{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:22:45Z","timestamp":1777339365908,"version":"3.51.4"},"reference-count":280,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100008982","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 1319212"],"award-info":[{"award-number":["CNS 1319212"]}],"id":[{"id":"10.13039\/501100008982","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100008982","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DGE 1433817"],"award-info":[{"award-number":["DGE 1433817"]}],"id":[{"id":"10.13039\/501100008982","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100008982","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DUE 1241772"],"award-info":[{"award-number":["DUE 1241772"]}],"id":[{"id":"10.13039\/501100008982","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100008982","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DUE 1356705"],"award-info":[{"award-number":["DUE 1356705"]}],"id":[{"id":"10.13039\/501100008982","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-16-1-0422"],"award-info":[{"award-number":["W911NF-16-1-0422"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/comst.2019.2957750","type":"journal-article","created":{"date-parts":[[2019,12,5]],"date-time":"2019-12-05T21:14:26Z","timestamp":1575580466000},"page":"671-708","source":"Crossref","is-referenced-by-count":130,"title":["SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5015-2665","authenticated-orcid":false,"given":"Avisha","family":"Das","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9814-9270","authenticated-orcid":false,"given":"Shahryar","family":"Baki","sequence":"additional","affiliation":[]},{"given":"Ayman","family":"El Aassal","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7466-7823","authenticated-orcid":false,"given":"Rakesh","family":"Verma","sequence":"additional","affiliation":[]},{"given":"Arthur","family":"Dunbar","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref275","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211286548"},{"key":"ref274","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2018.05.003"},{"key":"ref277","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-009-9109-6"},{"key":"ref276","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.032213.00009"},{"key":"ref271","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.04.006"},{"key":"ref270","doi-asserted-by":"publisher","DOI":"10.14445\/22315381\/IJETT-V22P239"},{"key":"ref273","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1674"},{"key":"ref170","doi-asserted-by":"publisher","DOI":"10.1145\/2851613.2851801"},{"key":"ref272","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2015.04.001"},{"key":"ref172","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0371"},{"key":"ref171","doi-asserted-by":"publisher","DOI":"10.1108\/OIR-03-2012-0037"},{"key":"ref174","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242660"},{"key":"ref173","doi-asserted-by":"publisher","DOI":"10.5220\/0005574304270434"},{"key":"ref176","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-016-0459-9"},{"key":"ref175","first-page":"422","article-title":"Lexical URL analysis for discriminating phishing and legitimate e-mail messages","author":"khonji","year":"2011","journal-title":"The 6th Int Conf for Internet Technology and Secured Transactions"},{"key":"ref178","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2009.5342607"},{"key":"ref177","doi-asserted-by":"crossref","first-page":"1099","DOI":"10.3844\/jcssp.2012.1099.1107","article-title":"Evolving fuzzy neural network for phishing emails detection","volume":"8","author":"almomani","year":"2012","journal-title":"J Comput Sci"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2016.8405"},{"key":"ref169","article-title":"Improved phishing detection using model-based features","author":"bergholz","year":"2008","journal-title":"Proc CEAS"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48683-2_27"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030397"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2017.7945048"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2752087"},{"key":"ref31","article-title":"Malicious URL detection using machine learning: A survey","volume":"abs 1701 7179","author":"sahoo","year":"2017","journal-title":"CoRR"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2014.6963161"},{"key":"ref267","doi-asserted-by":"publisher","DOI":"10.1111\/j.2517-6161.1995.tb02031.x"},{"key":"ref37","first-page":"394","article-title":"A Web page malicious script detection system","author":"zhang","year":"2014","journal-title":"Proc IEEE 3rd Int Conf Cloud Comput Intell Syst (CCIS)"},{"key":"ref268","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.030713.00020"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ISSA.2011.6027532"},{"key":"ref269","first-page":"1998","article-title":"Survey paper on phishing detection: Identification of malicious URL using Bayesian classification on social network sites","volume":"4","author":"satane","year":"2013","journal-title":"Int J Sci Res"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/HPCSim.2015.7237040"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/CGVIS.2015.7449891"},{"key":"ref181","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.3929"},{"key":"ref180","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.cose.2012.12.002","article-title":"Phishing detection and impersonated entity discovery using conditional random field and latent Dirichlet allocation","volume":"34","author":"venkatesh","year":"2013","journal-title":"Comput Security"},{"key":"ref280","first-page":"1","article-title":"Email ’message-IDs’ helpful for forensic analysis?","author":"pasupatheeswaran","year":"2008","journal-title":"Proc Aust Digit Forensics Conf"},{"key":"ref185","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2015.02.021"},{"key":"ref184","first-page":"2","article-title":"Phishing email detection based on structural properties","author":"chandrasekaran","year":"2006","journal-title":"Proc NYS CyberSecurity Conf"},{"key":"ref183","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2011.06.016"},{"key":"ref182","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2012.12"},{"key":"ref189","doi-asserted-by":"publisher","DOI":"10.1007\/s11063-017-9593-7"},{"key":"ref188","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15037-1_20"},{"key":"ref187","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053017"},{"key":"ref186","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00958-7_40"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1961189.1961202"},{"key":"ref27","author":"salton","year":"1986","journal-title":"Introduction to Modern Information Retrieval"},{"key":"ref179","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.05.009"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.3"},{"key":"ref20","article-title":"Malicious URL detection using machine learning: A survey","volume":"abs 1701 7179","author":"sahoo","year":"2017","journal-title":"CoRR"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1145\/3041008.3041016","article-title":"What’s in a URL: Fast feature extraction and malicious URL detection","author":"verma","year":"2017","journal-title":"Proc 3rd ACM Int Workshop Secur Privacy Anal"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699115"},{"key":"ref24","author":"abel","year":"2018","journal-title":"Study Shows Which Phishing Attacks Most Successful"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.02.008"},{"key":"ref278","doi-asserted-by":"publisher","DOI":"10.1145\/1459352.1459357"},{"key":"ref26","first-page":"27","article-title":"Evaluation measures for models assessment over imbalanced data sets","volume":"3","author":"bekkar","year":"2013","journal-title":"J Inf Eng Appl"},{"key":"ref279","first-page":"1","article-title":"Anti-phishing shared pilot at 4th ACM IWSPA (IWSPA-AP)","author":"verma","year":"2018","journal-title":"CEUR Proceedings"},{"key":"ref25","author":"stein","year":"2017","journal-title":"Security Research at Chevron"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2014.7014140"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2014.2377295"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516682"},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997494"},{"key":"ref156","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1109\/TSMCB.2008.2007853","article-title":"Exploratory undersampling for class-imbalance learning","volume":"39","author":"liu","year":"2009","journal-title":"IEEE Trans Syst Man Cybern B Cybern"},{"key":"ref155","doi-asserted-by":"publisher","DOI":"10.1109\/HotWeb.2015.20"},{"key":"ref150","first-page":"3","article-title":"ADAM: Automated detection and attribution of malicious webpages","author":"kosba","year":"2014","journal-title":"Proc Int Workshop Inf Security Appl"},{"key":"ref152","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2016.7727750"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1080\/0144929X.2017.1369569"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime.2012.6489521"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2012.66"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2014.08.003"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2016.7487942"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46298-1_30"},{"key":"ref58","first-page":"46","article-title":"Phishing URL detection: A machine learning and Web mining-based approach","volume":"123","author":"sananse","year":"2015","journal-title":"Int J Comput Appl"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030389"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/IEEEGCC.2011.5752505"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-013-0250-4"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-016-0064-3"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataCongress.2015.97"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICoAC.2014.7229761"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5934995"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1109\/ecrime.2010.5706696"},{"key":"ref166","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2011.126"},{"key":"ref165","first-page":"1065","article-title":"An enhanced online phishing e-mail detection framework based on ‘evolving connectionist system","volume":"9","author":"almomani","year":"2012","journal-title":"Int J Innov Comput Inf Control"},{"key":"ref164","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.76"},{"key":"ref163","doi-asserted-by":"publisher","DOI":"10.5815\/ijieeb.2015.02.08"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/425731"},{"key":"ref161","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2016.105"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_5"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-42641-9"},{"key":"ref3","author":"daswani","year":"2007","journal-title":"Foundations of Security -What Every Programmer Needs to Know"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663749"},{"key":"ref5","author":"crowe","year":"2016","journal-title":"Phishing by the numbers Must-know phishing statistics 2016"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_47"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2752087"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CICT.2015.63"},{"key":"ref157","first-page":"340","article-title":"Analysis of email header for forensics purpose","author":"guo","year":"2013","journal-title":"Proc IEEE Int Conf Commun Syst Netw Technol (CSNT)"},{"key":"ref158","first-page":"455","article-title":"Semantic feature selection for text with application to phishing email detection","author":"verma","year":"2013","journal-title":"Proc IEEE 16th Int Conf Inf Security Cryptol (ICISC)"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-016-2275-y"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-016-2374-9"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2015.7249455"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.19107\/IJISC.2016.02.06"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2012.104"},{"key":"ref42","first-page":"298","article-title":"A novel approach for phishing detection using URL-based heuristic","author":"nguyen","year":"2014","journal-title":"Proc IEEE Int Conf Comput Manag Telecommun (ComManTel)"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/s13278-017-0434-5"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2014.7004239"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18500-2_8"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC.2016.045"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38027-3_89"},{"key":"ref70","first-page":"172","article-title":"Anti-phishing technique to detect URL obfuscation","volume":"4","author":"rathod","year":"2014","journal-title":"Int J Eng Res Appl"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2015.7232958"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-015-0239-x"},{"key":"ref74","first-page":"359","article-title":"TFD: A multi-pattern matching algorithm for large-scale URL filtering","author":"yuan","year":"2013","journal-title":"Proc Int Conf Comput Netw Commun (ICNC)"},{"key":"ref75","article-title":"Anomaly based malicious URL detection in instant messaging","author":"guan","year":"2009","journal-title":"Proceedings of JWIS09"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557575"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2487647"},{"key":"ref60","article-title":"Coordinator based suspicious URL detection and prevention of malicious URL attacks in Twitter’s","volume":"5","author":"sandra","year":"2014","journal-title":"Int J Sci Eng Res"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2016.332"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2808797.2809281"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/s10766-014-0330-9"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/1866423.1866434"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2013.6654816"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/ASIAJCIS.2013.19"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883056"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC.2015.40"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2567948.2577320"},{"key":"ref197","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2016.2575828"},{"key":"ref198","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00447"},{"key":"ref199","doi-asserted-by":"publisher","DOI":"10.1145\/2487788.2488034"},{"key":"ref193","first-page":"537","article-title":"Multi-defender strategic filtering against spear-phishing attacks","author":"laszka","year":"2016","journal-title":"Proc 30th AAAI Conf Artif Intell"},{"key":"ref194","first-page":"958","article-title":"Optimal personalized filtering against spear-phishing attacks","author":"laszka","year":"2015","journal-title":"Proc 29th AAAI Conf Artif Intell"},{"key":"ref195","first-page":"469","article-title":"Detecting credential spearphishing attacks in enterprise settings","author":"ho","year":"2017","journal-title":"Proc Usenix Security Symp"},{"key":"ref196","first-page":"658","article-title":"Optimizing personalized email filtering thresholds to mitigate sequential spear phishing attacks","author":"zhao","year":"2016","journal-title":"Proc 30th AAAI Conf Artif Intell"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOM.2007.4550367"},{"key":"ref190","doi-asserted-by":"publisher","DOI":"10.1109\/ASONAM.2010.56"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1145\/2046684.2046686"},{"key":"ref191","first-page":"25","article-title":"Applying clustering and ensemble clustering approaches to phishing profiling","author":"yearwood","year":"2009","journal-title":"Proc 8th Aust Data Min Conf"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/EBISS.2009.5138008"},{"key":"ref192","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2014.46"},{"key":"ref92","first-page":"1","article-title":"Large-scale automatic classification of phishing pages","author":"whittaker","year":"2010","journal-title":"Proc of 17th NDSS"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177730256"},{"key":"ref98","first-page":"11","article-title":"Detecting malicious Web links and identifying their attack types","author":"choi","year":"2011","journal-title":"Proc 2nd USENIX Conf Web Appl Develop"},{"key":"ref99","article-title":"Examination of data, and detection of phishing URLs using URL ranking","author":"feroz","year":"2015"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2016.10"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15497-3_17"},{"key":"ref82","first-page":"113","article-title":"Efficient malicious URL based on feature classification","volume":"3","author":"sharma","year":"2015","journal-title":"Int J Eng Res Gen Sci"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1147\/JRD.2016.2558018"},{"key":"ref84","first-page":"1","article-title":"Detecting malicious short URLs on Twitter","author":"alshboul","year":"2015","journal-title":"Proc AMCIS"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2013.6691627"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177729694"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030387"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/ATC.2013.6698185"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2016.0073"},{"key":"ref88","first-page":"2","article-title":"Anti-phishing pilot at ACM IWSPA 2018: Evaluating performance with new metrics for unbalanced datasets","author":"aassal","year":"2018","journal-title":"Proc IWSPA-AP Anti Phishing Shared Task Pilot 4th ACM IWSPA"},{"key":"ref200","doi-asserted-by":"publisher","DOI":"10.1145\/1754393.1754396"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.07.006"},{"key":"ref100","first-page":"523","article-title":"Phishing detection using Web site heuristics","volume":"19","author":"lee","year":"2016","journal-title":"Int Inf Inst Tokyo Inf"},{"key":"ref209","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.02.065"},{"key":"ref203","first-page":"61","article-title":"Impulsiveness and aggression","volume":"10","author":"barratt","year":"1994","journal-title":"Violence and Mental Disorder Developments in Risk Assessment"},{"key":"ref204","doi-asserted-by":"publisher","DOI":"10.1037\/0022-3514.39.5.752"},{"key":"ref201","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979244"},{"key":"ref202","first-page":"139","article-title":"A five-factor theory of personality","volume":"2","author":"mccrae","year":"1999","journal-title":"Handbook of Personality Theory and Research"},{"key":"ref207","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135853"},{"key":"ref208","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813660"},{"key":"ref205","first-page":"3","article-title":"Research design and issues of validity","author":"brewer","year":"2000","journal-title":"Handbook of Research Methods in Social and Personality Psychology"},{"key":"ref206","doi-asserted-by":"publisher","DOI":"10.1016\/0030-5073(73)90017-2"},{"key":"ref211","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2566265"},{"key":"ref210","doi-asserted-by":"publisher","DOI":"10.1177\/0018720816684064"},{"key":"ref212","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2016.7487946"},{"key":"ref213","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26555-1_26"},{"key":"ref214","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.12.044"},{"key":"ref215","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.179"},{"key":"ref216","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2015.05.005"},{"key":"ref217","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211219173"},{"key":"ref218","article-title":"Do users focus on the correct cues to differentiate between phishing and genuine emails?","author":"parsons","year":"2016","journal-title":"arXiv preprint arXiv 1605 01584"},{"key":"ref219","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39218-4_27"},{"key":"ref220","doi-asserted-by":"publisher","DOI":"10.24251\/HICSS.2017.520"},{"key":"ref222","first-page":"45","article-title":"Exploring learners’ sequential behavioral patterns, flow experience, and learning performance in an anti-phishing educational game","volume":"20","author":"sun","year":"2017","journal-title":"J Educ Technol Soc"},{"key":"ref221","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2015.419"},{"key":"ref229","doi-asserted-by":"publisher","DOI":"10.1080\/0144929X.2011.632650"},{"key":"ref228","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979459"},{"key":"ref227","first-page":"3716","article-title":"Typology of phishing email victims based on their behavioural response","volume":"5","author":"alseadoon","year":"2013","journal-title":"Proc of the 19th Americas Conf on Inf Syst (AMCIS 2013)"},{"key":"ref226","doi-asserted-by":"publisher","DOI":"10.1109\/TPC.2012.2208392"},{"key":"ref225","doi-asserted-by":"publisher","DOI":"10.1016\/j.compedu.2016.12.003"},{"key":"ref224","first-page":"87","article-title":"Which teaching strategy is better for enhancing anti-phishing learning motivation and achievement? The concept maps on tablet PCS or worksheets?","volume":"19","author":"sun","year":"2016","journal-title":"J Educ Technol Soc"},{"key":"ref223","doi-asserted-by":"publisher","DOI":"10.1111\/jcc4.12126"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.25"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.1109\/ICPR.2010.1010"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-013-1490-z"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/9838169"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1109\/ISPACS.2014.7024424"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-009-9247-9"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-013-0320-5"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66402-6_22"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1109\/TNN.2011.2161999"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2743528"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2015.7364026"},{"key":"ref232","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.02.004"},{"key":"ref233","first-page":"197","article-title":"Managers’ and employees’ differing responses to security approaches","volume":"59","author":"balozian","year":"2017","journal-title":"J Comput Inf Syst"},{"key":"ref230","first-page":"229","article-title":"How effective is anti-phishing training for children?","author":"lastdrager","year":"2017","journal-title":"Proc Symp Usable Privacy and Security (SOUPS ' 08"},{"key":"ref231","first-page":"564","article-title":"Which phish get caught? An exploratory study of individual susceptibility to phishing","author":"moody","year":"2011","journal-title":"Proc Int Conf Ind Inf Syst (ICIIS)"},{"key":"ref239","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2012.12.018"},{"key":"ref238","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2014.05.046"},{"key":"ref235","first-page":"115","article-title":"A qualitative investigation of bank employee experiences of information security and phishing","author":"conway","year":"2017","journal-title":"Proceedings of Symposium on Usable Privacy and Security (SOUPS)"},{"key":"ref234","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143133"},{"key":"ref237","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.08.008"},{"key":"ref236","article-title":"Phishing for answers: Factors influencing a participant’s ability to categorize email","author":"martin","year":"2009","journal-title":"Comput Changing World"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.02.009"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2011.103"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883060"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxx035"},{"key":"ref139","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2010.04.044"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2014.1001260"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2011.02.001"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-72395-2_5"},{"key":"ref143","first-page":"10","article-title":"Clustering potential phishing websites using DeepMD5","author":"britt","year":"2012","journal-title":"Proc USENIX Workshop on Large-Scale Exploits and Emergent Threats"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2009.5342610"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.121"},{"key":"ref145","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime.2011.6151977"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.5220\/0006552602250232"},{"key":"ref241","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.09.012"},{"key":"ref242","doi-asserted-by":"publisher","DOI":"10.1109\/SCC.2016.61"},{"key":"ref243","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746208"},{"key":"ref244","doi-asserted-by":"publisher","DOI":"10.1108\/OIR-04-2015-0106"},{"key":"ref240","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00442"},{"key":"ref248","doi-asserted-by":"publisher","DOI":"10.1177\/0735633117699232"},{"key":"ref247","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.03.002"},{"key":"ref246","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-33406-8_41"},{"key":"ref245","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2016.696"},{"key":"ref249","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70278-0_39"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2016.05.005"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_10"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/SRDS.2014.26"},{"key":"ref106","first-page":"803","article-title":"Mitigate Web phishing using site signatures","author":"huang","year":"2010","journal-title":"Proc TENCON IEEE Region 10 Conf"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/2019599.2019606"},{"key":"ref104","first-page":"539","article-title":"An evaluation of machine learning-based methods for detection of phishing sites","author":"miyamoto","year":"2008","journal-title":"Proc Int Conf Neural Inf Process"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13841-1_18"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1045"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.10.004"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2011.01.046"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/ICDSE.2014.6974616"},{"key":"ref250","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2544742"},{"key":"ref251","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.02.050"},{"key":"ref254","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2012.657"},{"key":"ref255","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39218-4_28"},{"key":"ref252","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.12.003"},{"key":"ref253","doi-asserted-by":"publisher","DOI":"10.1109\/EDOCW.2014.59"},{"key":"ref257","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025831"},{"key":"ref256","doi-asserted-by":"publisher","DOI":"10.1109\/SMC.2014.6974273"},{"key":"ref259","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41320-9_4"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.106"},{"key":"ref258","doi-asserted-by":"publisher","DOI":"10.1177\/0018720816665025"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-017-0334-z"},{"key":"ref12","article-title":"Phishing activity trends report—H1 2011","year":"2011"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.5210\/fm.v10i9.1272"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595686"},{"key":"ref15","first-page":"4:1","article-title":"Behind phishing: An examination of phisher modi operandi","author":"mcgrath","year":"2008","journal-title":"USENIX Workshop on Large-scale Exploits and Emergent Threats"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-017-3305-0"},{"key":"ref16","first-page":"1","article-title":"There is no free phish: An analysis of ‘free’ and live phishing kits","author":"cova","year":"2008","journal-title":"Proc of USENIX WOOT"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-016-0418-9"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24212-0_12"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978330"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1109\/WI-IAT.2012.258"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.050"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1145\/2212776.2223683"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.08.003"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2015.7120795"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2014.01.002"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMA.2013.145"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2016.01.028"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2014.03.019"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2013.0202"},{"key":"ref260","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753383"},{"key":"ref261","first-page":"285","article-title":"Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection","author":"nicholson","year":"2017","journal-title":"Proc Symp Usable Privacy and Security"},{"key":"ref262","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078838"},{"key":"ref263","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222270111"},{"key":"ref264","doi-asserted-by":"publisher","DOI":"10.3389\/fpsyg.2018.00135"},{"key":"ref265","doi-asserted-by":"publisher","DOI":"10.3102\/00346543066002137"},{"key":"ref266","doi-asserted-by":"publisher","DOI":"10.1111\/opo.12131"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/9739\/9031610\/8924660-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/9031610\/08924660.pdf?arnumber=8924660","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T16:58:55Z","timestamp":1651078735000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8924660\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":280,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/comst.2019.2957750","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}