{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T23:15:03Z","timestamp":1780355703330,"version":"3.54.1"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030334314","type":"print"},{"value":"9783030334321","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-33432-1_12","type":"book-chapter","created":{"date-parts":[[2020,2,4]],"date-time":"2020-02-04T19:02:44Z","timestamp":1580842964000},"page":"253-267","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":52,"title":["Phishing URL Detection with Lexical Features and Blacklisted Domains"],"prefix":"10.1007","author":[{"given":"Jiwon","family":"Hong","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Taeri","family":"Kim","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jing","family":"Liu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Noseong","family":"Park","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sang-Wook","family":"Kim","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,2,5]]},"reference":[{"key":"12_CR1","unstructured":"Ahmad F (2017) \nhttps:\/\/github.com\/faizann24\/using-machine-learning-to-detect-malicious-urls"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Anand A, Gorde K, Moniz JRA, Park N, Chakraborty T, Chu BT (2018) Phishing url detection with oversampling based on text generative adversarial networks. In: 2018 IEEE International Conference on Big Data (Big Data), IEEE, pp 1168\u20131177","DOI":"10.1109\/BigData.2018.8622547"},{"key":"12_CR3","volume-title":"Spamscatter: Characterizing internet scam hosting infrastructure","author":"DS Anderson","year":"2007","unstructured":"Anderson DS, Fleizach C, Savage S, Voelker GM (2007) Spamscatter: Characterizing internet scam hosting infrastructure. In: USENIX Security Symposium"},{"key":"12_CR4","unstructured":"Anti-Phishing Working Group (2018) APWG Phishing Attack Trends Reports. \nhttps:\/\/www.antiphishing.org\/resources\/apwg-reports"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Bahnsen AC, Bohorquez EC, Villegas S, Vargas J, Gonz\u00e1lez FA (2017) Classifying phishing urls using recurrent neural networks. In: 2017 APWG Symposium on Electronic Crime Research (eCrime), IEEE, pp 1\u20138","DOI":"10.1109\/ECRIME.2017.7945048"},{"key":"12_CR6","unstructured":"Bowyer KW, Chawla NV, Hall LO, Kegelmeyer WP (2011) SMOTE: synthetic minority over-sampling technique. CoRR abs\/1106.1813, \nhttp:\/\/arxiv.org\/abs\/1106.1813"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Canali D, Cova M, Vigna G, Kruegel C (2011) Prophiler: a fast filter for the large-scale detection of malicious web pages. In: Proceedings of the 20th international conference on World wide web, ACM, pp 197\u2013206","DOI":"10.1145\/1963405.1963436"},{"issue":"2","key":"12_CR8","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/1754393.1754394","volume":"10","author":"TC Chen","year":"2010","unstructured":"Chen TC, Dick S, Miller J (2010) Detecting visually similar web pages: Application to phishing detection. ACM Transactions on Internet Technology (TOIT) 10(2):5","journal-title":"ACM Transactions on Internet Technology (TOIT)"},{"key":"12_CR9","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-642-10509-8_19","volume-title":"Future Generation Information Technology","author":"YoungHan Choi","year":"2009","unstructured":"Choi Y, Kim T, Choi S, Lee C (2009) Automatic detection for javascript obfuscation attacks in web pages through string pattern analysis. In: Proceedings of the 1st International Conference on Future Generation Information Technology, Springer-Verlag, Berlin, Heidelberg, FGIT \u201909, pp 160\u2013172"},{"key":"12_CR10","unstructured":"of Economic Advisers TC (2018) \nhttps:\/\/www.whitehouse.gov\/wp-content\/uploads\/2018\/03\/the-cost-of-malicious-cyber-activity-to-the-u.s.-economy.pdf"},{"key":"12_CR11","first-page":"149","volume-title":"Binspect: Holistic analysis and detection of malicious web pages","author":"B Eshete","year":"2012","unstructured":"Eshete B, Villafiorita A, Weldemariam K (2012) Binspect: Holistic analysis and detection of malicious web pages. In: International Conference on Security and Privacy in Communication Systems, Springer, pp 149\u2013166"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Eshete B, Villafiorita A, Weldemariam K, Zulkernine M (2013) Einspect: Evolution-guided analysis and detection of malicious web pages. In: 2013 IEEE 37th Annual Computer Software and Applications Conference, IEEE, pp 375\u2013380","DOI":"10.1109\/COMPSAC.2013.63"},{"key":"12_CR13","unstructured":"Felegyhazi M, Kreibich C, Paxson V (2010) On the potential of proactive domain blacklisting. In: Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, USENIX Association, Berkeley, CA, USA, LEET\u201910, pp 6\u20136, \nhttp:\/\/dl.acm.org\/citation.cfm?id=1855686.1855692"},{"issue":"4","key":"12_CR14","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1109\/TDSC.2006.50","volume":"3","author":"AY Fu","year":"2006","unstructured":"Fu AY, Wenyin L, Deng X (2006) Detecting phishing web pages with visual similarity assessment based on earth mover\u2019s distance (emd). IEEE transactions on dependable and secure computing 3(4):301\u2013311","journal-title":"IEEE transactions on dependable and secure computing"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Garera S, Provos N, Chew M, Rubin AD (2007) A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM workshop on Recurring malcode, ACM, pp 1\u20138","DOI":"10.1145\/1314389.1314391"},{"key":"12_CR16","first-page":"1322","volume-title":"Adasyn: Adaptive synthetic sampling approach for imbalanced learning","author":"H He","year":"2008","unstructured":"He H, Bai Y, Garcia EA, Li S (2008) Adasyn: Adaptive synthetic sampling approach for imbalanced learning. In: IEEE International Joint Conference on Neural Networks, pp 1322\u20131328"},{"issue":"1","key":"12_CR17","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1016\/j.eswa.2009.05.023","volume":"37","author":"YT Hou","year":"2010","unstructured":"Hou YT, Chang Y, Chen T, Laih CS, Chen CM (2010) Malicious web content detection by machine learning. Expert Systems with Applications 37(1):55\u201360","journal-title":"Expert Systems with Applications"},{"key":"12_CR18","unstructured":"Kilby M (2017) \nhttps:\/\/github.com\/incertum\/cyber-matrix-ai\/tree\/master\/malicious-url-detection-deep-learning"},{"key":"12_CR19","unstructured":"Le H, Pham Q, Sahoo D, Hoi SC (2018) Urlnet: Learning a url representation with deep learning for malicious url detection. arXiv preprint arXiv:180203162"},{"key":"12_CR20","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-540-73614-1_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Christian Ludl","year":"2007","unstructured":"Ludl C, Mcallister S, Kirda E, Kruegel C (2007) On the effectiveness of techniques to detect phishing sites. In: Proceedings of the 4th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer-Verlag, Berlin, Heidelberg, DIMVA \u201907, pp 20\u201339"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Ma J, Saul LK, Savage S, Voelker GM (2009) Beyond blacklists: learning to detect malicious web sites from suspicious urls. In: Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, ACM, pp 1245\u20131254","DOI":"10.1145\/1557019.1557153"},{"key":"12_CR22","first-page":"1245","volume-title":"Beyond blacklists: Learning to detect malicious web sites from suspicious urls","author":"J Ma","year":"2009","unstructured":"Ma J, Saul LK, Savage S, Voelker GM (2009) Beyond blacklists: Learning to detect malicious web sites from suspicious urls. In: KDD, pp 1245\u20131254"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Ma J, Saul LK, Savage S, Voelker GM (2009) Identifying suspicious urls: an application of large-scale online learning. In: Proceedings of the 26th annual international conference on machine learning, ACM, pp 681\u2013688","DOI":"10.1145\/1553374.1553462"},{"key":"12_CR24","doi-asserted-by":"publisher","first-page":"17020","DOI":"10.1109\/ACCESS.2017.2743528","volume":"5","author":"Jian Mao","year":"2017","unstructured":"Mao J, Tian W, Li P, Wei T, Liang Z (2017) Phishing-alarm: Robust and efficient phishing detection via page component similarity. IEEE Access 5:17020\u201317030, DOI 10.1109\/ACCESS.2017.2743528","journal-title":"IEEE Access"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Marchal S, Fran\u00e7ois J, State R, Engel T (2014) Phishscore: Hacking phishers\u2019 minds. In: 10th International Conference on Network and Service Management (CNSM) and Workshop, IEEE, pp 46\u201354","DOI":"10.1109\/CNSM.2014.7014140"},{"key":"12_CR26","first-page":"4","volume":"8","author":"DK McGrath","year":"2008","unstructured":"McGrath DK, Gupta M (2008) Behind phishing: An examination of phisher modi operandi. LEET 8:4","journal-title":"LEET"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Medvet E, Kirda E, Kruegel C (2008) Visual-similarity-based phishing detection. In: Proceedings of the 4th international conference on Security and privacy in communication netowrks, ACM, p 22","DOI":"10.1145\/1460877.1460905"},{"key":"12_CR28","unstructured":"Mohammad RM, Thabtah FA, McCluskey L (2012) An assessment of features related to phishing websites using an automated technique. In: 7th International Conference for Internet Technology and Secured Transactions, pp 492\u2013497"},{"issue":"2","key":"12_CR29","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/s00521-013-1490-z","volume":"25","author":"Rami M. Mohammad","year":"2013","unstructured":"Mohammad RM, Thabtah F, McCluskey L (2014) Predicting phishing websites based on self-structuring neural network. Neural Computing and Applications 25(2), DOI 10.1007\/s00521-013-1490-z, \nhttps:\/\/doi.org\/10.1007\/s00521-013-1490-z","journal-title":"Neural Computing and Applications"},{"key":"12_CR30","unstructured":"OpenDNS (2019) Phishtank - out of the net, into the tank, \nhttps:\/\/www.phishtank.com\/"},{"key":"12_CR31","volume-title":"The pagerank citation ranking: Bringing order to the web","author":"L Page","year":"1999","unstructured":"Page L, Brin S, Motwani R, Winograd T (1999) The pagerank citation ranking: Bringing order to the web. Tech. rep., Stanford InfoLab"},{"key":"12_CR32","doi-asserted-by":"crossref","unstructured":"Prakash P, Kumar M, Kompella RR, Gupta M (2010) Phishnet: Predictive blacklisting to detect phishing attacks. In: Proceedings of the 29th Conference on Information Communications, IEEE Press, Piscataway, NJ, USA, INFOCOM\u201910, pp 346\u2013350, \nhttp:\/\/dl.acm.org\/citation.cfm?id=1833515.1833585","DOI":"10.1109\/INFCOM.2010.5462216"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Ramanathan V, Wechsler H (2012) Phishing website detection using latent dirichlet allocation and adaboost. In: 2012 IEEE International Conference on Intelligence and Security Informatics, IEEE, pp 102\u2013107","DOI":"10.1109\/ISI.2012.6284100"},{"key":"12_CR34","unstructured":"Sheng S, Wardman B, Warner G, Cranor L, Hong J, Zhang C (2009) An empirical analysis of phishing blacklists"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"Sinha S, Bailey M, Jahanian F (2008) Shades of grey: On the effectiveness of reputation-based \u201cblacklists\u201d. In: 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), IEEE, pp 57\u201364","DOI":"10.1109\/MALWARE.2008.4690858"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Sorio E, Bartoli A, Medvet E (2013) Detection of hidden fraudulent urls within trusted sites using lexical features. 2013 International Conference on Availability, Reliability and Security pp 242\u2013247","DOI":"10.1109\/ARES.2013.31"},{"issue":"4","key":"12_CR37","doi-asserted-by":"publisher","first-page":"873","DOI":"10.1587\/transinf.2015ICP0027","volume":"99","author":"B Sun","year":"2016","unstructured":"Sun B, Akiyama M, Yagi T, Hatada M, Mori T (2016) Automating url blacklist generation with similarity search approach. IEICE TRANSACTIONS on Information and Systems 99(4):873\u2013882","journal-title":"IEICE TRANSACTIONS on Information and Systems"},{"key":"12_CR38","volume-title":"Client-side defense against web-based identity theft","author":"NCRLY Teraguchi","year":"2004","unstructured":"Teraguchi NCRLY, Mitchell JC (2004) Client-side defense against web-based identity theft. Computer Science Department, Stanford University Available: http:\/\/cryptostanfordedu\/SpoofGuard\/webspoofpdf"},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Verma R, Dyer K (2015) On the character of phishing urls: Accurate and robust statistical learning classifiers. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, DOI 10.1145\/2699026.2699115, \nhttp:\/\/doi.acm.org\/10.1145\/2699026.2699115","DOI":"10.1145\/2699026.2699115"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Wenyin L, Huang G, Xiaoyue L, Min Z, Deng X (2005) Detection of phishing webpages based on visual similarity. In: Special interest tracks and posters of the 14th international conference on World Wide Web, ACM, pp 1060\u20131061","DOI":"10.1145\/1062745.1062868"},{"key":"12_CR41","unstructured":"Whittaker C, Ryner B, Nazif M (2010) Large-scale automatic classification of phishing pages. In: NDSS \u201910, \nhttp:\/\/www.isoc.org\/isoc\/conferences\/ndss\/10\/pdf\/08.pdf"},{"issue":"2","key":"12_CR42","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1145\/2019599.2019606","volume":"14","author":"G Xiang","year":"2011","unstructured":"Xiang G, Hong J, Rose CP, Cranor L (2011) Cantina+\u2009: A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC) 14(2):21","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"12_CR43","first-page":"141","volume-title":"Cross-layer detection of malicious websites","author":"L Xu","year":"2013","unstructured":"Xu L, Zhan Z, Xu S, Ye K (2013) Cross-layer detection of malicious websites. In: Proceedings of the third ACM conference on Data and application security and privacy, ACM, pp 141\u2013152"},{"key":"12_CR44","doi-asserted-by":"crossref","unstructured":"Zhang Y, Hong JI, Cranor LF (2007) Cantina: a content-based approach to detecting phishing web sites. In: Proceedings of the 16th international conference on World Wide Web, ACM, pp 639\u2013648","DOI":"10.1145\/1242572.1242659"}],"container-title":["Adaptive Autonomous Secure Cyber Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-33432-1_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,2,4]],"date-time":"2020-02-04T19:10:00Z","timestamp":1580843400000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-33432-1_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030334314","9783030334321"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-33432-1_12","relation":{},"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"5 February 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}