Building a Self-Organizing Phishing Model Based upon Dynamic EMCUD

In recent years, with the rapid growth of the Internet applications and services, phishing attacks seriously threaten the web security. Due to the versatile and dynamic nature of phishing patterns, the development and maintenance of the anti-phishing prevention system is difficult and costly. Hence, how to acquire and update the phishing knowledge and the phishing model in the anti-phishing detection system become an important issue. In this study, we use the EMCUD (Extended Embedded Meaning Capturing and Uncertainty Deciding) method to build up the phishing attack knowledge according to the identification of phishing attributes. Since users have been aware of some anti-phishing methods, phishers often evolve phishing attack to gain in the environment. The phishing attack knowledge also needs to be dynamically evolved over time. How to systematically evolve the phishing knowledge becomes a major concern of this study. Hence, we use the VODKA (Variant Objects Discovering Knowledge Acquisition) method, a dynamic EMCUD, to evolve existing phishing knowledge. These methods can facilitate the acquisition of new inference rules for the phishing attack knowledge and the observation of the variation and the trend of the phishing attack. In the experiment, 1, 762 phishing URL of the APNOW (Anti-Phishing Notification Window) phishing database of Taiwan have been partitioned into 7 representative phishing cases, and 10 phishing attributes have been obtained by the VOKDA method. Finally, we successfully evolve detection rules of phishing models and observe the trend of the phishing attack model to show the feasibility of this study.