Modeling Content From Human-Verified Blacklists for Accurate Zero-Hour Phish Detection
Source: Carnegie Mellon University
Phishing attacks are a significant security threat to users of the Internet, causing tremendous economic loss every year. Past work in academia has not been adopted by industry in part due to concerns about liability over false positives. However, blacklist-based methods heavily used in industry are slow in responding to new phish attacks, and tend to be easily overwhelmed by phishing techniques such as fast-flux and the proliferation of toolkits. In this paper, the authors present the design and evaluation of two blacklist-enhanced content-based algorithms. The key insight behind their algorithms is to leverage existing human-verified whitelists and blacklists, and relax them via probabilistic methods to attain high true positive rates while maintaining extremely low false positive rates.