Basit Abdul, Zafar Maham, Liu Xuan, Javed Abdul Rehman, Jalil Zunera, Kifayat Kashif
Department of Computer Science, Air University, E-9, Islamabad, Pakistan.
School of Information Engineering, Yangzhou University, Yangzhou, China.
Telecommun Syst. 2021;76(1):139-154. doi: 10.1007/s11235-020-00733-2. Epub 2020 Oct 23.
In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client's sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.
近年来,网络钓鱼攻击已成为互联网用户、政府和服务提供组织面临的最突出攻击之一。在网络钓鱼攻击中,攻击者通过使用伪造电子邮件或虚假网站收集客户的敏感数据(即用户账户登录详细信息、信用卡/借记卡号码等)。网络钓鱼网站是在线社交工程攻击的常见切入点,包括网站上的众多欺诈行为。在这类攻击中,攻击者通过复制合法网站的行为创建网页,并通过垃圾邮件、短信或社交网络向目标受害者发送网址。为了全面了解网络钓鱼攻击,本文对人工智能(AI)技术进行了文献综述:用于网络钓鱼攻击检测的机器学习、深度学习、混合学习和基于场景的技术。本文还对每种人工智能技术检测网络钓鱼攻击的不同研究进行了比较,并考察了这些方法的优缺点。此外,本文还全面阐述了网络钓鱼攻击当前面临的一系列挑战以及该领域未来的研究方向。
