Skip to main content

Table 2 A list of 30 distinct features

From: Development of anti-phishing browser based on random forest and rule of extraction framework

S.No Features Conditions Result
1. IP Address Domain Part of URL contains IP Address Phishing
Domain Part of URL doesn’t contain IP Address Legitimate
2. Length of URL Length of URL below 54 Legitimate
Length of URL greater or equal to 54 Suspicious
Length of URL lesser or equal to 75 Phishing
3. Shortening Services Very Short URL Phishing
Normal URL Legitimate
4. ‘@’ Symbol Existence of ‘@’ character in URL Phishing
Absence of ‘@’ character in URL Legitimate
5. Double slash forwarding Position of Last ‘// in URL is below 7 Phishing
Position of Last ‘// in URL is above 7 Legitimate
6. Prefix and Suffixes Existence of ‘−’ character in Domain name Phishing
Absence of ‘−’ character in Domain name Legitimate
7. Sub Domain No. of Dots equal to one in Domain Part of URL Legitimate
No. of Dots equal to two in Domain Part of URL Suspicious
No. of Dots greater than two in Domain Part of URL Phishing
8. SSL final Certificate Using https by Trusted providers and Certificate Age should be greater than or equal to 1 Year Legitimate
Using https with Non-Trusted providers Suspicious
Using https by Non-Trusted providers and Certificate Age lesser than to 1 Year Phishing
9. Domain registration length Expiry date of Domains lesser or equal to 1 year Phishing
Expiry date of Domains greater than 1 year Legitimate
10. Favicon Favicon retrieved from External source Phishing
Favicon retrieved from Internal source Legitimate
11. Non-Standard Ports Port No. has Preferred Status Phishing
Port No. doesn’t have Preferred Status Legitimate
12. “HTTPS” token Domain section with HTTP token Phishing
Domain section without HTTP token Legitimate
13. URL Requests Percent of request URL lesser than 22% Legitimate
Percent of request URL is greater than or equal to 22% and lesser than 61% Suspicious
Percent of request URL is greater than 61% Phishing
14. URL with anchor Percent of request URL lesser than 31% Legitimate
Percent of request URL is greater than or equal to 31% and lesser than 67% Suspicious
Percent of request URL is greater than 67% Phishing
15. Tags containing Links Percent of Links in “Meta”,” Link” and “Script lesser than 17% Legitimate
Percent of Links in “Meta”,” Link” and “Script” is greater than or equal to 17% and lesser than 81% Suspicious
Percent of Links in “Meta”,” Link” and “Script” is greater than 81% Phishing
16. Server Form Handler-SFH “Is Empty” or “about: blank” in SFH Phishing
SFH forwards to another Domain Suspicious
SFH doesn’t contain “Is Empty” or “about: blank” or doesn’t forwards to another domain Legitimate
17. Submitting to email “mail()” services usage Phishing
Non-usage of “mail()” Legitimate
18. Abnormal URL URL without Hostname Phishing
URL with Hostname Legitimate
19. Webpage Redirect Page redirect is lesser than or equal to one Phishing
Page redirect is greater than or equal to two and less than four Suspicious
Page redirect is greater than four Legitimate
20. On mouse over Change in status bar with mouse over Phishing
No Change in status bar with mouse over Legitimate
21. Mouse right clicks Disabled Right Click Phishing
Enabled Right Click Legitimate
22. Browser Pop up Browser Popups with text boxes Phishing
Browser Popups without text boxes Legitimate
23. Iframe Webpage with usage of iframe Phishing
Webpage without the use of iframe Legitimate
24. Age of domain Domain age greater than 6 months Phishing
Domain age lesser than 6 months Legitimate
25. DNS Record Domain without DNS record Phishing
Domain with DNS record Legitimate
26. Web traffic webpage rank less than or equal to 100,00 Legitimate
webpage rank greater than 100,00 Suspicious
webpage rank greater than 100,000 Phishing
27. Page Rank Page Rank less than 0.2 Phishing
Page Rank greater than 0.2 Legitimate
28. Google Index Webpage without google index Phishing
Webpage with google index Legitimate
29. Links pointing to page No. of Links Pointing to Webpage is zero Phishing
No. of Links Pointing to Webpage is less than or equal to two Suspicious
No. of Links Pointing to Webpage is greater than two Legitimate
30. Statistical analysis report Host having topmost Phishing IP Addresses Phishing
Host without topmost Phishing IP Addresses Legitimate