Abstract
Phishing is a real threat on the Internet nowadays. According to a report released by an American security firm, RSA, there have been approximately 33,000 phishing attacks globally each month in 2012, leading to a loss of $687 million. Therefore, fighting against phishing attacks is of great importance. One popular and widely-deployed solution with browsers is to integrate a blacklist sites into them. However, this solution, which is unable to detect new attacks if the database is out of date, appears to be not effective when there are a lager number of phishing attacks created very day. In this paper, we propose a solution to this problem by applying Genetic Programming to phishing detection problem. We conducted the experiments on a data set including both phishing and legitimate sites collected from the Internet. We compared the performance of Genetic Programming with a number of other machine learning techniques and the results showed that Genetic Programming produced the best solutions to phishing detection problem.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Poli, R., Langdonand, W., McPhee, N.: A Field Guide to Genetic Programming (2008), http://lulu.com
Koza, J.: Genetic Programming: on the Programming of Computers by Natural Selection. MIT Press, MA (1992)
Koza, J.: Human-competitive results produced by genetic programming. Genetic Programming and Evolvable Machines 11(3-4), 251–284 (2010)
Sen, S., Clark, J.A.: A grammatical evolution approach to intrusion detection on mobile ad hoc networks. In: WiSec 2009: Proceedings of the Second ACM Conference on Wireless Network Security, Zurich, Switzerland, March 16-19, pp. 95–102. ACM (2009)
Blasco, J., Orfila, A., Ribagorda, A.: Improving network intrusion detection by means of domain-aware genetic programming. In: International Conference on Availability, Reliability, and Security, ARES 2010, pp. 327–332 (February 2010)
Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 41(1), 130–139 (2011)
Ludl, C., McAllister, S., Kirda, E., Kruegel, C.: On the effectiveness of techniques to detect phishing sites. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 20–39. Springer, Heidelberg (2007)
RSA: Phishing in season: A look at online fraud in 2012 (2012), http://blogs.rsa.com/phishing-in-season-a-look-at-online-fraud-in-2012/
Microsoft: Sender id home page (2007), http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
Yahoo: Yahoo! antispam resource center (2007), http://antispam.yahoo.com/domainkeys
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: Proceedings of the 14th USENIX Security Symposium, USENIX (August 2005)
Kirda, E., Krügel, C.: Protecting users against phishing attacks. Computer Journal 49(5), 554–561 (2006)
Schneider, F., Provos, N., Moll, R., Chew, M., Rakowski, B.: Phishing protection design documentation (2007), http://wiki.mozilla.org/PhishingProtection:DesignDocumentation
Chou, N., Ledesma, R., Teraguchi, Y., Mitchell, J.C.: Client-side defense against web-based identity theft. In: 11th Annual Network and Distributed System Security Symposium. The Internet Society (2004)
Blum, A., Wardman, B., Solorio, T., Warner, G.: Lexical feature based phishing URL detection using online learning. In: Greenstadt, R. (ed.) Proceedings of the 3rd ACM Workshop on Security and Artificial Intelligence, AISec 2010, pp. 54–60. ACM, Chicago (October 8, 2010)
Scrapy: Scrapy: web crawling framework, http://scrapy.org/
Quinlan: Learning decision tree classifiers. CSURV: Computing Surveys 28 (1996)
Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann, San Mateo (1993)
Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann (2005)
Heckerman, D.: Tutorial on learning in bayesian networks. Technical Report MSR-TR-95-06, Microsoft (1995)
Das, S.: Elements of artificial neural networks. IEEE Transactions on Neural Networks 9(1), 234–235 (1998)
Uy, N.Q., Hien, N.T., Hoai, N.X., O’Neill, M.: Improving the generalisation ability of genetic programming with semantic similarity based crossover. In: Esparcia-Alcázar, A.I., Ekárt, A., Silva, S., Dignum, S., Uyar, A.Ş. (eds.) EuroGP 2010. LNCS, vol. 6021, pp. 184–195. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Pham, T.A., Nguyen, Q.U., Nguyen, X.H. (2014). Phishing Attacks Detection Using Genetic Programming. In: Huynh, V., Denoeux, T., Tran, D., Le, A., Pham, S. (eds) Knowledge and Systems Engineering. Advances in Intelligent Systems and Computing, vol 245. Springer, Cham. https://doi.org/10.1007/978-3-319-02821-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-02821-7_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-02820-0
Online ISBN: 978-3-319-02821-7
eBook Packages: EngineeringEngineering (R0)