SOK: A Comprehensive Reexamination of Phishing Research from the Security Perspective

TL;DR

This paper reexamines phishing and spear-phishing research from a security perspective, highlighting challenges like real-time detection and dataset quality, and surveys existing solutions to guide future improvements.

Contribution

It provides a security-focused review of phishing research, organizing detection techniques and identifying opportunities for enhancing defenses against these attacks.

Findings

Identifies key security challenges in phishing detection

Analyzes properties of datasets and detection algorithms

Suggests directions for future research and improvement

Abstract

Phishing and spear-phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear-phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques, we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear-phishing, and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.