Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Detecting Mobile Phishing Using a Distri... > Experimental Studies - Pg. 174

174 Chapter6·Phishing,SMishing,andVishing Phishers usually use open redirectors to trick victims when they see legitimate site names in the URL. Specifically, they target open redirectors in well-known sites such as, and This technique comes in handy when combined with other techniques, especially URL encoding since naive users will not be able to translate the encoding in the URL. The following shows an example of an AOL open redirector. The last technique we will analyze here is URL encoding. URL encoding is used to transfer characters that have a special meaning in HTML during HTTP requests. The basic idea is to replace the character with the "%" symbol, followed by the two-digit hexadecimal representation of the ISO-Latin code for the character. Phishers have been using this approach to mask spoofed URL and hide the phony addresses of these sites. However, they encode not only special characters in the URL, but also the complete URL. As we mentioned earlier, when this approach is combined with other techniques, it makes the probability of success for the attack higher since the spoofed URL looks more legitimate to the naive user. The following presents an example of URL encoding combined with URL redirection. Figure 6.26 depicts a block diagram of the approach used in building the dataset. It shows both textual and structural analysis and the procedures involved therein. Experimental Studies Evaluation Metrics The area under the receiver operating characteristic (ROC) curve (AUC) is used as the primary measure to compare the performance of classifiers. Previous research proved theoretically and empirically that AUC is more accurate than error rates to evaluate classifiers' performance. The AUC shows the trade-off between the false positives and true positives at different cut-off points. Although classifiers' error rate (Err) or sometimes classifiers' accuracy (Acc) have been widely used in comparing classifiers' performance, they have been criticized for being highly dependent on the probability of the threshold chosen to approximate the positive classes. Here we note that, when using the error rate, we assign new classes to the positive class if the probability of the class is greater than or equal to 0.5 (that is, threshold = 0.5). Let N L denote the total number of legitimate e-mails, and N P denote the total number of phishing e-mails. Now, let n LL be the number of legitimate messages classified as legitimate, n LP be the number of legitimate messages misclassified as phishing, n PL be the number of