PhishMon: A Machine Learning Framework for Detecting Phishing Webpages

Despite numerous research efforts, phishing attacks remain prevalent and highly effective in luring unsuspecting users to reveal sensitive information, including account credentials and social security numbers. In this paper, we propose PhishMon, a new feature-rich machine learning framework to detect phishing webpages. It relies on a set of fifteen novel features that can he efficiently computed from a webpage without requiring third party services, such as search engines, or WHOIS servers. These features capture various characteristics of legitimate web applications as well as their underlying web infrastructures. Emulation of these features is costly for phishers as it demands to spend significantly more time and effort on their underlying infrastructures and web applications; in addition to the efforts required for replicating the appearance of target websites. Through extensive evaluation on a dataset consisting of 4,800 distinct phishing and 17,500 distinct benign webpages, we show that PhishMon can distinguish unseen phishing from legitimate webpages with a very high degree of accuracy. In our experiments, PhishMon achieved 95.4% accuracy with 1.3% false positive rate on a dataset containing unique phishing instances.