Your browser does not support JavaScript!

Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

Detecting DNS-poisoning-based phishing attacks from their network performance characteristics

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
Electronics Letters — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Most of the existing phishing detection techniques are weak against domain name system (DNS)-poisoning-based phishing attacks. Proposed is a highly effective method for detecting such attacks: the network performance characteristics of websites are used for classification. To demonstrate how useful the approach is, the performance of four classification algorithms are explored: linear discriminant analysis, naïve Bayesian, K-nearest neighbour, and support vector machine. Over 10 000 real-world items of routing information have been observed during a one-week period. The experimental results show that the best-performing classification method – which uses the K-nearest neighbour algorithm – is capable of achieving a true positive rate of 99.4% and a false positive rate of 0.7%.


    1. 1)
      • Zhang, Y., Hong, J.I., Cranor, L.F.: `Cantina: a content-based approach to detecting phishing web sites', WWW '07: Proc. 16th Int. Conf. on World Wide Web, 2007, New York, NY, USA, p. 639–648.
    2. 2)
      • R.O. Duda , P.E. Hart , D.G. Stork . Pattern classification.
    3. 3)
      • Xiang, G., Hong, J.I.: `A hybrid phish detection approach by identity discovery and keywords retrieval', WWW '09: Proc. 18th ACM Int. Conf. on World Wide Web, 2009, New York, NY, USA, p. 571–580.
    4. 4)
      • Padmanabhan, V.N., Subramanian, L.: `An investigation of geographic mapping techniques for internet hosts', SIGCOMM '01: Proc. ACM 2001 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, 2001, New York, NY, USA, p. 173–185.
    5. 5)
      • S. Abu-Nimeh , S. Nair . Circumventing security toolbars and phishing filters via rogue wireless access points. Wirel. Commun. Mobile Comput. , 1128 - 1139

Related content

This is a required field
Please enter a valid email address