Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and base-rate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

中文翻译：

---

SoK：从安全角度全面重新审视网络钓鱼研究

网络钓鱼和鱼叉式网络钓鱼是伪装攻击的典型例子，因为信任是通过模仿来建立的，攻击才能成功。鉴于这些攻击的普遍性，已经从多个维度对这些问题进行了大量研究。我们从安全领域的独特需求的角度重新审视现有关于网络钓鱼和鱼叉式网络钓鱼的研究，我们称之为安全挑战：实时检测、主动攻击者、数据集质量和基本速率谬误。我们解释了这些挑战，然后根据这些挑战调查了现有的网络钓鱼/鱼叉式网络钓鱼解决方案。这一观点整合了文献并阐明了改进现有解决方案的几个机会。我们根据针对不同攻击向量（例如，URL、网站、电子邮件）以及对用户意识的研究。对于检测技术，我们检查数据集的属性、特征提取、使用的检测算法和性能评估指标。这项工作有助于指导为未来的网络钓鱼、鱼叉式网络钓鱼和电子邮件伪装攻击开发更有效的防御措施，并为全面评估和比较提供一个框架。