Enhancing predictive analytics for anti-phishing by exploiting website genre information

Ahmed Abbasi, Fatemeh Mariam Zahedi, Daniel Zeng, Yan Chen, Hsinchun Chen, Jay F. Nunamaker

Research output: Contribution to journalArticlepeer-review

35 Scopus citations

Abstract

Phishing websites continue to successfully exploit user vulnerabilities in household and enterprise settings. Existing anti-phishing tools lack the accuracy and generalizability needed to protect Internet users and organizations from the myriad of attacks encountered daily. Consequently, users often disregard these tools' warnings. In this study, using a design science approach, we propose a novel method for detecting phishing websites. By adopting a genre theoretic perspective, the proposed genre tree kernel method utilizes fraud cues that are associated with differences in purpose between legitimate and phishing websites, manifested through genre composition and design structure, resulting in enhanced anti-phishing capabilities. To evaluate the genre tree kernel method, a series of experiments were conducted on a testbed encompassing thousands of legitimate and phishing websites. The results revealed that the proposed method provided significantly better detection capabilities than state-of-the-art anti-phishing methods. An additional experiment demonstrated the effectiveness of the genre tree kernel technique in user settings; users utilizing the method were able to better identify and avoid phishing websites, and were consequently less likely to transact with them. Given the extensive monetary and social ramifications associated with phishing, the results have important implications for future anti-phishing strategies. More broadly, the results underscore the importance of considering intention/purpose as a critical dimension for automated credibility assessment: focusing not only on the "what" but rather on operationalizing the "why" into salient detection cues.

Original languageEnglish (US)
Pages (from-to)109-157
Number of pages49
JournalJournal of Management Information Systems
Volume31
Issue number4
DOIs
StatePublished - Jan 1 2015

Keywords

  • Credibility assessment
  • Data mining
  • Design science
  • Internet fraud
  • Phishing
  • Phishing websites
  • Website genres
  • genre theory

ASJC Scopus subject areas

  • Management Information Systems
  • Computer Science Applications
  • Management Science and Operations Research
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Enhancing predictive analytics for anti-phishing by exploiting website genre information'. Together they form a unique fingerprint.

Cite this