{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:53:27Z","timestamp":1775069607190,"version":"3.50.1"},"reference-count":59,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006261","name":"Deanship of Scientific Research, Taif University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006261","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/access.2023.3310810","type":"journal-article","created":{"date-parts":[[2023,8,31]],"date-time":"2023-08-31T17:39:52Z","timestamp":1693503592000},"page":"96502-96513","source":"Crossref","is-referenced-by-count":9,"title":["Using Clustering Algorithms to Automatically Identify Phishing Campaigns"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7299-7095","authenticated-orcid":false,"given":"Kholoud","family":"Althobaiti","sequence":"first","affiliation":[{"name":"Department of Computer Science, Taif University, Taif, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria K.","family":"Wolters","sequence":"additional","affiliation":[{"name":"School of Informatics, The University of Edinburgh, Edinburgh, U.K."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nawal","family":"Alsufyani","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Taif University, Taif, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kami","family":"Vaniea","sequence":"additional","affiliation":[{"name":"School of Informatics, The University of Edinburgh, Edinburgh, U.K."}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref13","first-page":"1","article-title":"Security incident recognition and reporting (SIRR): An industrial perspective","author":"grispos","year":"0","journal-title":"Proc 23rd Americas Conf Inf Syst (AMCIS)"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ecrime.2010.5706698"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879147"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/IMF.2011.15"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242660"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-27937-9_5"},{"key":"ref58","first-page":"1","article-title":"Inside a phisher’s mind: Understanding the anti-phishing ecosystem through phishing kit analysis","author":"oest","year":"2018","journal-title":"Proc APWG Symp Electron Crime Res (eCrime)"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.aasri.2013.10.020"},{"key":"ref52","year":"2017","journal-title":"Enterprise Phishing Resiliency and Defense Report"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1108\/09685221011035241"},{"key":"ref55","article-title":"Evaluation metrics for unsupervised learning algorithms","author":"palacio-ni\u00f1o","year":"2019","journal-title":"arXiv 1905 05667"},{"key":"ref10","year":"2019","journal-title":"2019 Dataenterprise Phishing Resiliency and Defense Report Breach Investigations Report"},{"key":"ref54","first-page":"1","article-title":"Phishing email detection technique by using hybrid features","author":"form","year":"2015","journal-title":"Proc 9th Int Conf IT Asia (CITA)"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.04.001"},{"key":"ref16","first-page":"1309","article-title":"Cognitive triaging of phishing attacks","author":"van der heijden","year":"0","journal-title":"Proc 28th USENIX Security Symp"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2014.46"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2017.520"},{"key":"ref51","first-page":"1","article-title":"I don’t need an expert! Making URL phishing features human comprehensible","author":"althobaiti","year":"2021","journal-title":"Proc CHI Conf Hum Factors Comput Syst"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2021.1959678"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15037-1_20"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.030713.00020"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-020-09814-9"},{"key":"ref47","first-page":"25","article-title":"Applying clustering and ensemble clustering approaches to phishing profiling","volume":"101","author":"yearwood","year":"2009","journal-title":"Proc 8th Australas Data Mining Conf (AusDM)"},{"key":"ref42","first-page":"1","article-title":"Using internal validity measures to compare clustering algorithms","volume":"1","author":"van craenendonck","year":"2015","journal-title":"Proc ICML"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44851-9_41"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2969780"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/ISCIT.2012.6380857"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2954791"},{"key":"ref8","year":"2020","journal-title":"2020 Data Breach Investigations Report"},{"key":"ref7","year":"2020","journal-title":"Official statistics cyber security breaches survey 2020—Chapter 5 Incidence and impact of breaches or attacks"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICIC53490.2021.9692960"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1080\/10919392.2019.1552745"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2871744"},{"key":"ref6","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","author":"ester","year":"0","journal-title":"Proc 1st Intl Conf on Knowledge Discovery and Data Mining (KDD)"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/34.1000236"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3068335"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2017.081054"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.04.002"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/eCRS.2013.6805777"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/s11063-017-9593-7"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/s13278-011-0031-y"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.76"},{"key":"ref33","first-page":"1","article-title":"Establishing phishing provenance using orthographic features","author":"ma","year":"2009","journal-title":"Proceedings of ECrime Researchers Summit ACM"},{"key":"ref32","first-page":"263","article-title":"Dynamic trackback strategy for email-born phishing using maximum dependency algorithm (MDA)","volume":"549","author":"hamid","year":"2016","journal-title":"Proc 2nd Int Conf on Soft Computing and Data Mining (SCDM)"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/WI-IAT.2011.94"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3476079"},{"key":"ref39","first-page":"2825","article-title":"Scikit-learn: Machine learning in Python","volume":"12","author":"pedregosa","year":"2011","journal-title":"J Mach Learn Res"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2851613.2851801"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2014.03.014"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2014.08.007"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2611040.2611059"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557124"},{"key":"ref20","first-page":"1","article-title":"Poster: Apate: Anti-phishing analysing and triaging environment","author":"lastdrager","year":"2015","journal-title":"Proc 36th IEEE Symp Security and Privacy"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.4018\/IJWLTT.2020040102"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-008-0216-y"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICPR.2010.1010"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2013.6578788"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.26555\/ijain.v7i1.605"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10005208\/10235951.pdf?arnumber=10235951","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,2]],"date-time":"2023-10-02T18:17:30Z","timestamp":1696270650000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10235951\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":59,"URL":"https:\/\/doi.org\/10.1109\/access.2023.3310810","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}