1 research outputs found
SOK: A Comprehensive Reexamination of Phishing Research from the Security Perspective
Phishing and spear-phishing are typical examples of masquerade attacks since
trust is built up through impersonation for the attack to succeed. Given the
prevalence of these attacks, considerable research has been conducted on these
problems along multiple dimensions. We reexamine the existing research on
phishing and spear-phishing from the perspective of the unique needs of the
security domain, which we call security challenges: real-time detection, active
attacker, dataset quality and base-rate fallacy. We explain these challenges
and then survey the existing phishing/spear phishing solutions in their light.
This viewpoint consolidates the literature and illuminates several
opportunities for improving existing solutions. We organize the existing
literature based on detection techniques for different attack vectors (e.g.,
URLs, websites, emails) along with studies on user awareness. For detection
techniques, we examine properties of the dataset, feature extraction, detection
algorithms used, and performance evaluation metrics. This work can help guide
the development of more effective defenses for phishing, spear-phishing, and
email masquerade attacks of the future, as well as provide a framework for a
thorough evaluation and comparison