网络钓鱼检测研究综述  

作　　者：谢丽霞[1] 张浩 杨宏宇 胡泽 成翔 张良 XIE Lixia;ZHANG Hao;YANG Hongyu;HU Ze;CHENG Xiang;ZHANG Liang(School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;School of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300,China;School of Information Engineering,Yangzhou University,Yangzhou 225127,China;Information Security Evaluation Center of Civil Aviation,Civil Aviation University of China,Tianjin 300300,China;School of Information,University of Arizona,Tucson AZ85721,USA)

机构地区：[1]中国民航大学计算机科学与技术学院,天津300300 [2]中国民航大学安全科学与工程学院,天津300300 [3]扬州大学信息工程学院,扬州225127 [4]中国民航大学民航信息安全评估中心,天津300300 [5]亚利桑那大学信息学院,图森AZ85721

出　　处：《电子科技大学学报》2024年第6期883-899,共17页Journal of University of Electronic Science and Technology of China

基　　金：国家自然科学基金(62201576,U1833107);中央高校基本科研业务费专项资金(3122022050)。

摘　　要：网络钓鱼作为一种社会工程攻击手段,旨在通过伪装成可信任的实体,如银行、社交媒体平台或政府机构,通过虚假的电子邮件、网站或消息来欺骗受害者。研究者主要通过各种技术手段检测网络钓鱼攻击,但当前检测研究仍面临三方面问题。1)攻击者采用伪装、漏洞利用和规避技术以逃避检测。2)现有的检测方法存在可解释性差、实时性低以及概念漂移等问题。3)由于缺乏足够的可解释性,造成用户对检测结果不信任。该文从应用场景、数据集、检测方法等方面对当前检测研究进行归纳与总结,并提出当前面临的问题以及展望未来可能的研究热点。Phishing,as a form of social engineering attack,aims to deceive victims by masquerading as a trustworthy entity such as a bank,social media platform,or government agency,using false emails,websites,or messages.Researchers primarily employ various technological means to detect phishing attacks,yet current detection studies face three main challenges.Firstly,attackers employ disguise,exploit vulnerabilities,and employ evasion techniques to evade detection.Secondly,existing detection methods suffer from poor interpretability,low real-time capabilities,and issues like concept drift.Lastly,due to insufficient interpretability,users may lack trust in the detection results.This paper summarizes the current detection researches from the aspects of application scenarios,datasets,detection methods,etc.,and puts forward the current problems and prospects the possible research hotspots in the future.

关 键 词：网络钓鱼 网络钓鱼检测 深度学习 机器学习 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]