{"id":"https://openalex.org/W4416962106","doi":"https://doi.org/10.1109/pst65910.2025.11268870","title":"Comparing Macro and Micro Approaches for Detecting Phishing Where It Spreads","display_name":"Comparing Macro and Micro Approaches for Detecting Phishing Where It Spreads","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416962106","doi":"https://doi.org/10.1109/pst65910.2025.11268870"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268870","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268870","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5116420643","display_name":"Mina Erfan","orcid":"https://orcid.org/0000-0002-7509-9725"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Mina Erfan","raw_affiliation_strings":["University of Ottawa,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"University of Ottawa,Ottawa,Canada","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043554078","display_name":"Paula Branco","orcid":"https://orcid.org/0000-0002-9917-3694"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Paula Branco","raw_affiliation_strings":["University of Ottawa,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"University of Ottawa,Ottawa,Canada","institution_ids":["https://openalex.org/I153718931"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5007509079","display_name":"Guy-Vincent Jourdan","orcid":"https://orcid.org/0000-0001-6067-6545"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Guy-Vincent Jourdan","raw_affiliation_strings":["University of Ottawa,Ottawa,Canada"],"affiliations":[{"raw_affiliation_string":"University of Ottawa,Ottawa,Canada","institution_ids":["https://openalex.org/I153718931"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5116420643"],"corresponding_institution_ids":["https://openalex.org/I153718931"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.52476616,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11147","display_name":"Misinformation and Its Impacts","score":0.00139999995008111,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.0013000000035390258,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.906000018119812},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7095000147819519},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.4814999997615814},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.46070000529289246},{"id":"https://openalex.org/keywords/granularity","display_name":"Granularity","score":0.397599995136261},{"id":"https://openalex.org/keywords/macro","display_name":"Macro","score":0.38429999351501465}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.906000018119812},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7803999781608582},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7095000147819519},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.4814999997615814},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.46070000529289246},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.44839999079704285},{"id":"https://openalex.org/C177774035","wikidata":"https://www.wikidata.org/wiki/Q1246948","display_name":"Granularity","level":2,"score":0.397599995136261},{"id":"https://openalex.org/C166955791","wikidata":"https://www.wikidata.org/wiki/Q629579","display_name":"Macro","level":2,"score":0.38429999351501465},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.3693999946117401},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.3617999851703644},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35899999737739563},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3181000053882599},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.29789999127388},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2858000099658966},{"id":"https://openalex.org/C113954288","wikidata":"https://www.wikidata.org/wiki/Q186885","display_name":"Timestamp","level":2,"score":0.28349998593330383},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.27720001339912415}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268870","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268870","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W1924689489","https://openalex.org/W2122111042","https://openalex.org/W2295598076","https://openalex.org/W2911964244","https://openalex.org/W2995462150","https://openalex.org/W3003044879","https://openalex.org/W3153477107","https://openalex.org/W3176692480","https://openalex.org/W4213251304","https://openalex.org/W4239510810","https://openalex.org/W4286544494","https://openalex.org/W4297957988","https://openalex.org/W4306406255","https://openalex.org/W4385255258","https://openalex.org/W4388857373","https://openalex.org/W4399126774","https://openalex.org/W4399529008","https://openalex.org/W4399997059","https://openalex.org/W4401720426","https://openalex.org/W4403024241","https://openalex.org/W4404032450","https://openalex.org/W4404741582","https://openalex.org/W4404779521","https://openalex.org/W4404954361","https://openalex.org/W4406892885","https://openalex.org/W4407627985","https://openalex.org/W4407692019","https://openalex.org/W4407783610","https://openalex.org/W4407938309","https://openalex.org/W4408750002"],"related_works":[],"abstract_inverted_index":{"Phishing":[0],"attacks":[1],"have":[2,32],"evolved,":[3],"increasingly":[4],"leveraging":[5],"legitimate":[6],"platforms":[7],"to":[8,133,206],"bypass":[9],"traditional":[10],"domain":[11],"and":[12,27,42,68,87,160,171],"URL-based":[13],"detection":[14,110,200],"methods.":[15],"Existing":[16],"proactive":[17],"approaches":[18],"such":[19,64],"as":[20,36,65],"monitoring":[21],"Domain":[22],"Name":[23],"System":[24],"(DNS)":[25],"anomalies":[26],"Certificate":[28],"Transparency":[29],"(CT)":[30],"logs":[31],"become":[33],"less":[34],"effective,":[35],"attackers":[37],"now":[38],"exploit":[39],"trusted":[40],"websites":[41],"services.":[43],"To":[44],"address":[45,217],"this":[46,101],"challenge,":[47],"we":[48,103],"present":[49],"TelePhish,":[50],"a":[51,114,120,144],"dataset":[52,157],"of":[53,78,221],"annotated":[54],"Telegram":[55,82],"messages":[56],"collected":[57],"from":[58,119],"public":[59],"groups":[60],"in":[61,190],"high-risk":[62],"categories":[63],"Cryptocurrency,":[66],"Games,":[67],"Darknet.":[69],"Unlike":[70],"prior":[71],"works,":[72],"TelePhish":[73],"emphasizes":[74],"the":[75,156,213,218],"propagational":[76],"behavior":[77],"phishing":[79,109,126,210],"by":[80,112],"capturing":[81,191],"group":[83],"interactions,":[84],"message":[85],"patterns,":[86],"user":[88],"engagement,":[89],"rather":[90],"than":[91],"relying":[92],"on":[93,148,168],"easily":[94],"manipulated":[95],"textual":[96],"or":[97,216],"URL":[98],"features.":[99],"Using":[100],"dataset,":[102],"investigate":[104],"how":[105],"modeling":[106,141],"granularity":[107],"impacts":[108],"performance":[111],"adopting":[113],"macro-to-micro":[115],"approach.":[116],"We":[117,138,181],"start":[118],"general":[121,145,188,209],"model":[122,146],"that":[123,154,175,183,202],"captures":[124],"broad":[125],"patterns":[127,211],"across":[128,212],"Telegram,":[129],"then":[130,161],"progressively":[131],"narrow":[132],"more":[134],"specialized,":[135],"category-aware":[136],"models.":[137],"evaluate":[139],"four":[140],"strategies:":[142],"(i)":[143],"trained":[147,167],"all":[149],"data,":[150],"(ii)":[151],"general-cluster":[152],"models":[153,166,174,185,189,201],"segment":[155],"via":[158],"clustering":[159],"train":[162],"models,":[163],"(iii)":[164],"category":[165],"each":[169,179],"category,":[170],"(iv)":[172],"categorycluster":[173],"discover":[176],"sub-patterns":[177],"within":[178],"category.":[180],"show":[182],"localized":[184],"can":[186,203],"outperform":[187],"category-specific":[192],"patterns.":[193],"These":[194],"findings":[195],"provide":[196],"guidelines":[197],"for":[198],"designing":[199],"be":[204],"tailored":[205],"either":[207],"capture":[208],"entire":[214],"platform":[215],"unique":[219],"characteristics":[220],"individual":[222],"categories.":[223]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-03T00:00:00"}