Phishing websites are on the rise and are hosted on compromised domains such that legitimate behavior is embedded into the designed phishing site to overcome the detection. The traditional heuristic techniques using HTTPS, search engine, Page Ranking and WHOIS information may fail in detecting phishing sites hosted on the compromised domain. Moreover, list-based techniques fail to detect phishing sites when the target website is not in the whitelisted data. In this paper, we propose a novel heuristic technique using TWSVM to detect malicious registered phishing sites and also sites which are hosted on compromised servers, to overcome the aforementioned limitations. Our technique detects the phishing websites hosted on compromised domains by comparing the log-in page and home page of the visiting website. The hyperlink and URL-based features are used to detect phishing sites which are maliciously registered. We have used different versions of support vector machines (SVMs) for the classification of phishing websites. We found that twin support vector machine classifier (TWSVM) outperformed the other versions with a significant accuracy of 98.05% and recall of 98.33%.

网上诱骗网站正在兴起并托管在受感染的域中，以便将合法行为嵌入设计的网上诱骗网站中以克服检测问题。使用HTTPS，搜索引擎，页面排名和WHOIS信息的传统启发式技术可能无法检测到受感染域中托管的网络钓鱼站点。此外，当目标网站不在白名单数据中时，基于列表的技术无法检测网络钓鱼网站。在本文中，我们提出了一种使用TWSVM来检测恶意注册的网络钓鱼站点以及托管在受感染服务器上的站点的新颖启发式技术，以克服上述限制。我们的技术通过比较访问网站的登录页面和主页来检测托管在受感染域中的网络钓鱼网站。超链接和基于URL的功能用于检测恶意注册的网络钓鱼站点。我们使用了不同版本的支持向量机（SVM）对网络钓鱼网站进行分类。我们发现，双支持向量机分类器（TWSVM）以98.05％的显着精度和98.33％的召回率优于其他版本。