Phishing Detection Techniques: A review
DOI:
https://doi.org/10.32734/jocai.v9.i1-19904Keywords:
Phishing, Anti-Phishing Tools, Heuristic, Machine Learning, Meta HeuristicAbstract
Phishing remains one of the most pervasive and sophisticated threats to cybersecurity, exploiting human and system vulnerabilities to compromise sensitive information. This study systematically reviews and categorizes phishing detection techniques into four groups: anti-phishing tools, heuristic approaches, machine learning-based techniques, and metaheuristic algorithms. Each method is critically analyzed for its effectiveness, highlighting their strengths and limitations. The review identifies significant advancements in phishing detection, such as the adoption of hybrid techniques and real-time detection algorithms, while also addressing gaps, including handling zero-day phishing attacks and scalability in large datasets. The findings provide a roadmap for future research, encouraging the development of more robust, adaptive, and efficient solutions. This comprehensive analysis not only synthesizes the state-of-the-art in phishing detection but also lays the groundwork for designing next-generation defense mechanisms.
Downloads
References
P. Sengar and V. Kumar, "Client-side defense against phishing with pagesafe," International Journal of Computer Applications, vol. 4, no. 4, pp. 6-10, 2010.
N. R. T.Guhan "Analyzing And Detecting Phishing Webpages Withvisual Similarity Assessment Based On Earth Mover’s Distance With Linear Programming Model," International Journal of Advanced Engineering Technology Research vol. Vol.III, pp. 327-330, 2012.
E. Medvet, E. Kirda, and C. Kruegel, "Visual-similarity-based phishing detection," in Proceedings of the 4th international conference on Security and privacy in communication netowrks, 2008: ACM, p. 22.
W. Zhang, H. Lu, B. Xu, and H. Yang, "Web phishing detection based on page spatial layout similarity," Informatica, vol. 37, no. 3, pp. 231-244, 2013.
M. Aburrous, M. Hossain, K. Dahal, and F. Thabtah, "Associative classification techniques for predicting e-banking phishing websites," in Multimedia Computing and Information Technology (MCIT), 2010 International Conference on, 2010: IEEE, pp. 9-12.
M. d. I. A. Ajlouni, W. e. Hadi, and J. Alwedyan, "Detecting Phishing Websites Using Associative Classification," European Journal of Business and Management, vol. 5, no. 15, pp. 36-40, 2013.
K. Jansson and R. Von Solms, "Phishing for phishing awareness," Behaviour & Information Technology, vol. 32, no. 6, pp. 584-593, 2013.
M. Khonji, Y. Iraqi, and A. Jones, "Phishing Detection: A Literature Survey," 2013.
R. Dhanalakshmi, C. Prabhu, and C. Chellapan, "Detection of phishing websites and secure transactions," International Journal Communication & Network Security (IJCNS). v1, pp. 15-21, 2011.
A. Bergholz, J. De Beer, S. Glahn, M.-F. Moens, G. Paaß, and S. Strobel, "New filtering approaches for phishing email," Journal of computer security, vol. 18, no. 1, pp. 7-35, 2010.
I. R. A. Hamid and J. H. Abawajy, "Profiling Phishing Email Based on Clustering Approach," in Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, 2013: IEEE, pp. 628-635.
M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, "Intelligent phishing detection system for e-banking using fuzzy data mining," Expert systems with applications, vol. 37, no. 12, pp. 7913-7921, 2010.
Y. Zhang, S. Egelman, L. Cranor, and J. Hong, "Phinding phish: Evaluating anti-phishing tools," 2006: ISOC.
M. Wu, R. C. Miller, and G. Little, "Web wallet: preventing phishing attacks by revealing user intentions," in Proceedings of the second symposium on Usable privacy and security, 2006: ACM, pp. 102-113.
M. Blasi, "Techniques for detecting zero day phishing websites," Iowa State University, 2009.
S. Garera, N. Provos, M. Chew, and A. D. Rubin, "A framework for detection and measurement of phishing attacks," in Proceedings of the 2007 ACM workshop on Recurring malcode, 2007: ACM, pp. 1-8.
M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabatah, "Modelling Intelligent Phishing Detection System for e-Banking using Fuzzy Data Mining," in CyberWorlds, 2009. CW'09. International Conference on, 2009: IEEE, pp. 265-272.
P. Barraclough, M. Hossain, M. Tahir, G. Sexton, and N. Aslam, "Intelligent phishing detection and protection scheme for online transactions," Expert Systems with Applications, 2013.
P. Malathi and P. Vivekanandan, "An Efficient Framewo."
L. F. Cranor, S. Egelman, J. I. Hong, and Y. Zhang, "Phinding Phish: An Evaluation of Anti-Phishing Toolbars," in NDSS, 2007.
A. Alnajim and M. Munro, "An Anti-Phishing Approach that Uses Training Intervention for Phishing Websites Detection," in Information Technology: New Generations, 2009. ITNG'09. Sixth International Conference on, 2009: IEEE, pp. 405-410.
S. T. Kumar, V. Kumar, and A. Kumar, "Detection and Prevention of Phishing Attacks Using Linkguard Algorithm," 2008.
J. N. M. Joshua S. White, John L. Stacy, "A Method For The Automated Detection Of Phishing Websites Through Both Site Characteristics And Image Analysis," 2011.
J. Chhikara, R. Dahiya, N. Garg, and M. Rani, "Phishing & Anti-Phishing Techniques: Case Study," International Journal, vol. 3, no. 5, 2013.
A. P. Rosiello, E. Kirda, and F. Ferrandi, "A layout-similarity-based approach for detecting phishing pages," in Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on, 2007: IEEE, pp. 454-463.
J. Mao, P. Li, K. Li, T. Wei, and Z. Liang, "BaitAlarm: Detecting Phishing Sites Using Similarity in Fundamental Visual Features," in Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on, 2013: IEEE, pp. 790-795.
M. Shrivastava, R. Sinha, and B. Shukla, "Panchâ ¼Vaktram (A Web Browser with a Spoof Guard Technology)," in International Conference on Computer Technology and Development, 3rd (ICCTD 2011), 2011: ASME Press.
A. Y. Fu, L. Wenyin, and X. Deng, "Detecting phishing web pages with visual similarity assessment based on earth mover's distance (EMD)," Dependable and Secure Computing, IEEE Transactions on, vol. 3, no. 4, pp. 301-311, 2006.
E. H. Chang, K. L. Chiew, S. N. Sze, and W. K. Tiong, "Phishing Detection via Identification of Website Identity," in IT Convergence and Security (ICITCS), 2013 International Conference on, 2013: IEEE, pp. 1-4.
T. Pitakrat, A. van Hoorn, and L. Grunske, "A comparison of machine learning algorithms for proactive hard disk drive failure detection," in Proceedings of the 4th international ACM Sigsoft symposium on Architecting critical systems, 2013: ACM, pp. 1-10.
A. Kalybayev, "Comparative study of machine learning algorithms in website phishing detection," Universiti Teknologi Malaysia, Faculty of Computing, 2013.
A. Khade and S. K. Shinde, "Detection of Phishing Websites Using Data Mining Techniques," in International Journal of Engineering Research and Technology, 2014, vol. 2, no. 12 (December-2013): ESRSA Publications.
S. Abu-Nimeh, D. Nappa, X. Wang, and S. Nair, "A comparison of machine learning techniques for phishing detection," in Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, 2007: ACM, pp. 60-69.
J. M. De Sa, Pattern recognition: concepts, methods, and applications. Springer, 2001.
H. M. Deylami and Y. P. Singh, "Cybercrime detection techniques based on support vector machines," Artificial Intelligence Research, vol. 2, no. 1, 2013.
A. Liaw and M. Wiener, "Classification and Regression by randomForest," R news, vol. 2, no. 3, pp. 18-22, 2002.
L. Breiman, "Random forests," Machine learning, vol. 45, no. 1, pp. 5-32, 2001.
A. DeMaris and S. H. Selman, "Logistic regression," in Converting Data into Evidence: Springer, 2013, pp. 115-136.
R. Basnet, S. Mukkamala, and A. H. Sung, "Detection of phishing attacks: A machine learning approach," in Soft Computing Applications in Industry: Springer, 2008, pp. 373-383.
D. M. L. V. Radha Damodaram, "Experimental Study on Meta Heuristic Optimization Algorithms for
Fake Website Detection " International Association of Scientific Innovation and Research (IASIR) vol. 2 pp. 43-53 2012.
M. Radha Damodaram and M. Valarmathi, "Phishing Website Detection and Optimization Using Particle Swarm Optimization Technique," International Journal of Computer Science and Security (IJCSS), vol. 5, no. 5, p. 477, 2011.
M. Radha Damodaram and M. Valarmathi, "Bacterial Foraging Optimization for Fake Website Detection," International Journal of Computer Science & Applications (TIJCSA), vol. 1, no. 11, 2013.
N. Langhari and M. Abdolrazzagh Nejad, "Phishing website detection for e-banking by inclined planes optimization algorithm," Electronic and Cyber Defense, vol. 3, no. 1, pp. 29-39, 2015.
M. Abdolrazzagh-Nezhad, "Classification and phishing websites detection by fuzzy rules and modified inclined planes optimization," Nashriyyah-i Muhandisi-i Barq va Muhandisi-i Kampyutar-i Iran, vol. 52, no. 4, p. 311, 2017.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Data Science: Journal of Computing and Applied Informatics
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned to Data Science: Journal of Informatics Technology and Computer Science (JoCAI) and Faculty of Computer Science and Information Technology as well as TALENTA Publisher Universitas Sumatera Utara as publisher of the journal.
Copyright encompasses exclusive rights to reproduce and deliver the article in all form and media. The reproduction of any part of this journal, its storage in databases and its transmission by any form or media, will be allowed only with a written permission fromData Science: Journal of Informatics Technology and Computer Science (JoCAI).
The Copyright Transfer Form can be downloaded here.
The copyright form should be signed originally and sent to the Editorial Office in the form of original mail or scanned document.
