW PHISHING HYBRID DETECTION FRAMEWORK

  2018cites this paper
• Learning-based Cyber Security Analysis and Binary Customization for Security

  2018cites this paper
• FrameHanger: Evaluating and Classifying Iframe Injection at Large Scale

  2018cites this paper
• Detection of malicious URLs based on word vector representation and ngram

  2018cites this paper
• Detection of phishing websites using a novel twofold ensemble model

  2018cites this paper