{"id":"https://openalex.org/W4300953411","doi":"https://doi.org/10.1145/3538969.3538997","title":"Dating Phish: An Analysis of the Life Cycles of Phishing Attacks and Campaigns","display_name":"Dating Phish: An Analysis of the Life Cycles of Phishing Attacks and Campaigns","publication_year":2022,"publication_date":"2022-08-17","ids":{"openalex":"https://openalex.org/W4300953411","doi":"https://doi.org/10.1145/3538969.3538997"},"language":"en","primary_location":{"id":"doi:10.1145/3538969.3538997","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538969.3538997","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067485815","display_name":"Vincent Drury","orcid":"https://orcid.org/0000-0002-3227-6090"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Vincent Drury","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018459853","display_name":"Luisa Lux","orcid":null},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Luisa Lux","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001580305","display_name":"Ulrike Meyer","orcid":"https://orcid.org/0000-0002-2569-1042"},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ulrike Meyer","raw_affiliation_strings":["RWTH Aachen University, Germany"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University, Germany","institution_ids":["https://openalex.org/I887968799"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5067485815"],"corresponding_institution_ids":["https://openalex.org/I887968799"],"apc_list":null,"apc_paid":null,"fwci":1.4591,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.84927785,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9771999716758728,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9710000157356262,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.9822208881378174},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6255187392234802},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6027443408966064},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.48287108540534973},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.47805339097976685},{"id":"https://openalex.org/keywords/internet-users","display_name":"Internet users","score":0.47200581431388855},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45486587285995483}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.9822208881378174},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6255187392234802},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6027443408966064},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.48287108540534973},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.47805339097976685},{"id":"https://openalex.org/C3019036681","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"Internet users","level":3,"score":0.47200581431388855},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45486587285995483}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3538969.3538997","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538969.3538997","pdf_url":null,"source":{"id":"https://openalex.org/S4363608926","display_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:publications.rwth-aachen.de:852508","is_oa":false,"landing_page_url":"https://publications.rwth-aachen.de/record/852508","pdf_url":null,"source":{"id":"https://openalex.org/S4306401033","display_name":"RWTH Publications (RWTH Aachen)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I887968799","host_organization_name":"RWTH Aachen University","host_organization_lineage":["https://openalex.org/I887968799"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings of the 17th International Conference on Availability, Reliability and Security<br/>17. International Conference on Availability, Reliability and Security, ARES 2022, Vienna, Austria, 2022-08-23 - 2022-08-26","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","score":0.4300000071525574,"display_name":"Responsible consumption and production"}],"awards":[{"id":"https://openalex.org/G5200176330","display_name":null,"funder_award_id":"833418","funder_id":"https://openalex.org/F4320332999","funder_display_name":"Horizon 2020 Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320332999","display_name":"Horizon 2020 Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1994912669","https://openalex.org/W2007209062","https://openalex.org/W2024711043","https://openalex.org/W2029591949","https://openalex.org/W2113429362","https://openalex.org/W2118593120","https://openalex.org/W2140430159","https://openalex.org/W2604422183","https://openalex.org/W2933056782","https://openalex.org/W2941484091","https://openalex.org/W3151647019"],"related_works":["https://openalex.org/W3108752399","https://openalex.org/W2287013604","https://openalex.org/W1979174323","https://openalex.org/W2914974179","https://openalex.org/W2998775862","https://openalex.org/W4317952638","https://openalex.org/W3018198392","https://openalex.org/W2248792031","https://openalex.org/W3217356043","https://openalex.org/W2623568172"],"abstract_inverted_index":{"Phishing":[0],"attacks":[1],"are":[2],"still":[3],"a":[4,35,65,215,221,233],"general":[5],"and":[6,24,32,54,105,172,196,217,223],"world-wide":[7],"threat":[8],"to":[9,19,61,237],"users":[10],"of":[11,44,51,74,84,88,126,154,188,202,214,235],"the":[12,15,26,41,49,55,59,71,85,94,108,115,134,152,155,160,175,199,208,212,230,241],"Internet.":[13],"In":[14,77],"past,":[16],"several":[17,128,182,238],"approaches":[18],"detect":[20],"phishing":[21,45,90,109,138,161,203,242],"websites":[22,91,110,122,139,162],"earlier":[23],"shorten":[25],"time":[27,50,56,209],"frame":[28],"between":[29,211],"their":[30,52,169],"creation":[31,53,153,213],"inclusion":[33,219],"in":[34,47,64,150,168,205,220,226,240,245],"blocklist":[36],"have":[37,123],"been":[38],"proposed.":[39],"Understanding":[40],"life":[42,86],"cycle":[43],"attacks,":[46],"particular":[48,206],"span":[57,210],"from":[58,98,117,137],"first":[60],"last":[62],"attack":[63],"campaign,":[66],"provides":[67],"additional":[68],"insights":[69],"into":[70,163],"potential":[72],"success":[73],"these":[75],"methods.":[76],"this":[78,246],"paper,":[79],"we":[80,113,130],"present":[81],"an":[82,185],"analysis":[83],"cycles":[87],"133,667":[89],"based":[92,165],"on":[93,107,166],"publicly":[95],"available":[96],"information":[97,136],"certificates,":[99],"whois,":[100],"as":[101,103],"well":[102],"images":[104],"resources":[106],"themselves.":[111],"While":[112],"confirm":[114],"findings":[116],"previous":[118],"work,":[119],"that":[120,133,174],"many":[121],"short":[124],"lifetimes":[125],"only":[127],"days,":[129],"also":[131],"note":[132],"timing":[135],"using":[140],"public":[141],"hosting":[142],"or":[143],"compromised":[144],"infrastructure":[145],"is":[146],"far":[147],"less":[148],"accurate":[149],"dating":[151],"websites.":[156],"We":[157],"further":[158],"cluster":[159],"campaigns":[164,177,243],"patterns":[167,225],"domain":[170,227],"names,":[171],"find":[173],"detected":[176],"often":[178],"take":[179],"place":[180],"over":[181,232],"weeks,":[183],"with":[184],"average":[186],"duration":[187],"almost":[189],"12":[190],"days.":[191],"Our":[192],"results":[193],"showcase":[194],"advantages":[195],"limitations":[197],"for":[198],"early":[200],"detection":[201],"websites,":[204],"regarding":[207],"website":[216],"its":[218],"blocklist,":[222],"how":[224],"names":[228],"remain":[229],"same":[231],"period":[234],"up":[236],"weeks":[239],"analyzed":[244],"paper.":[247]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}