{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,5,13]],"date-time":"2023-05-13T10:28:57Z","timestamp":1683973737026},"reference-count":39,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Fundamentals"],"published-print":{"date-parts":[[2021,1,1]]},"DOI":"10.1587\/transfun.2020cip0005","type":"journal-article","created":{"date-parts":[[2020,12,31]],"date-time":"2020-12-31T22:12:22Z","timestamp":1609452742000},"page":"162-181","source":"Crossref","is-referenced-by-count":2,"title":["To Get Lost is to Learn the Way: An Analysis of Multi-Step Social Engineering Attacks on the Web"],"prefix":"10.1587","volume":"E104.A","author":[{"given":"Takashi","family":"KOIDE","sequence":"first","affiliation":[{"name":"NTT Secure Platform Laboratories"},{"name":"Graduate School of Environment and Information Sciences, Yokohama National University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daiki","family":"CHIBA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mitsuaki","family":"AKIYAMA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Katsunari","family":"YOSHIOKA","sequence":"additional","affiliation":[{"name":"Graduate School of Environment and Information Sciences, Yokohama National University"},{"name":"Institute of Advanced Sciences, Yokohama National University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tsutomu","family":"MATSUMOTO","sequence":"additional","affiliation":[{"name":"Graduate School of Environment and Information Sciences, Yokohama National University"},{"name":"Institute of Advanced Sciences, Yokohama National University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] T. Koide, D. Chiba, and M. Akiyama, \u201cTo get lost is to learn the way: Automatically collecting multi-step social engineering attacks on the web,\u201d 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS'20, Taipei, Taiwan, Oct. 2020, ACM, 2020. 10.1145\/3320269.3384714","DOI":"10.1145\/3320269.3384714"},{"key":"2","unstructured":"[2] T. Nelms, R. Perdisci, M. Antonakakis, and M. Ahamad, \u201cWebwitness: Investigating, categorizing, and mitigating malware download paths,\u201d 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, Aug. 2015, pp.1025-1040, USENIX Association, 2015."},{"key":"3","unstructured":"[3] T. Nelms, R. Perdisci, M. Antonakakis, and M. Ahamad, \u201cTowards measuring and mitigating social engineering software download attacks,\u201d 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, Aug. 2016., pp.773-789, USENIX Association, 2016."},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] N. Miramirkhani, O. Starov, and N. Nikiforakis, \u201cDial one for scam: A large-scale analysis of technical support scams,\u201d 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, Feb.-March, 2017. 10.14722\/ndss.2017.23163","DOI":"10.14722\/ndss.2017.23163"},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] B. Srinivasan, A. Kountouras, N. Miramirkhani, M. Alam, N. Nikiforakis, M. Antonakakis, and M. Ahamad, \u201cExposing search and advertisement abuse tactics and infrastructure of technical support scammers,\u201d Web Conference, WWW 2018, Lyon, France, April 2018. 10.1145\/3178876.3186098","DOI":"10.1145\/3178876.3186098"},{"key":"6","doi-asserted-by":"crossref","unstructured":"[6] A. Kharraz, W.K. Robertson, and E. Kirda, \u201cSurveylance: Automatically detecting online survey scams,\u201d 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, San Francisco, California, USA, May 2018, pp.70-86, 2018. 10.1109\/sp.2018.00044","DOI":"10.1109\/SP.2018.00044"},{"key":"7","doi-asserted-by":"crossref","unstructured":"[7] C.J. Dietrich, C. Rossow, and N. Pohlmann, \u201cExploiting visual appearance to cluster and detect rogue software,\u201d 28th Annual ACM Symposium on Applied Computing, SAC'13, Coimbra, Portugal, March 2013, pp.1776-1783, ACM, 2013. 10.1145\/2480362.2480697","DOI":"10.1145\/2480362.2480697"},{"key":"8","unstructured":"[8] M.Z. Rafique, T. van Goethem, W. Joosen, C. Huygens, and N. Nikiforakis, \u201cIt's free for a reason: Exploring the ecosystem of free live streaming services,\u201d 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, Feb. 2016, pp.21-24, The Internet Society, 2016. 10.14722\/ndss.2016.23030"},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] G. Stringhini, C. Kruegel, and G. Vigna, \u201cShady paths: Leveraging surfing crowds to detect malicious web pages,\u201d 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, Nov. 2013, pp.133-144, 2013. 10.1145\/2508859.2516682","DOI":"10.1145\/2508859.2516682"},{"key":"10","doi-asserted-by":"crossref","unstructured":"[10] H. Mekky, R. Torres, Z. Zhang, S. Saha, and A. Nucci, \u201cDetecting malicious HTTP redirections using trees of user browsing activity,\u201d 2014 IEEE Conference on Computer Communications, INFOCOM 2014, Toronto, Canada, April-May 2014, pp.1159-1167, 2014. 10.1109\/infocom.2014.6848047","DOI":"10.1109\/INFOCOM.2014.6848047"},{"key":"11","doi-asserted-by":"crossref","unstructured":"[11] T. Taylor, X. Hu, T. Wang, J. Jang, M.P. Stoecklin, F. Monrose, and R. Sailer, \u201cDetecting malicious exploit kits using tree-based similarity searches,\u201d Proc. 6th ACM on Conference on Data and Application Security and Privacy, CODASPY 2016, New Orleans, LA, USA, March 2016, pp.255-266, 2016. 10.1145\/2857705.2857718","DOI":"10.1145\/2857705.2857718"},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] P. Vadrevu, J. Liu, B. Li, B. Rahbarinia, K.H. Lee, and R. Perdisci, \u201cEnabling reconstruction of attacks on users via efficient browsing snapshots,\u201d 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, Feb.-March 2017. 10.14722\/ndss.2017.23100","DOI":"10.14722\/ndss.2017.23100"},{"key":"13","unstructured":"[13] A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna, and V. Paxson, \u201cHulk: Eliciting malicious behavior in browser extensions,\u201d 23rd USENIX Security Symposium, San Diego, CA, USA, Aug. 2014, pp.641-654, USENIX Association, 2014."},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] X. Xing, W. Meng, B. Lee, U. Weinsberg, A. Sheth, R. Perdisci, and W. Lee, \u201cUnderstanding malvertising through ad-injecting browser extensions,\u201d 24th International Conference on World Wide Web, WWW 2015, Florence, Italy, May 2015, pp.1286-1295, ACM, 2015. 10.1145\/2736277.2741630","DOI":"10.1145\/2736277.2741630"},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] K. Thomas, E. Bursztein, C. Grier, G. Ho, N. Jagpal, A. Kapravelos, D. McCoy, A. Nappa, V. Paxson, P. Pearce, N. Provos, and M.A. Rajab, \u201cAd injection at scale: Assessing deceptive advertisement modifications,\u201d 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 2015, pp.151-167, IEEE Computer Society, 2015. 10.1109\/sp.2015.17","DOI":"10.1109\/SP.2015.17"},{"key":"16","unstructured":"[16] Internet Archive, \u201cHeritrix,\u201d https:\/\/github.com\/internetarchive\/heritrix3, 2019."},{"key":"17","unstructured":"[17] Selenium Developers Group, \u201cSelenium,\u201d https:\/\/www.seleniumhq.org\/, 2019."},{"key":"18","doi-asserted-by":"crossref","unstructured":"[18] S. Duman, K. Onarlioglu, A.O. Ulusoy, W.K. Robertson, and E. Kirda, \u201cTrueClick: Automatically distinguishing trick banners from genuine download links,\u201d 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA, USA, Dec. 2014, pp.456-465, ACM, 2014. 10.1145\/2664243.2664279","DOI":"10.1145\/2664243.2664279"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] L. Lu, R. Perdisci, and W. Lee, \u201cSURF: Detecting and measuring search poisoning,\u201d 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, Oct. 2011, pp.467-476, ACM, 2011. 10.1145\/2046707.2046762","DOI":"10.1145\/2046707.2046762"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] L. Invernizzi and P.M. Comparetti, \u201cEvilseed: A guided approach to finding malicious web pages,\u201d IEEE Symposium on Security and Privacy, SP 2012, May 2012, San Francisco, California, USA, pp.428-442, IEEE Computer Society, 2012. 10.1109\/sp.2012.33","DOI":"10.1109\/SP.2012.33"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] H. Yang, X. Ma, K. Du, Z. Li, H. Duan, X. Su, G. Liu, Z. Geng, and J. Wu, \u201cHow to learn klingon without a dictionary: Detection and measurement of black keywords used by the underground economy,\u201d 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 2017, pp.751-769, IEEE Computer Society, 2017. 10.1109\/sp.2017.11","DOI":"10.1109\/SP.2017.11"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B.Y. Zhao, \u201cDetecting and characterizing social spam campaigns,\u201d 10th ACM SIGCOMM Internet Measurement Conference, IMC 2010, Melbourne, Australia, Nov. 2010, pp.35-47, ACM, 2010. 10.1145\/1879141.1879147","DOI":"10.1145\/1879141.1879147"},{"key":"23","unstructured":"[23] S. Lee and J. Kim, \u201cWarningBird: Detecting suspicious urls in Twitter stream,\u201d 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, Feb. 2012, The Internet Society, 2012."},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] N. Nikiforakis, F. Maggi, G. Stringhini, M.Z. Rafique, W. Joosen, C. Kruegel, F. Piessens, G. Vigna, and S. Zanero, \u201cStranger danger: Exploring the ecosystem of ad-based URL shortening services,\u201d 23rd International World Wide Web Conference, WWW'14, Seoul, Republic of Korea, April 2014, pp.51-62, ACM, 2014. 10.1145\/2566486.2567983","DOI":"10.1145\/2566486.2567983"},{"key":"25","unstructured":"[25] \u201cTesseract open source OCR engine,\u201d https:\/\/github.com\/tesseract-ocr\/tesseract, 2019."},{"key":"26","doi-asserted-by":"crossref","unstructured":"[26] P.F. Alcantarilla, J. Nuevo, and A. Bartoli, \u201cFast explicit diffusion for accelerated features in nonlinear scale spaces,\u201d British Machine Vision Conference, BMVC 2013, Bristol, UK, Sept. 2013, pp.13.1-13.11, 2013. 10.5244\/c.27.13","DOI":"10.5244\/C.27.13"},{"key":"27","unstructured":"[27] \u201cDoc2vec paragraph embeddings,\u201d https:\/\/radimrehurek.com\/gensim\/models\/doc2vec.html, 2019."},{"key":"28","unstructured":"[28] Symantec, \u201cDeepSight intelligence,\u201d https:\/\/www.symantec.com\/services\/cyber-security-services\/deepsight-intelligence, 2019."},{"key":"29","unstructured":"[29] Malwarebytes, \u201chpHosts,\u201d http:\/\/www.hosts-file.net\/, 2019."},{"key":"30","unstructured":"[30] K. Thomas, J.A.E. Crespo, R. Rasti, J.M. Picod, C. Phillips, M. Decoste, C. Sharp, F. Tirelo, A. Tofigh, M. Courteau, L. Ballard, R. Shield, N. Jagpal, M.A. Rajab, P. Mavrommatis, N. Provos, E. Bursztein, and D. McCoy, \u201cInvestigating commercial pay-per-install and the distribution of unwanted software,\u201d 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, Aug. 2016, pp.721-739, USENIX Association, 2016."},{"key":"31","unstructured":"[31] P. Kotzias, L. Bilge, and J. Caballero, \u201cMeasuring PUP prevalence and PUP distribution through pay-per-install services,\u201d 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, Aug. 2016, pp.739-756, USENIX Association, 2016."},{"key":"32","unstructured":"[32] Microsoft, \u201cMicrosoft cognitive services Bing search engine APIs,\u201d https:\/\/azure.microsoft.com\/en-us\/services\/cognitive-services\/search\/, 2019."},{"key":"33","doi-asserted-by":"crossref","unstructured":"[33] M. Sebasti\u00e1n, R. Rivera, P. Kotzias, and J. Caballero, \u201cAVclass: A tool for massive malware labeling,\u201d Research in Attacks, Intrusions, and Defenses-19th International Symposium, RAID 2016, Paris, France, Sept. 2016, Proceedings, pp.230-253, 2016. 10.1007\/978-3-319-45719-2_11","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"34","unstructured":"[34] P. Arntz, \u201cStolen security logos used to falsely endorse pups,\u201d https:\/\/blog.malwarebytes.com\/threat-analysis\/social-engineering-threat-analysis\/2018\/01\/stolen-security-logos-used-to-falsely-endorse-pups\/, 2018."},{"key":"35","unstructured":"[35] \u201cWeb of trust,\u201d https:\/\/www.mywot.com\/en\/scorecard\/etnamedia.net, 2019."},{"key":"36","doi-asserted-by":"crossref","unstructured":"[36] Z. Li, K. Zhang, Y. Xie, F. Yu, and X. Wang, \u201cKnowing your enemy: Understanding and detecting malicious web advertising,\u201d ACM Conference on Computer and Communications Security, CCS'12, Raleigh, NC, USA, Oct. 2012, pp.674-686, ACM, 2012. 10.1145\/2382196.2382267","DOI":"10.1145\/2382196.2382267"},{"key":"37","doi-asserted-by":"crossref","unstructured":"[37] A. Zarras, A. Kapravelos, G. Stringhini, T. Holz, C. Kruegel, and G. Vigna, \u201cThe dark alleys of madison avenue: Understanding malicious advertisements,\u201d 2014 Internet Measurement Conference, IMC 2014, Vancouver, BC, Canada, Nov. 2014, pp.373-380, ACM, 2014. 10.1145\/2663716.2663719","DOI":"10.1145\/2663716.2663719"},{"key":"38","unstructured":"[38] \u201chosts-blocklists,\u201d https:\/\/github.com\/notracking\/hosts-blocklists, 2019."},{"key":"39","unstructured":"[39] M. Bailey, D. Dittrich, E. Kenneally, and D. Maughan, \u201cThe menlo report: Ethical principles guiding information and communication technology research,\u201d Technical Report, U.S. Department of Homeland Security, Aug. 2012."}],"container-title":["IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E104.A\/1\/E104.A_2020CIP0005\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T03:37:24Z","timestamp":1609558644000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E104.A\/1\/E104.A_2020CIP0005\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,1]]},"references-count":39,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021]]}},"URL":"https:\/\/doi.org\/10.1587\/transfun.2020cip0005","relation":{},"ISSN":["0916-8508","1745-1337"],"issn-type":[{"value":"0916-8508","type":"print"},{"value":"1745-1337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,1]]}}}