Yukun Li,Zhenguo Yang,Xu Chen,Huaping Yuan,Wenyin Liu

DOI: https://doi.org/10.1016/j.future.2018.11.004

IF: 7.307

2019-05-01

Future Generation Computer Systems

Abstract:In this paper, we present a stacking model to detect phishing webpages using URL and HTML features. In terms of features, we design lightweight URL and HTML features and introduce HTML string embedding without using the third-party services, making it possible to develop real-time detection applications. Furthermore, we devise a stacking model by combining GBDT, XGBoost and LightGBM in multiple layers, which enables different models to be complementary, thus improving the performance on phishing webpage detection. In particular, we collect two real-world datasets for evaluations, named as 50K-PD and 50K-IPD, respectively. 50K-PD contains 49,947 webpages with URLs and HTML codes. 50K-IPD contains 53,103 webpages with screenshots in addition to URLs and HTML codes. The proposed approach outperforms quite a few machine learning models on multiple metrics, achieving 97.30% on accuracy, 4.46% on missing alarm rate, and 1.61% on false alarm rate on 50K-PD dataset. On 50K-IPD dataset, the proposed approach achieves 98.60% on accuracy, 1.28% on missing alarm rate, and 1.54% on false alarm rate.

Saba Aslam,Hafsa Aslam,Arslan Manzoor,Hui Chen,Abdur Rasool

DOI: https://doi.org/10.3390/sym16020248

2024-02-17

Symmetry

Abstract:The escalating reliance on revolutionary online web services has introduced heightened security risks, with persistent challenges posed by phishing despite extensive security measures. Traditional phishing systems, reliant on machine learning and manual features, struggle with evolving tactics. Recent advances in deep learning offer promising avenues for tackling novel phishing challenges and malicious URLs. This paper introduces a two-phase stack generalized model named AntiPhishStack, designed to detect phishing sites. The model leverages the learning of URLs and character-level TF-IDF features symmetrically, enhancing its ability to combat emerging phishing threats. In Phase I, features are trained on a base machine learning classifier, employing K-fold cross-validation for robust mean prediction. Phase II employs a two-layered stacked-based LSTM network with five adaptive optimizers for dynamic compilation, ensuring premier prediction on these features. Additionally, the symmetrical predictions from both phases are optimized and integrated to train a meta-XGBoost classifier, contributing to a final robust prediction. The significance of this work lies in advancing phishing detection with AntiPhishStack, operating without prior phishing-specific feature knowledge. Experimental validation on two benchmark datasets, comprising benign and phishing or malicious URLs, demonstrates the model's exceptional performance, achieving a notable 96.04% accuracy compared to existing studies. This research adds value to the ongoing discourse on symmetry and asymmetry in information security and provides a forward-thinking solution for enhancing network security in the face of evolving cyber threats.

multidisciplinary sciences

Yun Lin,Ruofan Liu,Dinil Mon Divakaran,Jun Yang Ng,Qing Zhou Chan,Yiwen Lu,Yuxuan Si,Fan Zhang,Jin Song Dong

2021-01-01

Abstract:Recent years have seen the development of phishing detection and identification approaches to defend against phishing attacks. Phishing detection solutions often report binary results, i.e., phishing or not, without any explanation. In contrast, phishing identification approaches identify phishing webpages by visually comparing webpages with predefined legitimate references and report phishing along with its target brand, thereby having explainable results. However, there are technical challenges in visual analyses that limit existing solutions from being effective (with high accuracy) and efficient (with low runtime overhead), to be put to practical use. In this work, we design a hybrid deep learning system, Phishpedia, to address two prominent technical challenges in phishing identification, i.e., (i) accurate recognition of identity logos on webpage screenshots, and (ii) matching logo variants of the same brand. Phishpedia achieves both high accuracy and low runtime overhead. And very importantly, different from common approaches, Phishpedia does not require training on any phishing samples. We carry out extensive experiments using real phishing data; the results demonstrate that Phishpedia significantly outperforms baseline identification approaches (EMD, PhishZoo, and LogoSENSE) in accurately and efficiently identifying phishing pages. We also deployed Phishpedia with CertStream service and discovered 1,704 new real phishing websites within 30 days, significantly more than other solutions; moreover, 1,133 of them are not reported by any engines in VirusTotal.

Asif Newaz,Farhan Shahriyar Haq,Nadim Ahmed

2024-03-13

Abstract:Phishing is an increasingly sophisticated form of cyberattack that is inflicting huge financial damage to corporations throughout the globe while also jeopardizing individuals' privacy. Attackers are constantly devising new methods of launching such assaults and detecting them has become a daunting task. Many different techniques have been suggested, each with its own pros and cons. While machine learning-based techniques have been most successful in identifying such attacks, they continue to fall short in terms of performance and generalizability. This paper proposes a comprehensive methodology for detecting phishing websites. The goal is to design a system that is capable of accurately distinguishing phishing websites from legitimate ones and provides generalized performance over a broad variety of datasets. A combination of feature selection, greedy algorithm, cross-validation, and deep learning methods have been utilized to construct a sophisticated stacking ensemble classifier. Extensive experimentation on four different phishing datasets was conducted to evaluate the performance of the proposed technique. The proposed algorithm outperformed the other existing phishing detection models obtaining accuracy of 97.49%, 98.23%, 97.48%, and 98.20% on dataset-1 (UCI Phishing Websites Dataset), dataset-2 (Phishing Dataset for Machine Learning: Feature Evaluation), dataset-3 (Phishing Websites Dataset), and dataset-4 (Web page phishing detection), respectively. The high accuracy values obtained across all datasets imply the models' generalizability and effectiveness in the accurate identification of phishing websites.

Cryptography and Security,Artificial Intelligence

Ali Aljofey,Qingshan Jiang,Abdur Rasool,Hui Chen,Wenyin Liu,Qiang Qu,Yang Wang

DOI: https://doi.org/10.1038/s41598-022-10841-5

IF: 4.6

2022-05-26

Scientific Reports

Abstract:Today's growing phishing websites pose significant threats due to their extremely undetectable risk. They anticipate internet users to mistake them as genuine ones in order to reveal user information and privacy, such as login ids, pass-words, credit card numbers, etc. without notice. This paper proposes a new approach to solve the anti-phishing problem. The new features of this approach can be represented by URL character sequence without phishing prior knowledge, various hyperlink information, and textual content of the webpage, which are combined and fed to train the XGBoost classifier. One of the major contributions of this paper is the selection of different new features, which are capable enough to detect 0-h attacks, and these features do not depend on any third-party services. In particular, we extract character level Term Frequency-Inverse Document Frequency (TF-IDF) features from noisy parts of HTML and plaintext of the given webpage. Moreover, our proposed hyperlink features determine the relationship between the content and the URL of a webpage. Due to the absence of publicly available large phishing data sets, we needed to create our own data set with 60,252 webpages to validate the proposed solution. This data contains 32,972 benign webpages and 27,280 phishing webpages. For evaluations, the performance of each category of the proposed feature set is evaluated, and various classification algorithms are employed. From the empirical results, it was observed that the proposed individual features are valuable for phishing detection. However, the integration of all the features improves the detection of phishing sites with significant accuracy. The proposed approach achieved an accuracy of 96.76% with only 1.39% false-positive rate on our dataset, and an accuracy of 98.48% with 2.09% false-positive rate on benchmark dataset, which outperforms the existing baseline approaches.

multidisciplinary sciences

Yanbin Wang,Weifan Zhu,Haitao Xu,Zhan Qin,Kui Ren,Wenrui Ma

DOI: https://doi.org/10.1109/ICASSP49357.2023.10095719

2023-01-01

Abstract:Phishing attacks have always been a security issue that has attracted great attention in the cyber security community. Recently, the famous pre-trained models is being used as an anti-phishing solution. However, existing studies either simply transfer models pre-trained on text to phishing detection task, or pre-train models using only extremely small phishing samples. In this paper, we propose PhishBERT, a veritable pretrained deep transformer network model for phishing URL detection. Using a tailor pre-training objective, PhishBERT obtained a general understanding of various URLs by being pretrained on a corpus of more than 3 billion unlabeled URL data. It is then transferred to the detection task of benign and malicious URL data, with supervised fine-tuning using adversarial methods. Extensive and rigorous benchmark studies verify that PhishBERT is significantly superior to the current state-of-the-art methods in terms of efficiency, robustness and accuracy on the task of phishing website detection.

Dong-Jie Liu,Guang-Gang Geng,Xiao-Bo Jin,Wei Wang

DOI: https://doi.org/10.1016/j.cose.2021.102421

2021-11-01

Abstract:Phishing has become a favorite method of hackers for committing data theft and continues to evolve. As long as phishing websites continue to operate, many more people and companies will suffer privacy leaks or financial losses. Therefore, the demand for fast and accurate phishing website detection grows stronger. However, the existing phishing detection methods do not fully analyze the features of phishing, and the performance and efficiency of the models only apply to certain limited datasets and need to be improved to be applied to the real web environment. This paper fully considers the social engineering principles of phishing, proposes a comprehensive and interpretable CASE feature framework and designs a multistage phishing detection model to effectively detect phishing sites, especially in the real web environment, where high efficiency and performance and extremely low false alarm rates are required. To fully verify the proposed method, two kinds of data experiments were carried out. One was the comparative experiments among different features and different detection models on CASE, which covers both classic machine learning and deep learning algorithms based on a constructed complex dataset. The other was a one-year phishing discovery experiment in the real web environment. The proposed method achieves better detection results under the premise of significantly shortening the execution time and works well in real phishing discovery, which proves its high practicability in reality.

computer science, information systems

Alper Ozcan,Cagatay Catal,Emrah Donmez,Behcet Senturk

DOI: https://doi.org/10.1007/s00521-021-06401-z

Abstract:Phishing is an attack targeting to imitate the official websites of corporations such as banks, e-commerce, financial institutions, and governmental institutions. Phishing websites aim to access and retrieve users' important information such as personal identification, social security number, password, e-mail, credit card, and other account information. Several anti-phishing techniques have been developed to cope with the increasing number of phishing attacks so far. Machine learning and particularly, deep learning algorithms are nowadays the most crucial techniques used to detect and prevent phishing attacks because of their strong learning abilities on massive datasets and their state-of-the-art results in many classification problems. Previously, two types of feature extraction techniques [i.e., character embedding-based and manual natural language processing (NLP) feature extraction] were used in isolation. However, researchers did not consolidate these features and therefore, the performance was not remarkable. Unlike previous works, our study presented an approach that utilizes both feature extraction techniques. We discussed how to combine these feature extraction techniques to fully utilize from the available data. This paper proposes hybrid deep learning models based on long short-term memory and deep neural network algorithms for detecting phishing uniform resource locator and evaluates the performance of the models on phishing datasets. The proposed hybrid deep learning models utilize both character embedding and NLP features, thereby simultaneously exploiting deep connections between characters and revealing NLP-based high-level connections. Experimental results showed that the proposed models achieve superior performance than the other phishing detection models in terms of accuracy metric.

Yazan Ahmad Alsariera,Victor Elijah Adeyemo,Abdullateef Oluwagbemiga Balogun,Ammar Kareem Alazzawi

DOI: https://doi.org/10.1109/access.2020.3013699

IF: 3.9

2020-01-01

IEEE Access

Abstract:Phishing is a type of social web-engineering attack in cyberspace where criminals steal valuable data or information from insensitive or uninformed users of the internet. Existing countermeasures in the form of anti-phishing software and computational methods for detecting phishing activities have proven to be effective. However, new methods are deployed by hackers to thwart these countermeasures. Due to the evolving nature of phishing attacks, the need for novel and efficient countermeasures becomes crucial as the effect of phishing attacks are often fatal and disastrous. Artificial Intelligence (AI) schemes have been the cornerstone of modern countermeasures used for mitigating phishing attacks. AI-based phishing countermeasures or methods possess their shortcomings particularly the high false alarm rate and the inability to interpret how most phishing methods perform their function. This study proposed four (4) meta-learner models (AdaBoost-Extra Tree (ABET), Bagging – Extra tree (BET), Rotation Forest – Extra Tree (RoFBET) and LogitBoost-Extra Tree (LBET)) developed using the extra-tree base classifier. The proposed AI-based meta-learners were fitted on phishing website datasets (currently with the newest features) and their performances were evaluated. The models achieved a detection accuracy not lower than 97% with a drastically low false-positive rate of not more 0.028. In addition, the proposed models outperform existing ML-based models in phishing attack detection. Hence, we recommend the adoption of meta-learners when building phishing attack detection models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Eman Abdullah Aldakheel,Mohammed Zakariah,Ghada Abdalaziz Gashgari,Fahdah A. Almarshad,Abdullah I. A. Alzahrani

DOI: https://doi.org/10.3390/s23094403

IF: 3.9

2023-04-30

Sensors

Abstract:Organizations and individuals worldwide are becoming increasingly vulnerable to cyberattacks as phishing continues to grow and the number of phishing websites grows. As a result, improved cyber defense necessitates more effective phishing detection (PD). In this paper, we introduce a novel method for detecting phishing sites with high accuracy. Our approach utilizes a Convolution Neural Network (CNN)-based model for precise classification that effectively distinguishes legitimate websites from phishing websites. We evaluate the performance of our model on the PhishTank dataset, which is a widely used dataset for detecting phishing websites based solely on Uniform Resource Locators (URL) features. Our approach presents a unique contribution to the field of phishing detection by achieving high accuracy rates and outperforming previous state-of-the-art models. Experiment results revealed that our proposed method performs well in terms of accuracy and its false-positive rate. We created a real data set by crawling 10,000 phishing URLs from PhishTank and 10,000 legitimate websites and then ran experiments using standard evaluation metrics on the data sets. This approach is founded on integrated and deep learning (DL). The CNN-based model can distinguish phishing websites from legitimate websites with a high degree of accuracy. When binary-categorical loss and the Adam optimizer are used, the accuracy of the k-nearest neighbors (KNN), Natural Language Processing (NLP), Recurrent Neural Network (RNN), and Random Forest (RF) models is 87%, 97.98%, 97.4% and 94.26%, respectively, in contrast to previous publications. Our model outperformed previous works due to several factors, including the use of more layers and larger training sizes, and the extraction of additional features from the PhishTank dataset. Specifically, our proposed model comprises seven layers, starting with the input layer and progressing to the seventh, which incorporates a layer with pooling, convolutional, linear 1 and 2, and linear six layers as the output layers. These design choices contribute to the high accuracy of our model, which achieved a 98.77% accuracy rate.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chanis, Ilias

DOI: https://doi.org/10.1007/s10207-024-00928-7

2024-11-08

International Journal of Information Security

Abstract:Phishing is the most common and potentially dangerous cyber attack that organizations are forced to deal with on a constant basis, rendering its automated detection as early as possible a necessity to ensure the security of computer systems. Focusing on the email level, this work improves content-based phishing email detection by integrating stylometric features with the commonly-used vectorization techniques, as well as by utilizing classifier stacking. Leveraging a diverse set of stylometric features, we systematically explore different methods of combining them with vectorized text as well as multiple stacking configurations for the machine learning algorithms. Our findings demonstrate that the proposed methods consistently outperform vectorization-only baselines on an imbalanced dataset, with a smaller improvement to a balanced one. Specifically, we achieved an measure of 0.9843 on the balanced set and 0.9656 on the imbalanced one by stacking multiple different classifiers that were trained on the content and stylometric features separately, improving baselines by more than 2.2% for the imbalanced dataset. As such, our work contributes to the ongoing efforts in cybersecurity by further enhancing the performance of state-of-the-art phishing email detection systems.

computer science, information systems, theory & methods, software engineering

Kalaharsha Pagadala

DOI: https://doi.org/10.48550/arXiv.2205.05121

2022-05-03

Abstract:Now-a-days, cyberattacks are increasing at an unprecedented rate. Phishing is a social engineering attack which has a massive global impact, destroying the financial and economic value of corporations, government sectors and individuals. In phishing, attackers steal users personal information such as username, passwords, debit card information and so on. In order to detect zero-hour attacks and protect end-users from these attacks, various anti-phishing techniques are developed, but the end-users have to visit the websites to know whether they are safe or not, which may lead to infecting their system. In this paper, we propose a method where end-users can detect the genuineness of the sites without visiting them. The proposed method collects legitimate and phishing URLs and extract features from them. The extracted features are given as input to six different classifiers for training and constructing the model. The classifiers used are Naive-Bayes, Logistic Regression, Random Forest,CatBoost, XGBoost and Multilayer perceptron. The method is tested by developing into an extension so that the end-users can use it when browsing. In the browser extension when the user takes the cursor over any link, a pop-up appears showing the nature of the website i.e., safe site or deceptive site and then a confirm box shows up asking the user whether they want to visit or not. The performance of the approach is tested using a dataset consisting of 2000 phishing and legitimate website URLs and the method is able to detect the sites correctly in very little time. Random-Forest is chosen for constructing the model as it gives the highest accuracy of 95%.

Cryptography and Security

Dong-Jie Liu,Guang-Gang Geng,Xin-Chang Zhang

DOI: https://doi.org/10.1016/j.eswa.2022.118305

IF: 8.5

2022-12-15

Expert Systems with Applications

Abstract:In view of semantic counterfeiting characteristics of phishing websites and their multi-scale composition, this paper fully considers the semantic information of different scales, and proposes three semantic-based phishing detection models at different depths using various deep learning methods. The proposed three models are Multi-scale Data-layer Fusion (MDF) model, Multi-scale Feature-layer Fusion (MFF) model and Multi-scale In-depth Fusion(MIF) model. Experimental results on a constructed complex dataset show that the three models all have good recognition capabilities and the MIF model achieves the best performance on a complex dataset, with an F1-Measure of 0.9830, AUC value of 0.9993 and a false positive rate of 0.0047. Then with further comparison with both visual and text methods and an active discovery experiment lasting for 6 months with 3016 phishing websites detected in the real network environment, it is found that the proposed model is both competitive and practical for real detection scenarios.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

May Almousa,Tianyang Zhang,Abdolhossein Sarrafzadeh,Mohd Anwar

DOI: https://doi.org/10.1002/spy2.256

2022-08-16

Security and Privacy

Abstract:Phishing websites are fraudulent websites that appear legitimate and trick unsuspecting users into interacting with them, stealing their valuable information. Because phishing attacks are a leading cause of data breach, different anti‐phishing solutions have been explored for cybersecurity management including machine learning‐based technical approaches. However, there is a gap in understanding how robust deep learning‐based models together with hyperparameter optimization are for phishing website detection. In this vein, this study pursues the tasks of developing parsimonious deep learning models and hyperparameter optimization to achieve high accuracy and reproducible results for phishing website detection. This paper demonstrates a systematic process of building detection models based on three deep learning algorithm architectures (Long Short‐Term Memory‐based detection models, Fully Connected Deep Neural Network‐based detection models, and convolutional neural network‐based detection models) that are built and evaluated using four publicly available phishing website datasets, achieving the best accuracy of 97.37%. We also compared two different optimization algorithms for hyperparameter optimization: Grid Search and Genetic Algorithm, which contributed to 0.1%–1% increase in accuracy.

English Else

Weibo Chu,Bin B. Zhu,Feng Xue,Xiaohong Guan,Zhongmin Cai

DOI: https://doi.org/10.1109/ICC.2013.6654816

2013-01-01

Abstract:Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.

Rundong Yang,Kangfeng Zheng,Bin Wu,Chunhua Wu,Xiujuan Wang

DOI: https://doi.org/10.3390/s21248281

IF: 3.9

2021-12-10

Sensors

Abstract:Phishing has become one of the biggest and most effective cyber threats, causing hundreds of millions of dollars in losses and millions of data breaches every year. Currently, anti-phishing techniques require experts to extract phishing sites features and use third-party services to detect phishing sites. These techniques have some limitations, one of which is that extracting phishing features requires expertise and is time-consuming. Second, the use of third-party services delays the detection of phishing sites. Hence, this paper proposes an integrated phishing website detection method based on convolutional neural networks (CNN) and random forest (RF). The method can predict the legitimacy of URLs without accessing the web content or using third-party services. The proposed technique uses character embedding techniques to convert URLs into fixed-size matrices, extract features at different levels using CNN models, classify multi-level features using multiple RF classifiers, and, finally, output prediction results using a winner-take-all approach. On our dataset, a 99.35% accuracy rate was achieved using the proposed model. An accuracy rate of 99.26% was achieved on the benchmark data, much higher than that of the existing extreme model.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Pingfan Xu

DOI: https://doi.org/10.48550/arXiv.2109.02138

2021-09-05

Cryptography and Security

Abstract:Phishing attacks are among emerging security issues that recently draws significant attention in the cyber security community. There are numerous existing approaches for phishing URL detection. However, malicious URL detection is still a research hotspot because attackers can bypass newly introduced detection mechanisms by changing their tactics. This paper will introduce a transformer-based malicious URL detection model, which has significant accuracy and outperforms current detection methods. We conduct experiments and compare them with six existing classical detection models. Experiments demonstrate that our transformer-based model is the best performing model from all perspectives among the seven models and achieves 97.3 % of detection accuracy.

Furkan Çolhak,Mert İlhan Ecevit,Bilal Emir Uçar,Reiner Creutzburg,Hasan Dağ

2024-07-10

Abstract:The way we communicate and work has changed significantly with the rise of the Internet. While it has opened up new opportunities, it has also brought about an increase in cyber threats. One common and serious threat is phishing, where cybercriminals employ deceptive methods to steal sensitive information.This study addresses the pressing issue of phishing by introducing an advanced detection model that meticulously focuses on HTML content. Our proposed approach integrates a specialized Multi-Layer Perceptron (MLP) model for structured tabular data and two pretrained Natural Language Processing (NLP) models for analyzing textual features such as page titles and content. The embeddings from these models are harmoniously combined through a novel fusion process. The resulting fused embeddings are then input into a linear classifier. Recognizing the scarcity of recent datasets for comprehensive phishing research, our contribution extends to the creation of an up-to-date dataset, which we openly share with the community. The dataset is meticulously curated to reflect real-life phishing conditions, ensuring relevance and applicability. The research findings highlight the effectiveness of the proposed approach, with the CANINE demonstrating superior performance in analyzing page titles and the RoBERTa excelling in evaluating page content. The fusion of two NLP and one MLP model,termed MultiText-LP, achieves impressive results, yielding a 96.80 F1 score and a 97.18 accuracy score on our research dataset. Furthermore, our approach outperforms existing methods on the CatchPhish HTML dataset, showcasing its efficacies.

Cryptography and Security,Artificial Intelligence

Bingyang Guo,Yunyi Zhang,Chengxi Xu,Fan Shi,Yuwei Li,Min Zhang

DOI: https://doi.org/10.3390/app11209733

2021-01-01

Applied Sciences

Abstract:Internet users have suffered from phishing attacks for a long time. Attackers deceive users through malicious constructed phishing websites to steal sensitive information, such as bank account numbers, website usernames, and passwords. In recent years, many phishing detection solutions have been proposed, which mainly leverage whitelists or blacklists, website content, or side channel-based techniques. However, with the continuous improvement of phishing technology, current methods have difficulty in achieving effective detection. Hence, in this paper, we propose an effective phishing website detection approach, which we call HinPhish. HinPhish extracts various link relationships from webpages and uses domains and resource objects to construct a heterogeneous information network. HinPhish applies a modified algorithm to leverage the characteristics of different link types in order to calculate the phish-score of the target domain on the webpage. Moreover, HinPhish not only improves the accuracy of detection, but also can increase the phishing cost for attackers. Extensive experimental results demonstrate that HinPhish can achieve an accuracy of 0.9856 and F1-score of 0.9858.