Skip to main content
SpringerLink
Log in

Anti-Phishing Approaches in the Era of the Internet of Things

  • Chapter
  • First Online:
Towards a Wireless Connected World: Achievements and New Technologies

Abstract

In today’s Internet era, Internet of Things (IoT) based products and applications are adopted by users for many different purposes like shopping, managing finances, smart home security hubs, etc. Some of them are implemented as web page applications hosted over the Internet, which essentially inherits existing threats and attacks on them. One of the most common security attacks on web page applications is phishing. Phishing is a social engineering attack in which an adversary tries to steal users’ sensitive information including credentials by tricking them into believing the user is on a legitimate web page. Adversaries tend to adopt new and sophisticated ways to forge the web page designs in a crafty way and trick users to visit the malicious links. The crafty phishing web pages are used as a medium to carry out the art of phishing even for IoT-based applications. This chapter focuses on the state-of-the-art technologies that can be utilized to defend against phishing attacks in the era of IoT. Specifically, technologies to detect web page, zero-day, and adversarial phishing attacks, including their features, are introduced and discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.bankofamerica.com/ (Last Accessed: January 25, 2022).

  2. 2.

    https://www.globalsign.com/en/blog/warning-advanced-phishing-kits-now-available-on-the-dark-web (Last Accessed: January 25, 2020).

  3. 3.

    https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html (Last Accessed: January 25, 2022).

  4. 4.

    https://securityboulevard.com/2021/09/cyber-threats-haunting-iot-devices-in-2021/ (Last Accessed: January 25, 2022).

  5. 5.

    https://www.stage2data.com/what-damage-can-phishing-cause-to-your-business/ (Last Accessed: January 25, 2022).

  6. 6.

    https://owasp.org/ (Last Accessed: January 25, 2022).

References

  1. S. Sruthy, S.N. George, WiFi enabled home security surveillance system using raspberry pi and iot module, in Proceedings of the 2017 IEEE International Conference on Signal Processing, Informatics, Communication and Energy Systems (SPICES) (IEEE, 2017), pp. 1–6

    Google Scholar 

  2. A. Kumar, P. Sood, U. Gupta, Internet of things (IoT) for bank locker security system, in Proceedings of the 6th International Conference on Signal Processing and Communication (ICSC) (IEEE, 2020), pp. 315–318

    Google Scholar 

  3. J. Lau, B. Zimmerman, F. Schaub, Alexa, are you listening? privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proc. ACM Hum.-Comput. Interact. 2(CSCW) (2018)

    Google Scholar 

  4. C.-Y. Wu, C.-C. Kuo, C.-S. Yang, A phishing detection system based on machine learning, in Proceedings of the International Conference on Intelligent Computing and its Emerging Applications (ICEA) (IEEE, 2019), pp. 28–32

    Google Scholar 

  5. L. Barlow, G. Bendiab, S. Shiaeles, N. Savage, A novel approach to detect phishing attacks using binary visualisation and machine learning, in Proceedings of the IEEE World Congress on Services (SERVICES) (IEEE, 2020), pp. 177–182

    Google Scholar 

  6. C. Opara, B. Wei, Y. Chen, Htmlphish: enabling phishing web page detection by applying deep learning techniques on html analysis, in Proceedings of the International Joint Conference on Neural Networks (IJCNN) (IEEE, 2020), pp. 1–8

    Google Scholar 

  7. M. Chatterjee, A.-S. Namin, Detecting phishing websites through deep reinforcement learning, in Proceedings of the 43rd IEEE Annual Computer Software and Applications Conference (COMPSAC), vol. 2 (IEEE, 2019), pp. 227–232

    Google Scholar 

  8. M.M. Vilas, K.P. Ghansham, S.P. Jaypralash, P. Shila, Detection of phishing website using machine learning approach, in Proceedings of the 4th International Conference on Electrical, Electronics, Communication, Computer Technologies and Optimization Techniques (ICEECCOT) (IEEE, 2019), pp. 384–389

    Google Scholar 

  9. F. Tajaddodianfar, J.W. Stokes, A. Gururajan, Texception: a character/word-level deep learning model for phishing url detection, in Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (IEEE, 2020), pp. 2857–2861

    Google Scholar 

  10. S. Zaman, S.M.U. Deep, Z. Kawsar, M. Ashaduzzaman, A.I. Pritom, Phishing website detection using effective classifiers and feature selection techniques, in Proceedings of the 2nd International Conference on Innovation in Engineering and Technology (ICIET) (IEEE, 2019), pp. 1–6

    Google Scholar 

  11. A. Abuzuraiq, M. Alkasassbeh, M. Almseidin, Intelligent methods for accurately detecting phishing websites, in Proceedings of the 11th International Conference on Information and Communication Systems (ICICS) (IEEE, 2020), pp. 085–090

    Google Scholar 

  12. A. Alswailem, B. Alabdullah, N. Alrumayh, A. Alsedrani, Detecting phishing websites using machine learning, in Proceedings of the 2nd International Conference on Computer Applications Information Security (ICCAIS) (IEEE, 2019), pp. 1–6

    Google Scholar 

  13. A. Niakanlahiji, B.-T. Chu, E. Al-Shaer, PhishMon: a machine learning framework for detecting phishing webpages, in Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI) (IEEE, 2018), pp. 220–225

    Google Scholar 

  14. S. Roopak, A.P. Vijayaraghavan, T. Thomas, On effectiveness of source code and SSL based features for phishing website detection, in Proceedings of the 1st International Conference on Advanced Technologies in Intelligent Control, Environment, Computing Communication Engineering (ICATIECE) (IEEE, 2019), pp. 172–175

    Google Scholar 

  15. J. Stobbs, B. Issac, S.M. Jacob, Phishing web page detection using optimised machine learning, in Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (IEEE, 2020), pp. 483–490

    Google Scholar 

  16. Y. Sonmez, T. Tuncer, H. Gökal, E. Avcı, Phishing web sites features classification based on extreme learning machine, in Proceedings of the 6th International Symposium on Digital Forensic and Security (ISDFS) (IEEE, 2018), pp. 1–5

    Google Scholar 

  17. M. Korkmaz, E. Kocyigit, O.K. Sahingoz, B. Diri, Phishing web page detection using N-gram features extracted from URLs, in Proceedings of the 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA) (IEEE, 2021), pp. 1–6

    Google Scholar 

  18. M.M. Yadollahi, F. Shoeleh, E. Serkani, A. Madani, H. Gharaee, An adaptive machine learning based approach for phishing detection using hybrid features, in Proceedings of the 5th International Conference on Web Research (ICWR) (IEEE, 2019), pp. 281–286

    Google Scholar 

  19. E.S. Gualberto, R.T. De Sousa, T.P. De Brito Vieira, J.P. Carvalho Lustosa Da Costa, C.G. Duque, The answer is in the text: Multi-stage methods for phishing detection based on feature engineering. IEEE Access 8, 223529–223547 (2020)

    Google Scholar 

  20. M. Abutaha, M. Ababneh, K. Mahmoud, S. Al-Haj Baddar, URL phishing detection using machine learning techniques based on URLs lexical analysis, in Proceedings of the 12th International Conference on Information and Communication Systems (ICICS), (IEEE, 2021), pp. 147–152

    Google Scholar 

  21. E.S. Aung, H. Yamana, URL-based phishing detection using the entropy of non-alphanumeric characters, in Proceedings of the 21st International Conference on Information Integration and Web-based Applications & Services (iiWAS) (iiWAS, 2019), pp. 385–392

    Google Scholar 

  22. J. Rashid, T. Mahmood, M.W. Nisar, T. Nazir, Phishing detection using machine learning technique, in Proceedings of the 1st International Conference of Smart Systems and Emerging Technologies (SMARTTECH) (IEEE, 2020), pp. 43–46

    Google Scholar 

  23. A.S.S.V. Lakshmi Pooja, M. Sridhar, Analysis of phishing website detection using CNN and bidirectional LSTM, in Proceedings of the 4th International Conference on Electronics, Communication and Aerospace Technology (ICECA) (IEEE, 2020), pp. 1620–1629

    Google Scholar 

  24. A. AlEroud, G. Karabatis, Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks, in Proceedings of the 6th International Workshop on Security and Privacy Analytics (IWSPA) (ACM, 2020), pp. 53–60

    Google Scholar 

  25. T. Chin, K. Xiong, H. Chengbin, Phishlimiter: A phishing detection and mitigation approach using software-defined networking. IEEE Access 6, 42516–42531 (2018)

    Google Scholar 

  26. K. Gajera, M. Jangid, P. Mehta, J. Mittal, A novel approach to detect phishing attack using artificial neural networks combined with pharming detection, in Proceedings of the 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA) (IEEE, 2019), pp. 196–200

    Google Scholar 

  27. E. Zhu, Y. Chen, C. Ye, X. Li, F. Liu, OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network. IEEE Access 7, 73271–73284 (2019)

    Google Scholar 

  28. N. Megha, K.R. Remesh Babu, E. Sherly, An intelligent system for phishing attack detection and prevention, in Proceedings of the International Conference on Communication and Electronics Systems (ICCES) (IEEE, 2019), pp. 1577–1582

    Google Scholar 

  29. S. Sindhu, S.P. Patil, A. Sreevalsan, F. Rahman, M. Saritha, A. N. Phishing detection using random forest, SVM and neural network with backpropagation, in Proceedings of the International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE) (IEEE, 2020), pp. 391–394

    Google Scholar 

  30. R. Almeida, C. Westphall, Heuristic phishing detection and URL checking methodology based on scraping and web crawling, in Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI) (IEEE, 2020), pp. 1–6

    Google Scholar 

  31. Q. Cui, G.-V. Jourdan, G.V. Bochmann, I.-V. Onut, SemanticPhish: a semantic-based scanning system for early detection of phishing attacks, in Proceedings of the APWG Symposium on Electronic Crime Research (eCrime) (IEEE, 2020), pp. 1–12

    Google Scholar 

  32. H. Shirazi, B. Bezawada, I. Ray, Know thy domain name: Unbiased phishing detection using domain name based features, in Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies (SACMAT) (ACM, 2018), pp. 69–75

    Google Scholar 

  33. A.F. Nugraha, L. Rahman, Meta-algorithms for improving classification performance in the web-phishing detection process, in Proceedings of the 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE) (IEEE, 2019), pp. 271–275

    Google Scholar 

  34. S.-J. Bu, S.-B. Cho, Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection, in Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (IEEE, 2021), pp. 2685–2689

    Google Scholar 

  35. A. Cuzzocrea, F. Martinelli, F. Mercaldo, Applying machine learning techniques to detect and analyze web phishing attacks, in Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services (iiWAS) (ACM, 2018), pp. 355–359

    Google Scholar 

  36. J. Kumar, A. Santhanavijayan, B. Janet, B. Rajendran, B.S. Bindhumadhava, Phishing website classification and detection using machine learning, in Proceedings of the International Conference on Computer Communication and Informatics (ICCCI) (IEEE, 2020), pp. 1–6

    Google Scholar 

  37. S. Abdelnabi, K. Krombholz, M. Fritz, VisualPhishNet: zero-day phishing website detection by visual similarity, in Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) (ACM, 2020), pp. 1681–1698

    Google Scholar 

  38. F.C. Dalgic, A.S. Bozkir, M. Aydos, Phish-IRIS: A new approach for vision based brand prediction of phishing web pages via compact visual descriptors, in Proceedings of the 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT) (IEEE, 2018), pp. 1–8

    Google Scholar 

  39. T. Phoka, P. Suthaphan, Image based phishing detection using transfer learning, in Proceedings of the 11th International Conference on Knowledge and Smart Technology (KST) (IEEE, 2019), pp. 232–237

    Google Scholar 

  40. Y. Lin, R. Liu, D.M. Divakaran, J.Y. Ng, Q.Z. Chan, Y. Lu, Y. Si, F. Zhang, J.S. Dong, Phishpedia: a hybrid deep learning based approach to visually identify phishing webpages, in Proceedings of the 30th USENIX Security Symposium (USENIX Security 21) (USENIX, 2021), pp. 3793–3810

    Google Scholar 

  41. B. van Dooremaal, P. Burda, L. Allodi, N. Zannone, Combining text and visual features to improve the identification of cloned webpages for early phishing detection, in Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES) (ACM, 2021), pp. 1–10

    Google Scholar 

Download references

Acknowledgements

This research was supported by the MSIT (Ministry of Science, ICT), Korea, under the High-Potential Individuals Global Training Program (2021-0-01547-001) supervised by the IITP (Institute for Information and Communications Technology Planning and Evaluation).

Author information

Authors and Affiliations

  1. Information and Intelligent Security Lab., Department of Computer Science, Kennesaw State University, Marietta, GA, 30060, USA

    Mallika Boyapati, Bala Chaitanya Gutta & Junggab Son

  2. Department of Computer and Information Sciences, Fordham University, Bronx, NY, 10023, USA

    Md. Zakirul Alam Bhuiyan

Authors
  1. Mallika Boyapati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bala Chaitanya Gutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md. Zakirul Alam Bhuiyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Junggab Son
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Junggab Son .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, United International University, Dhaka, Bangladesh

    Al-Sakib Khan Pathan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Boyapati, M., Gutta, B.C., Bhuiyan, M.Z.A., Son, J. (2022). Anti-Phishing Approaches in the Era of the Internet of Things. In: Pathan, AS.K. (eds) Towards a Wireless Connected World: Achievements and New Technologies. Springer, Cham. https://doi.org/10.1007/978-3-031-04321-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-04321-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-04320-8

  • Online ISBN: 978-3-031-04321-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation