A method to Measure the Efficiency of Phishing Emails Detection Features

Phishing is a threat in which users are sent fake emails that urge them to click a link (URL) which takes to a phisher's website. At that site, users' accounts information could be lost. Many technical and non-technical solutions have been proposed to fight phishing attacks. To stop such attacks, it is important to select the correct feature(s) to detect phishing emails. Thus, the current work presents a new method to selecting more efficient feature in detecting phishing emails. Best features can be extracted from email's body (content) part. Keywords and URLs are known features that can be extracted from email's body part. These two features are very relevant to the three general aspects of email, these aspects are, email's sender, email's content, and email's receiver. In this work, three effectiveness criteria were derived based on these aspects of email. Such criteria were used to evaluate the efficiency of Keywords and URLs features in detecting phishing emails by measuring their Effectiveness Metric (EM) values. The experimental results obtained from analyzing more than 8000 ham (legitimate) and phishing emails from two different datasets show that, relying upon the URLs feature in detecting phishing emails will predominantly give more precise results than relying upon the Keywords feature in a such task.