A Comprehensive Survey of Automated Website Phishing Detection Techniques: A Perspective of Artificial Intelligence and Human Behaviors

Abstract

Phishing is a web-based attack that applies social engineering techniques to take advantage of Internet users and obtain sensitive information. Mostly, the phishing attack works by creating a fake version of a real website interface to gain the trust of the user. Even though the phishing site looks similar or strikingly similar to the real website they imitate, user studies have demonstrated that user ignores browser-based indicator and frequently exploits the appearance of the website to judge the authenticity of the site, just as they use the appearance of the physical site to judge their authenticity. Several techniques are commonly used for the automated detection of phishing websites: URL-based detection, content-based detection, reputation-based detection, machine learning-based detection, and behavioural-based detection. These techniques can be used alone or in combination to improve the accuracy of phishing detection. This research focuses on the review of existing automated phishing detection techniques in websites. A taxonomy of automatic web phishing detection is presented and a systematic analysis of ongoing trends in web phishing detection techniques was performed. The study objective is to acknowledge the status of recent studies in automated web phishing detection and evaluate the performance. In addition, a brief introduction to the different types of phishing attacks and statistics is elaborated. The existing techniques are reviewed based on different aspects such as objectives, proposed methodology, merits, and demerits.