Enhancing predictive analytics for anti-phishing by exploiting website genre information

Ahmed Abbasi, Fatemeh Mariam Zahedi, Dajun Zeng, Yan Chen, Hsinchun Chen, Jay F Nunamaker

Research output: Contribution to journalArticle

28 Citations (Scopus)

Abstract

Phishing websites continue to successfully exploit user vulnerabilities in household and enterprise settings. Existing anti-phishing tools lack the accuracy and generalizability needed to protect Internet users and organizations from the myriad of attacks encountered daily. Consequently, users often disregard these tools' warnings. In this study, using a design science approach, we propose a novel method for detecting phishing websites. By adopting a genre theoretic perspective, the proposed genre tree kernel method utilizes fraud cues that are associated with differences in purpose between legitimate and phishing websites, manifested through genre composition and design structure, resulting in enhanced anti-phishing capabilities. To evaluate the genre tree kernel method, a series of experiments were conducted on a testbed encompassing thousands of legitimate and phishing websites. The results revealed that the proposed method provided significantly better detection capabilities than state-of-the-art anti-phishing methods. An additional experiment demonstrated the effectiveness of the genre tree kernel technique in user settings; users utilizing the method were able to better identify and avoid phishing websites, and were consequently less likely to transact with them. Given the extensive monetary and social ramifications associated with phishing, the results have important implications for future anti-phishing strategies. More broadly, the results underscore the importance of considering intention/purpose as a critical dimension for automated credibility assessment: focusing not only on the "what" but rather on operationalizing the "why" into salient detection cues.

Original languageEnglish (US)
Pages (from-to)109-157
Number of pages49
JournalJournal of Management Information Systems
Volume31
Issue number4
DOIs
StatePublished - Jan 1 2015

Fingerprint

Websites
Testbeds
Experiments
Predictive analytics
Web sites
Phishing
Internet
Chemical analysis
Industry

Keywords

  • Credibility assessment
  • Data mining
  • Design science
  • genre theory
  • Internet fraud
  • Phishing
  • Phishing websites
  • Website genres

ASJC Scopus subject areas

  • Management Information Systems
  • Information Systems and Management
  • Management Science and Operations Research
  • Computer Science Applications

Cite this

Enhancing predictive analytics for anti-phishing by exploiting website genre information. / Abbasi, Ahmed; Zahedi, Fatemeh Mariam; Zeng, Dajun; Chen, Yan; Chen, Hsinchun; Nunamaker, Jay F.

In: Journal of Management Information Systems, Vol. 31, No. 4, 01.01.2015, p. 109-157.

Research output: Contribution to journalArticle

@article{b069fe3752414429807475c4b4e87173,
title = "Enhancing predictive analytics for anti-phishing by exploiting website genre information",
abstract = "Phishing websites continue to successfully exploit user vulnerabilities in household and enterprise settings. Existing anti-phishing tools lack the accuracy and generalizability needed to protect Internet users and organizations from the myriad of attacks encountered daily. Consequently, users often disregard these tools' warnings. In this study, using a design science approach, we propose a novel method for detecting phishing websites. By adopting a genre theoretic perspective, the proposed genre tree kernel method utilizes fraud cues that are associated with differences in purpose between legitimate and phishing websites, manifested through genre composition and design structure, resulting in enhanced anti-phishing capabilities. To evaluate the genre tree kernel method, a series of experiments were conducted on a testbed encompassing thousands of legitimate and phishing websites. The results revealed that the proposed method provided significantly better detection capabilities than state-of-the-art anti-phishing methods. An additional experiment demonstrated the effectiveness of the genre tree kernel technique in user settings; users utilizing the method were able to better identify and avoid phishing websites, and were consequently less likely to transact with them. Given the extensive monetary and social ramifications associated with phishing, the results have important implications for future anti-phishing strategies. More broadly, the results underscore the importance of considering intention/purpose as a critical dimension for automated credibility assessment: focusing not only on the {"}what{"} but rather on operationalizing the {"}why{"} into salient detection cues.",
keywords = "Credibility assessment, Data mining, Design science, genre theory, Internet fraud, Phishing, Phishing websites, Website genres",
author = "Ahmed Abbasi and Zahedi, {Fatemeh Mariam} and Dajun Zeng and Yan Chen and Hsinchun Chen and Nunamaker, {Jay F}",
year = "2015",
month = "1",
day = "1",
doi = "10.1080/07421222.2014.1001260",
language = "English (US)",
volume = "31",
pages = "109--157",
journal = "Journal of Management Information Systems",
issn = "0742-1222",
publisher = "M.E. Sharpe Inc.",
number = "4",

}

TY - JOUR

T1 - Enhancing predictive analytics for anti-phishing by exploiting website genre information

AU - Abbasi, Ahmed

AU - Zahedi, Fatemeh Mariam

AU - Zeng, Dajun

AU - Chen, Yan

AU - Chen, Hsinchun

AU - Nunamaker, Jay F

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Phishing websites continue to successfully exploit user vulnerabilities in household and enterprise settings. Existing anti-phishing tools lack the accuracy and generalizability needed to protect Internet users and organizations from the myriad of attacks encountered daily. Consequently, users often disregard these tools' warnings. In this study, using a design science approach, we propose a novel method for detecting phishing websites. By adopting a genre theoretic perspective, the proposed genre tree kernel method utilizes fraud cues that are associated with differences in purpose between legitimate and phishing websites, manifested through genre composition and design structure, resulting in enhanced anti-phishing capabilities. To evaluate the genre tree kernel method, a series of experiments were conducted on a testbed encompassing thousands of legitimate and phishing websites. The results revealed that the proposed method provided significantly better detection capabilities than state-of-the-art anti-phishing methods. An additional experiment demonstrated the effectiveness of the genre tree kernel technique in user settings; users utilizing the method were able to better identify and avoid phishing websites, and were consequently less likely to transact with them. Given the extensive monetary and social ramifications associated with phishing, the results have important implications for future anti-phishing strategies. More broadly, the results underscore the importance of considering intention/purpose as a critical dimension for automated credibility assessment: focusing not only on the "what" but rather on operationalizing the "why" into salient detection cues.

AB - Phishing websites continue to successfully exploit user vulnerabilities in household and enterprise settings. Existing anti-phishing tools lack the accuracy and generalizability needed to protect Internet users and organizations from the myriad of attacks encountered daily. Consequently, users often disregard these tools' warnings. In this study, using a design science approach, we propose a novel method for detecting phishing websites. By adopting a genre theoretic perspective, the proposed genre tree kernel method utilizes fraud cues that are associated with differences in purpose between legitimate and phishing websites, manifested through genre composition and design structure, resulting in enhanced anti-phishing capabilities. To evaluate the genre tree kernel method, a series of experiments were conducted on a testbed encompassing thousands of legitimate and phishing websites. The results revealed that the proposed method provided significantly better detection capabilities than state-of-the-art anti-phishing methods. An additional experiment demonstrated the effectiveness of the genre tree kernel technique in user settings; users utilizing the method were able to better identify and avoid phishing websites, and were consequently less likely to transact with them. Given the extensive monetary and social ramifications associated with phishing, the results have important implications for future anti-phishing strategies. More broadly, the results underscore the importance of considering intention/purpose as a critical dimension for automated credibility assessment: focusing not only on the "what" but rather on operationalizing the "why" into salient detection cues.

KW - Credibility assessment

KW - Data mining

KW - Design science

KW - genre theory

KW - Internet fraud

KW - Phishing

KW - Phishing websites

KW - Website genres

UR - http://www.scopus.com/inward/record.url?scp=84930624931&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84930624931&partnerID=8YFLogxK

U2 - 10.1080/07421222.2014.1001260

DO - 10.1080/07421222.2014.1001260

M3 - Article

AN - SCOPUS:84930624931

VL - 31

SP - 109

EP - 157

JO - Journal of Management Information Systems

JF - Journal of Management Information Systems

SN - 0742-1222

IS - 4

ER -