PhishZip: A new compression-based algorithm for detecting phishing websites

Rizka Purwanto; Arindam Paly; Alan Blair; Sanjay Jha

doi:10.1109/CNS48642.2020.9162211

PhishZip: A new compression-based algorithm for detecting phishing websites

Rizka Purwanto, Arindam Paly, Alan Blair, Sanjay Jha

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

4 Citations (Scopus)

Abstract

Phishing has grown significantly in the past few years and is predicted to further increase in the future. The dynamics of phishing introduce challenges in implementing a robust phishing detection system and selecting features which can represent phishing despite the change of attack. In this study, we propose PhishZip which is a novel phishing detection approach using a compression algorithm to perform website classification and demonstrate a systematic way to construct the word dictionaries for the compression models using word occurrence likelihood analysis. PhishZip outperforms the use of best-performing HTML-based features in past studies, with a true positive rate of 80.04%. We also propose the use of compression ratio as a novel machine learning feature which significantly improves machine learning based phishing detection over previous studies. Using compression ratios as additional features, the true positive rate significantly improves by 30.3% (from 51.47% to 81.77%), while the accuracy increases by 11.84% (from 71.20% to 83.04%).

Original language	English
Title of host publication	2020 IEEE Conference on Communications and Network Security, CNS 2020
Editors	Chunxiao Jiang
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Number of pages	9
ISBN (Electronic)	9781728147604, 9781728147598
ISBN (Print)	9781728147611
DOIs	https://doi.org/10.1109/CNS48642.2020.9162211
Publication status	Published - 2020
Externally published	Yes
Event	IEEE Conference on Communications and Network Security 2020 - Online, France Duration: 29 Jun 2020 → 1 Jul 2020 https://ieeexplore.ieee.org/xpl/conhome/9153729/proceeding (Proceedings) https://cns2020.ieee-cns.org/index.html#:~:text=Following%20the%20advice%20and%20guidelines,presented%20at%20the%20virtual%20conference. (Website)

Conference

Conference	IEEE Conference on Communications and Network Security 2020
Abbreviated title	CNS 2020
Country/Territory	France
Period	29/06/20 → 1/07/20
Internet address	https://ieeexplore.ieee.org/xpl/conhome/9153729/proceeding (Proceedings) https://cns2020.ieee-cns.org/index.html#:~:text=Following%20the%20advice%20and%20guidelines,presented%20at%20the%20virtual%20conference. (Website)

Keywords

classification
compression
phishing detection
web page

Access to Document

10.1109/CNS48642.2020.9162211

Cite this

@inproceedings{2a8ea32505234667bfd55d67766e842b,

title = "PhishZip: A new compression-based algorithm for detecting phishing websites",

abstract = "Phishing has grown significantly in the past few years and is predicted to further increase in the future. The dynamics of phishing introduce challenges in implementing a robust phishing detection system and selecting features which can represent phishing despite the change of attack. In this study, we propose PhishZip which is a novel phishing detection approach using a compression algorithm to perform website classification and demonstrate a systematic way to construct the word dictionaries for the compression models using word occurrence likelihood analysis. PhishZip outperforms the use of best-performing HTML-based features in past studies, with a true positive rate of 80.04%. We also propose the use of compression ratio as a novel machine learning feature which significantly improves machine learning based phishing detection over previous studies. Using compression ratios as additional features, the true positive rate significantly improves by 30.3% (from 51.47% to 81.77%), while the accuracy increases by 11.84% (from 71.20% to 83.04%).",

keywords = "classification, compression, phishing detection, web page",

author = "Rizka Purwanto and Arindam Paly and Alan Blair and Sanjay Jha",

note = "Funding Information: Rizka Widyarini Purwanto was supported by a UNSW University International Postgraduate Award (UIPA) scholarship. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the scholarship provider. Funding Information: The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government{\textquoteright}s Cooperative Research Centres Programme. Publisher Copyright: {\textcopyright} 2020 IEEE.; IEEE Conference on Communications and Network Security 2020, CNS 2020 ; Conference date: 29-06-2020 Through 01-07-2020",

year = "2020",

doi = "10.1109/CNS48642.2020.9162211",

language = "English",

isbn = "9781728147611",

editor = "Chunxiao Jiang",

booktitle = "2020 IEEE Conference on Communications and Network Security, CNS 2020",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/9153729/proceeding, https://cns2020.ieee-cns.org/index.html#:~:text=Following%20the%20advice%20and%20guidelines,presented%20at%20the%20virtual%20conference.",

}

Purwanto, R, Paly, A, Blair, A & Jha, S 2020, PhishZip: A new compression-based algorithm for detecting phishing websites. in C Jiang (ed.), 2020 IEEE Conference on Communications and Network Security, CNS 2020., 9162211, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, IEEE Conference on Communications and Network Security 2020, France, 29/06/20. https://doi.org/10.1109/CNS48642.2020.9162211

PhishZip: A new compression-based algorithm for detecting phishing websites. / Purwanto, Rizka; Paly, Arindam; Blair, Alan et al.
2020 IEEE Conference on Communications and Network Security, CNS 2020. ed. / Chunxiao Jiang. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2020. 9162211.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - PhishZip

T2 - IEEE Conference on Communications and Network Security 2020

AU - Purwanto, Rizka

AU - Paly, Arindam

AU - Blair, Alan

AU - Jha, Sanjay

N1 - Funding Information: Rizka Widyarini Purwanto was supported by a UNSW University International Postgraduate Award (UIPA) scholarship. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the scholarship provider. Funding Information: The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme. Publisher Copyright: © 2020 IEEE.

PY - 2020

Y1 - 2020

N2 - Phishing has grown significantly in the past few years and is predicted to further increase in the future. The dynamics of phishing introduce challenges in implementing a robust phishing detection system and selecting features which can represent phishing despite the change of attack. In this study, we propose PhishZip which is a novel phishing detection approach using a compression algorithm to perform website classification and demonstrate a systematic way to construct the word dictionaries for the compression models using word occurrence likelihood analysis. PhishZip outperforms the use of best-performing HTML-based features in past studies, with a true positive rate of 80.04%. We also propose the use of compression ratio as a novel machine learning feature which significantly improves machine learning based phishing detection over previous studies. Using compression ratios as additional features, the true positive rate significantly improves by 30.3% (from 51.47% to 81.77%), while the accuracy increases by 11.84% (from 71.20% to 83.04%).

AB - Phishing has grown significantly in the past few years and is predicted to further increase in the future. The dynamics of phishing introduce challenges in implementing a robust phishing detection system and selecting features which can represent phishing despite the change of attack. In this study, we propose PhishZip which is a novel phishing detection approach using a compression algorithm to perform website classification and demonstrate a systematic way to construct the word dictionaries for the compression models using word occurrence likelihood analysis. PhishZip outperforms the use of best-performing HTML-based features in past studies, with a true positive rate of 80.04%. We also propose the use of compression ratio as a novel machine learning feature which significantly improves machine learning based phishing detection over previous studies. Using compression ratios as additional features, the true positive rate significantly improves by 30.3% (from 51.47% to 81.77%), while the accuracy increases by 11.84% (from 71.20% to 83.04%).

KW - classification

KW - compression

KW - phishing detection

KW - web page

UR - http://www.scopus.com/inward/record.url?scp=85090139707&partnerID=8YFLogxK

U2 - 10.1109/CNS48642.2020.9162211

DO - 10.1109/CNS48642.2020.9162211

M3 - Conference Paper

AN - SCOPUS:85090139707

SN - 9781728147611

BT - 2020 IEEE Conference on Communications and Network Security, CNS 2020

A2 - Jiang, Chunxiao

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

Y2 - 29 June 2020 through 1 July 2020

ER -

PhishZip: A new compression-based algorithm for detecting phishing websites

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this