{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T16:20:12Z","timestamp":1778602812246,"version":"3.51.4"},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2011,9,1]],"date-time":"2011-09-01T00:00:00Z","timestamp":1314835200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["DAAD 19-02-1-0389"],"award-info":[{"award-number":["DAAD 19-02-1-0389"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0524189"],"award-info":[{"award-number":["CCF-0524189"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2011,9]]},"abstract":"<jats:p>Phishing is a plague in cyberspace. Typically, phish detection methods either use human-verified URL blacklists or exploit Web page features via machine learning techniques. However, the former is frail in terms of new phish, and the latter suffers from the scarcity of effective features and the high false positive rate (FP). To alleviate those problems, we propose a layered anti-phishing solution that aims at (1) exploiting the expressiveness of a rich set of features with machine learning to achieve a high true positive rate (TP) on novel phish, and (2) limiting the FP to a low level via filtering algorithms.<\/jats:p>\n          <jats:p>Specifically, we proposed CANTINA+, the most comprehensive feature-based approach in the literature including eight novel features, which exploits the HTML Document Object Model (DOM), search engines and third party services with machine learning techniques to detect phish. Moreover, we designed two filters to help reduce FP and achieve runtime speedup. The first is a near-duplicate phish detector that uses hashing to catch highly similar phish. The second is a login form filter, which directly classifies Web pages with no identified login form as legitimate.<\/jats:p>\n          <jats:p>We extensively evaluated CANTINA+ with two methods on a diverse spectrum of corpora with 8118 phish and 4883 legitimate Web pages. In the randomized evaluation, CANTINA+ achieved over 92% TP on unique testing phish and over 99% TP on near-duplicate testing phish, and about 0.4% FP with 10% training phish. In the time-based evaluation, CANTINA+ also achieved over 92% TP on unique testing phish, over 99% TP on near-duplicate testing phish, and about 1.4% FP under 20% training phish with a two-week sliding window. Capable of achieving 0.4% FP and over 92% TP, our CANTINA+ has been demonstrated to be a competitive anti-phishing solution.<\/jats:p>","DOI":"10.1145\/2019599.2019606","type":"journal-article","created":{"date-parts":[[2011,10,4]],"date-time":"2011-10-04T13:24:18Z","timestamp":1317734658000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":393,"title":["CANTINA+"],"prefix":"10.1145","volume":"14","author":[{"given":"Guang","family":"Xiang","sequence":"first","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Jason","family":"Hong","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Carolyn P.","family":"Rose","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]},{"given":"Lorrie","family":"Cranor","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}]}],"member":"320","published-online":{"date-parts":[[2011,9]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"3sharp report. 2006. Gone phishing: Evaluating anti-phishing tools for windows. http:\/\/www.3sharp.com\/projects\/antiphishing\/gone-phishing.pdf. 3sharp report . 2006. Gone phishing: Evaluating anti-phishing tools for windows. http:\/\/www.3sharp.com\/projects\/antiphishing\/gone-phishing.pdf."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1009715923555"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1754393.1754394"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS\u201904)","author":"Chou N."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the Advances in Neural Information Processing Systems (NIPS\u201903)","author":"Cortes C."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 2nd USENIX Workshop on Offensive Technologies (WOOT\u201908)","author":"Cova M."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1073001.1073009"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2005.10.010"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242660"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 1st Conference on Latin American Web Congress (LA-WEB\u201903)","author":"Fetterly D."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"e_1_2_1_12_1","volume-title":"Phishdef: Url names say it all. CoRR abs\/1009.2275.","author":"Le A.","year":"2010"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062745.1062868"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_2"},{"key":"e_1_2_1_15_1","unstructured":"McCall T. 2007. Gartner survey. http:\/\/www.gartner.com\/it\/page.jsp?id=565125. McCall T. 2007. Gartner survey. http:\/\/www.gartner.com\/it\/page.jsp?id=565125."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1460877.1460905"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299016"},{"key":"e_1_2_1_18_1","first-page":"180","article-title":"Secure hash standard","author":"NIST.","year":"1995","journal-title":"Federal Information Processing Standards Publication"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.13"},{"key":"e_1_2_1_20_1","unstructured":"PhishTank. http:\/\/www.phishtank.com\/stats.php. PhishTank . http:\/\/www.phishtank.com\/stats.php."},{"key":"e_1_2_1_21_1","unstructured":"PhishTank. http:\/\/data.phishtank.com\/data\/online-valid\/. PhishTank . http:\/\/data.phishtank.com\/data\/online-valid\/."},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 4th APWG eCrime Researchers Summit.","author":"Sheng S."},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the 6th Conference on Email and Anti-Spam (CEAS\u201909)","author":"Sheng S."},{"key":"e_1_2_1_24_1","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"Witten I. H.","year":"2005","edition":"2"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526786"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS\u201910)","author":"Xiang G."},{"key":"e_1_2_1_27_1","volume-title":"Proceedings of the 3rd IEEE International Conference on Data Mining. 435--442","author":"Zadrozny B."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2019599.2019606","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2019599.2019606","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:07:42Z","timestamp":1750273662000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2019599.2019606"}},"subtitle":["A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites"],"short-title":[],"issued":{"date-parts":[[2011,9]]},"references-count":28,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011,9]]}},"alternative-id":["10.1145\/2019599.2019606"],"URL":"https:\/\/doi.org\/10.1145\/2019599.2019606","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,9]]},"assertion":[{"value":"2010-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-09-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}