Detection of fraudulent marketing of consumer product in social networking services

Abstract

In recent days, malicious users try to captivate the consumers using their fraudulent marketing URL post in social networking sites. Such malicious URL posted by fake users in Social Networking Services (SNS) is hard to identify. Therefore, there occurs a need to detect such fraudulent URLs in SNS. In order to detect such URLS, this paper proposes a SNS Fraudulent Detection (SFD) scheme. The proposed SFD scheme includes a Deterministic Finite Automata Tokenization (DFA-T) and Web Crawler (WC) based Neuro Fuzzy System (WC-NFS). DFA-T extracts the URL features and calculates a Penalty Score (PS) based on the malicious words in the extracted URL. The DFA extracted URL features with PS are fed into WC-NFS. Subsequently, the WC fetches the numeric WC-Index (WCI) value from the URLs which are added to the WC-NFS. The existing URL data set is used to identify the malicious web links and suitable machine learning techniques are used to identify the malicious URLs. From the experimental results, it is found that the proposed SFD provides 92.6 % accuracy in classifying the benign from malicious URLs when compared with the existing methods.

Keywords

Consumer electronics fraudulent web crawler social networking service malicious users

1 Introduction

Social Networking Services (SNS) like Instagram, Twitter, Facebook, YouTube connect people of similar interests [2]. Many users are active on social media and move towards SNS for purchase, which aid chances for scammers to attract consumers. Consumer Electronics (CE) are electronic products used in day-to-day life [17] and advertisers use the strategy of marketing their electronic products in SNS. Online advertising of CE purchases may be fraudulent to attract the consumers by posting a CE product advertisement in SNS [5]. The attackers lure the consumers by irresistible posts, genuine consumers may fall prey to such advertisement by clicking the malicious URL posted by the adversary. Such adversaries would either campaign to sell a fraudulent CE product or steal user information [19]. Some attackers may use stolen or leaked information of users to analyze their type of CE purchase in the case of targeted attack [16]. Reportedly, 46% of the consumers have experienced such fraudulent activity on social media platforms which leads to phished websites as shown in Fig. 1 [23].

Fig. 1

Fraudulent activity experienced while making a purchase.

Many of such links lead to phished websites. Figure 2 shows the number of phishing sites detected in the 3rd quarter year of 2020 as reported by the public or consumers, in which more than 50% of phishing cases were fraudulent reports via SNS purchase. Online Social Networking (OSN) users are susceptible to multiple security risks [8].

Fig. 2

Phishing sites reported on 2020.

Figure 3 shows the comparison of phishing attack cases of year 2020 vs. 2015–2019, in which 2020 has reported massive amount of attacks compared to previous five years. The malicious users might launch an attack to steal the user’s sensitive information such as username, password, credit-card details or to steal money by invoking a fraudulent purchase [3]. Some attackers impersonate an organization and steal information from consumers [14]. Identification of such attacks can be done by inspecting the posted web page feature and differentiating the scammer from genuine links [4]. Some purchase links posted in SNS are analyzed using lexical feature of URL but it is ineffective to use only lexical features [12]. The web page features like URL-based, Content-based and Host-based features can be used to precise prediction [11]. To ensure trustworthiness of such websites involved in CE purchase and to verify the identity of the users advertising in such vulnerable SNS, SFD is proposed.

Fig. 3

Comparison of malicious activity 2020 vs. 2015–2019.

The paper is organized as follows Section II explains the prior research and novelty of SFD. Section III elaborates the proposed SFD in detail. The experimental results are discussed in Section IV and the paper is concluded in Section V.

2 Prior research and novelty of proposed SFD

Digital marketing, an integral part of social networking involves majority of consumers migrating towards electronic product purchase in SNS like instagram, twitter. As SNS based purchase of consumer products increase, the fraudulent posts also increase. Some fraudsters post URL with malicious domain name to sell counterfeit products [13]. The malicious domain name can be a already existing phished webpage or a webpage created for the consumers of SNS [15]. There is quantifiable amount of research which exists to detect malicious web pages. Figure 4 shows the taxonomy for malicious web page detection.

Fig. 4

Taxonomy for malicious web page detection.

List based approaches:

Blacklist and whitelist [18] are the most popular approaches used to find the malicious URLs. It will contain the list of blocked and genuine URLs but such verification will not be accurate in CE purchase fraudulent since the list is updated manually and does not contain recently compromised website list. Machine learning approaches like support vector machine, Random forest are used to overcome the disadvantage of manual list updating since they are detected based on the web parameters. Some heuristic based approaches are also used for URL classification but machine learning based approaches outperform heuristic based approaches in the factor of speed [21]. Cantina+is a heuristic based approach that uses the URL based features to differentiate the malicious and benign URLs [20].

Ranking approaches:

Some existing classification approaches were based on ranking algorithms [3]. An approach used a link analysis algorithm to calculate the page rank [3] values based on the web traffic of a particular page, popular sites and frequently visited sites which was found to be inaccurate. Google Indexing [3] uses google crawlers and gives index of the webpage. Alexa Reputation [3] ranks the webpage based on its popularity.

Machine Learning approaches:

A Learning Automata-based Malicious Social Bot Detection (LA-MSBD) [1] approach was developed which used URL features and trust models to detect malicious bot in twitter. LA-MSBD calculated the direct and indirect trust of twitter users based on Bayesian learning approach and belief value given by other users. It was found that the belief value was considerably low for newly created posts which lead to the misclassification of a genuine post as malicious. Moreover, an URL embedded (UE) algorithm [2] detected the malicious websites based on the correlation and coefficients of URLs. From the experimental analysis, it was inferred that it consumed huge space to store the embedded model since UE mapped the URL with their distributive representation. Another existing method named as MALicious Tweets in Parallel (MALT^P) [4] used tweet graphs and metapaths to classify malicious from genuine tweets which resulted in increased misclassification rate. Subsequently, MALT failed to verify the trustworthiness of posts given by legitimate account holders which led to increased malicious posts. A classification problem with case-based reasoning or a knowledge extraction assignment with imbalanced classes can be used to model fraud detection. Models based on different artificial intelligence techniques, including neural networks, copula models, decision trees, and others, to identify fraudulent payment activity [22].

Heuristic based approaches:

SpoofGuard prevents web spoofing and phishing using a heuristics of URL. Promotion based malicious account detection on online social network named as ProGaurd- [7] was developed, which collects the behavioral features of advertising accounts to classify it as malicious, which again is not very efficient when an attack is produced from a new account with no information. Li et al proposed a scoring based system to identify malicious user based on the privacy scores [9]. Some approaches detected malicious URLs by inspecting the keywords in URLs [10]. As a step forward towards malicious post detection, a Cognitive identification framework was designed to identify the malicious users in SNS for CE product advertisement [6] based on cognitive trials of users, such as psychological, activity trial and social interaction. However, this existing approach failed to resist the fraudster advertising. Therefore, this paper presents a novel SNS Fraud Detection approach named as SFD which overcomes all the existing disadvantages and classifies the SNS posted webpage as malicious or benign. SFD includes a DFA Tokenization which is a self-adaptive decision-making unit added after Consumer URL extraction which continuously iterates and finds a finite set of actions. The research focuses on designing a highly competent web crawler to extract a WCI feature, which plays a major role in accurately detecting newly launched malicious pages.

The WC-NFS takes input from DFA-T, WC and web traffic analyzer to precisely predict the posted URL as malicious or legitimate.

3 Proposed social networking service fraudulent detection (SFD)

The proposed SFD detects the fraudulent post using the URL and web features. The SFD contains DFA Tokenization, Web traffic analyzer and Web crawler, with these phases six features namely Subdomain (SD), Pathdomain(PD), Penalty Score(PS), GoogleIndex(GI), Web Crawler Index(WCI) and WHOIS are extracted. Initially, Deterministic Finite Automata Tokenization (DFA-T) performs tokenization on the posted URL and the SD and PD feature are extracted, then based on the malicious words in URL the penalty score is calculated. Subsequently, Web Traffic Analyzer (WTA) extracts the GoogleIndex (GI) value. Finally, the WCI is computed by the web crawler. Based on these features the SFD classifies a CE posted URL as malicious or benign. Figure 5 shows the overall workflow of SFD. SFD begins with DFA-T, followed by WTA, finally WC-NFS as explained below:

Fig. 5

Overall workflow SFD.

3.1 DFA Tokenization (DFA-T)

A Deterministic Finite Automata Tokenization (DFA-T) is performed after Consumer URL extraction. DFA-T produces the response on each state transaction. It is used to tokenize the contents in URLs. The structure of URL is partitioned as follows < protocol>://<SubDomain>.<Primary Domain>.<Top-Level-Domain> /<Path-Domain>. Table 1 explains the structure of URL with an example.

Table 1
URL structure explanation for https://bestbuy.electronics.com/site

URL partitioning Example URL

Protocol https

SubDomain bestbuy

PrimaryDomain electronics

Top-Level-Domain (TLD) com

PathDomain site

URL partitioning	Example URL
Protocol	https
SubDomain	bestbuy
PrimaryDomain	electronics
Top-Level-Domain (TLD)	com
PathDomain	site

Here the DFA-T divides the input URL into tokens. The character sequence of the URL is read as lexeme. The tokenization is performed as shown in Fig. 6. The extracted URL is given for tokenization. The URL is split as a character sequence in the input buffer and a Pointer Value (PV) scans the buffer and increments itself after scanning. The state transition occurs based on the input buffer data. A state transition occurs when a malicious character is scanned or a delimiter is found.

Fig. 6

Tokenization process, S₁ is starting state, S₂ and S₃ are final state, S_I Invalid states, S_m malicious state. SP is special character.

When the tokenizer encounters a delimiter the sequence is stored as a token in the symbol table. Tokenizer checks for the occurrence of ’@’,’-’ and dots and stores the information in the database. Legal sites do not frequently use ’@’ and ’– ’, when a ’@’ is encountered in the URL all the left side contents following it can be discarded. The malicious word transition takes place while encountering such words. After tokenization, DFA-T stores the identified valid tokens, lexemes and malicious characters present in the URL of CE purchase. The DFA-T stores the information about the sub domain, primary domain, top level domain and path domain separately as N tokens along with the ‘M’ malicious characters with its count. The DFA-T extracts the information from the symbol table. Algorithm 1 explains the functioning of DFA-T.

Tokenization is performed and the results are stored in the symbol table. DFA-T extracts the SD,PD and MS values and using the MS value the Penalty score is computed.

3.2 Web Traffic Analyzer (WTA)

The WTA computes the Googleindex of the URL in SNS which is used in the proposed SFD. Google indexed pages are WebPages visited by Google Bots, while indexing the contents of the site is analyzed by the bots. The Google index feature is an important web feature, since a high probability of frequently used CE purchase sites in SNS exists.

WTA also uses the WHOIS feature. WHOIS provides the information about the web page registration and expiration. The information about the malicious sites is unstable compared with the legitimate sites. Some malicious sites have IP addresses as part of the URL and the WHOIS feature is taken to identify such web pages. The webpage registration date is normalized as numerical value and fed into WC-NFS as WHOIS feature.

3.3 Web crawlers

The Web Crawlers (WC) also referred as Spider Bots (SB) crawls to the Consumer URLs and its interconnected pages and links. WC crawls from one website to another going through all the links until all the web indexes are crawled. Many attackers with the intention to attract consumers on purchase do not index all the web links, they focus on advertising electronic products. WC gets their input from DFA tokenizer and computes a numerical value of all existing indexes with the sub domain name. The value of WC is passed to the Neuro-Fuzzy system along with the features extracted in DFA tokenizer. Figure 7 explains the working of web crawlers. First the URL is extracted and the interlinks to the URL are extracted and traversed.

Fig. 7

Web crawler for web indexing.

Algorithm 5.1 DFA-T
1: Input: SNS marketing URL
2: Output: Features SD, PD, PS
3: DFA-T (Tokenize⟶URL.)
4: Extract SD = SubDomain
5: PD = PrimaryDomain
6: MS = Malicious token count
7: Penalty_score:
8: for URL_token in 0 to URL_length
9: if occurrence(’@’,’– ’,’.’)
10: if ’@’ & & ’– ’
11: PS = PS+1
12: else if occurrence (’.’)>5
13: PS = PS+1
14: end if
15: return SD, PD, PS
16: end if
17: end for

The crawler computes a URL rank based on the successfully crawled links and the computed URL rank is stored as WCI value in the database.

3.4 Web crawler based neuro-fuzzy system (WC-NFS)

WC-NFS is a combinational approach of neural networks and fuzzy logic based on the extracted features from web crawler which automatically achieves the knowledge by back propagation. The proposed WC-NFS uses six parameters for classifying benign and malicious URLs. They are sub domain, primary domain, Penalty Score, WC index values, GoogleIndex value and WHOIS information is given as input. The first layer of NFS is the input layer where all the 6 features are passed as vectors. The input vector x_i extracted using DFA-T and WC. Two of six input features are text strings that need to be represented as real values for input nodes and remaining are numerical inputs. Some features will not have any crisp value, eg. GoogleIndex might not exist for some URLs, in such cases “null” values are given as input vectors. The second layer is fuzzification. The vector values are fuzzified using the sigmoid function. It produces Li and M_i where i varies from 1 to 6. The Legitimate node is computed using $L_{i} (x_{i}) = \frac{1}{1 + e^{- (x_{i} - b_{i})}}$ and malicious node is computed as $M_{i} (x_{i}) = \frac{e^{- (x_{i} - b_{i})}}{1 + e^{- (x_{i} - b_{i})}}$ . The third layer is defuzzification, it receives its input from the second layer, the L_i are linked to T₁ $(α_{i} = Π_{i = 1}^{6} L_{i} (x_{i}))$ and M_i is linked to T₂ $(α_{j} = Π_{i = 1}^{6} M_{i} (x_{i}))$ node, which computes the association rule. The third layer collects the possible values of legitimate and malicious features. The fourth layer is the Normalization layer. All the legitimate features are Normalized as node N1 and the malicious features are normalized as N2. The output of normalization is $β_{i} = \frac{α_{i}}{\sum_{j = 1}^{2} α_{j}}$ . The final layer produces the output $O_{I} = \sum_{i = 1}^{2} ω_{i} β_{i}$ .

A sigmoid function for output node O_o is used for activation $O_{o} = f (O_{t}) = \frac{1}{1 + e^{- O_{t}}}$ . WC-NFS does not modify any rule; it automatically adjusts the needed threshold. Table 2 contains the abbreviations of the notations used in WC-NFS. Algorithm 2 explains the work flow of WC-NFS.WC-NFS changes the bias according to the necessity. Based on the output of the WC-NFS a URL is classified as benign or malicious URL. If a URL is classified as malicious by SFD then SNS consumers are alerted.

Table 2
Table of notations

Notations Abbreviation

x_i Input variable

b_i Bias value

L_i Legitimate nodes

M_i malicious node

O_o Activation function

ω_i Weight of the node

O_I Final layer output.

Notations	Abbreviation
x_i	Input variable
b_i	Bias value
L_i	Legitimate nodes
M_i	malicious node
O_o	Activation function
ω_i	Weight of the node
O_I	Final layer output.

Algorithm: WC-NFS Classification
1: Input: Input features.
2: Output: Classification of URL as fraudulent or benign
3: x_i⟶ Extract feature
4: DFA-T←Call Algorithm 5.1
5: Compute “WCI”,”GI”,”WHOIS”
6: for eachx_i∈ x set weight w_i
7: Compute L_i and M_i nodes← Fuzzification(L_i, M_i)
8: Compute T₁, T₂← Defuzzification(T1,T2)
9: Compute O_I←Normalize(T1, T2)
10: state← O_I
11: if state “benign” then “Normal post”
12: else if state “malicious” then “Malicious post”
13: end if
14: end for

4 Experimental results

SFD is tested for several datasets and evaluated for different ratios of malicious and benign URLs as shown below.

Experimental Dataset:

Malicious and Legitimate URLs dataset are collected from three websites.

PhishTank are an anti-phishing website, shares its legal information publicly with the intention to reduce phishing attacks. It is a community-based information system with frequent updating of information.

Malicious_n_nonmalicious URL contains about 400,000 labeled datasets. 82% of datasets are non-malicious and 18% of datasets are malicious.

Majestic million csv contains top 1 million list of webpages. Rank information about the top websites are included in this csv, which are available publically.

Environmental setup:

The SFD is tested with the datasets collected form. Benign and malicious URLs are trained and compared for the ratios of 80 : 20, 70 : 30, 60 : 40. About 11K datasets are collected from PhishTank and 22K datasets are used from Malicious_n_nonmalicious URLs, in which 80% of datasets are used for training and 20% of datasets are used for testing. The proposed SFD is programmed in python. First DFA tokenization occurs, URL is tokenized and the necessary features were extracted, Web crawlers are designed to crawl over web indexes, the total WCI is found, the WC is implemented using python selenium web driver. The features from DFA-T and WC are given to NFS. The features are inputted to NFS and resultant classification is done as benign or malicious.

Evaluation metrics:

The performance of the proposed SFD is evaluated based on accuracy, sensitivity and specificity.

Accuracy of a URL classification calculated based as $Accuracy = \frac{# Truephishing + # Truelegitimate}{# Totalsites}$ (1)

Sensitivity is calculated based on correctly detected legitimate URLs $Sensitivity = \frac{# Truelegitimate}{# Truelegitimate + # Falsealarmwebsites}$ (2)

Specificity is the rate of correctly detected malicious URLs $Specificity = \frac{# Truephishing}{# Truephishng + # Misseddetection}$ (3)

Results:

The performance of SFD based on the evaluation metrics is given in Table 3. Figure 8 compares the sensitivity and specificity of proposed SFD with other models.

Fig. 8

(a) Specificity (b) Sensitivity comparison of SFD with other models.

Table 3

Performance of SFD

Evaluation in (%) percentage	URL classification rate accuracy (%)
Accuracy	92.6
Sensitivity	91.5
Specificity	91.8

The proposed SFD is compared with existing classifiers such as Support Vector Machine (SVM), Decision Tree(DT), K-Nearest Neighbor(KNN), Random Forest(RF), Extreme Learning Machines(ELM). The comparison analysis is done using the collected datasets. The comparison analysis is shown in Table 4. The detection rate of SFD is better compared with other classifiers. The overall detection rate is shown in Fig. 9. The proposed SFD classifies the benign and malicious URL with the accuracy of 92.6%, which is higher than the other classifiers.

Fig. 9

Comparative analysis of existing models with proposed SFD.

Table 4

Comparison analysis

URLs dataset	Classifiers	Detection rate
PhishTank	SVM	0.867
	Decision tree	0.868
	KNN	0.865
	Random forest	0.895
	ELM	0.905
	Proposed SFD	0.918
Malicious_n_	SVM	0.855
nonmalicous URL	Decision tree	0.864
	KNN	0.851
	Random forest	0.902
	ELM	0.908
	Proposed SFD	0.925

Web crawlers:

The web crawling index of collected URLS was analyzed. From the analysis the WCI of malicious URLs are below 0.5 and WCI of benign URLs is above 0.5. The benign URL has a high index rank as shown in the Fig. 10.

Fig. 10

Web crawler indexing.

Table 5 shows the testing result for 20% of collected datasets. The testing results were recorded for multiple test numbers. The URLs were predicted to be benign and the misclassified count URLs is also listed in the table. SFD was tested for different combination of malicious and benign URLs as shown in Fig. 10. Figure 11(a) shows the accuracy computation for 80 : 20 benign vs. malicious ratio, 11(b) shows the accuracy for 70 : 30 and Fig. 11(c) shows for 60 : 40 ratio, in which SFD accuracy is higher than the other classifiers.

Fig. 11

Accuracy evaluation of different ratios of benign and malicious URLS (a) 80 : 20,(b)70 : 30,(c)60 : 40.

Table 5

Testing results for URL ratio 70 : 30 (benign:malicious)

Test number		Predicted Benign	Predicted malicious URL
5%	Benign URL(1155)	1052	103
	Malicious URL(495)	45	450
10%	Benign URL(2310)	2079	231
	Malicious URL(990)	89	901
15%	Benign URL(3465)	3208	257
	Malicious URL (1485)	119	1366
20%	Benign URL(4620)	4279	341
	Malicious URL(1980)	139	1841

ELM performed close to SFD, whereas SVM, KNN and decision tree detection rate were low. Random forest classification rate was high but ELM and the proposed SFD outperformed RF.

5 Conclusion

The SNS Fraudulent detection (SFD) detects fraudulent consumer product marketing in social networking services. The SFD is the combination of DFA-T, WTA and WC-NFS. SFD accurately detects the malicious URL post from fraudsters. SFD is tested with the URL collected from SNS sites. The Proposed SFD is compared with other classifiers like SVM, DT, KNN, RF and ELM. Compared to the other classifiers SFD classifies malicious URL post with more accuracy. The proposed SFD is also compared with other performance metrics like sensitivity and specificity. The comparison shows that SFD performs well in all the evaluation metrics. The proposed SFD classifies with an accuracy of 92.6%.

Footnotes

References

Rout

R.R.

, Lingam

and Somayajulu

D.V.L.N.

, Detection of Malicious Social Bots Using Learning Automata With URL Features in Twitter Network, in IEEE Transactions on Computational Social Systems 7(4) (2020), 1004–1018. doi: 10.1109/TCSS.2020.2992223.

Yan

, Xu

, Cui

, Zhang

, Guo

and Li

, Learning URL Embedding for Malicious Website Detection, in, IEEE Transactions on Industrial Informatics 16(10) (2020), 6673–6681. doi: 10.1109/TII.2020.2977886.

Pal

, Offenberger

and Vasudevan

, Assertion Ranking Using RTL Source Code Analysis, in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39(8) (2020), 1711–1724. doi: 10.1109/TCAD.2019.2921374.

Lancaster

, Chakraborty

and Subrahmanian

V.S.

, MALT^P: Parallel Prediction of Malicious Tweets, in IEEE Transactions on Computational Social Systems 5(4) (2018), 1096–1108. doi: 10.1109/TCSS.2018.2869171.

Cognitive Science-Based Security Framework in Consumer Electronics, in IEEE Consumer Electronics Magazine 9(1) (2020), 83–87. doi: 10.1109/MCE.2019.2941455.

Yuan

, Chen

, Tian

and Pei

, Malicious URL Detection Based on a Parallel Neural Joint Model, in IEEE Access 9 (2021), 9464–9472. doi: 10.1109/ACCESS.2021.3049625.

Zhou

et al., ProGuard: Detecting Malicious Accounts in Social-Network-Based Online Promotions, in IEEE Access 5 (2017), 1990–1999. doi: 10.1109/ACCESS.2017.2654272.

Fire

, Goldschmidt

and Elovici

, Online Social Networks: Threats and Solutions, in IEEE Communications Surveys & Tutorials 16(4) (2014), 2019–2036. doi: 10.1109/COMST.2014.2321628.

, Xin

, Zhao

, Yang

, Luo

and Chen

, Using User Behavior to Measure Privacy on Online Social Networks, in IEEE Access 8 (2020), 108387–108401. doi: 10.1109/ACCESS.2020.3000780.

10.

Yang

, Zuo

and Cui

, Detecting Malicious URLs via a Keyword-Based Convolutional Gated-Recurrent-Unit Neural Network, in IEEE Access 7 (2019), 29891–29900. doi: 10.1109/ACCESS.2019.2895751.

11.

Yuan

, Chen

, Tian

and Pei

, Malicious URL Detection Based on a Parallel Neural Joint Model, in IEEE Access 9 (2021), 9464–9472. doi: 10.1109/ACCESS.2021.3049625.

12.

Lee

and Kim

, WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream, in IEEE Transactions on Dependable and Secure Computing 10(3) (2013), 183–195. doi: 10.1109/TDSC.2013.3.

13.

Zhao

, Chang

, Wang

and Zeng

, Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification, in IEEE Access 7 (2019), 128990–128999. doi: 10.1109/ACCESS.2019.2940554.

14.

, Nguyen

and Turaga

, Firstfilter: A cost-sensitive approach to malicious URL detection in large-scale enterprise networks, in IBM Journal of Research and Development 60(4) (2016), 4:1–4:10. doi: 10.1147/JRD.2016.2558018.

15.

Liu

and Fu

, SPWalk: Similar Property Oriented Feature Learning for Phishing Detection, in IEEE Access 8 (2020), 87031–87045. doi: 10.1109/ACCESS.2020.2992381.

16.

Kondo

, Silverston

, Vassiliades

, Tode

and Asami

, Name Filter: A Countermeasure Against Information Leakage Attacks in Named Data Networking, in IEEE Access 6 (2018), 65151–65170. doi: 10.1109/ACCESS.2018.2877792.

17.

Khan

W.Z.

, Aalsalem

M.Y.

and Khan

M.K.

, Five acts of consumer behavior: A potential security and privacy threat to Internet of Things, 2018 IEEE International Conference on Consumer Electronics (ICCE) (2018), pp. 1–3. doi: 10.1109/ICCE.2018.8326124.

18.

Marchal

, François

, State

and Engel

, PhishStorm:Detecting Phishing With Streaming Analytics, in IEEETransactions on Network and Service Management 11(4) (2014), 458–471. doi: 10.1109/TNSM.2014.2377295.

19.

Lee

, Lee

, Kim

and Bahn

, Secure user identification for consumer electronics devices, in IEEE Transactions on Consumer Electronics 54(4) (2008), 1798–1802. doi: 10.1109/TCE.2008.4711237.

20.

Xiang

Guang

, Hong

Jason

, Rosé

Carolyn

and Cranor

Lorrie

, CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites, ACM Trans Inf Syst Secur 14 (2011), 21. 10.1145/2019599.2019606.

21.

da Silva

Carlo Marcelo Revoredo

, Feitosa

Eduardo Luzeiro

and Garcia

Vinicius Cardoso

, Heuristic-based strategy for Phishing prediction: A survey of URL-based approach, Computers & Security 88 (2020), 101613.

22.

Festa

Yury Y.

and Vorobyev

Ivan A.

, A Hybrid Machine Learning Framework for E-commerce Fraud Detection, 1 Jan. 2022:41–49¹