Phishing is a form of cybercrime used to lure a victim to reveal his/her sensitive personal information to fraudulent web pages. To protect users from phishing attacks, many anti-phishing techniques have been proposed to block suspicious web pages, which are identified against registered black-lists, or checked by search engines. However, such approaches usually have difficulty in keeping up with the rapidly emerging phishing web pages. To lessen this problem, this paper proposes a technique for identifying suspicious web pages, based on the literal and conceptual consistency between the URL and web contents. By using the search logs only as reference data, our approach can achieve 98% accuracy, showing that it is effective in detecting various forms of phishing attack.
展开▼
