This study explores the users’ web browsing behaviors that
confront phishing situations for context-aware phishing detection.
We extract discriminative features of each clicked URL, i.e.,
domain name, bag-of-words, generic Top-Level Domains, IP
address, and port number, to develop a linear chain CRF model
for users’ behavioral prediction. Large-scale experiments show
that our method achieves promising performance for predicting
the phishing threats of users’ next accesses. Error analysis
indicates that our model results in a favorably low false positive
rate. In practice, our solution is complementary to the existing
anti-phishing techniques for cost-effectively blocking phishing
threats from users’ behavioral perspectives.