Aditya Kulkarni,Vivek Balachandran,Dinil Mon Divakaran,Tamal Das

2024-01-16

Abstract:The widespread accessibility of the Internet has led to a surge in online fraudulent activities, underscoring the necessity of shielding users' sensitive information from cybercriminals. Phishing, a well-known cyberattack, revolves around the creation of phishing webpages and the dissemination of corresponding URLs, aiming to deceive users into sharing their sensitive information, often for identity theft or financial gain. Various techniques are available for preemptively categorizing zero-day phishing URLs by distilling unique attributes and constructing predictive models. However, these existing techniques encounter unresolved issues. This proposal delves into persistent challenges within phishing detection solutions, particularly concentrated on the preliminary phase of assembling comprehensive datasets, and proposes a potential solution in the form of a tool engineered to alleviate bias in ML models. Such a tool can generate phishing webpages for any given set of legitimate URLs, infusing randomly selected content and visual-based phishing features. Furthermore, we contend that the tool holds the potential to assess the efficacy of existing phishing detection solutions, especially those trained on confined datasets.

Cryptography and Security

Abdullah Fajar,Setiadi Yazid,Indra Budi

2024-11-11

Abstract:Phishing attacks remain a persistent threat to online security, demanding robust detection methods. This study investigates the use of machine learning to identify phishing URLs, emphasizing the crucial role of feature selection and model interpretability for improved performance. Employing Recursive Feature Elimination, the research pinpointed key features like "length_url," "time_domain_activation" and "Page_rank" as strong indicators of phishing attempts. The study evaluated various algorithms, including CatBoost, XGBoost, and Explainable Boosting Machine, assessing their robustness and scalability. XGBoost emerged as highly efficient in terms of runtime, making it well-suited for large datasets. CatBoost, on the other hand, demonstrated resilience by maintaining high accuracy even with reduced features. To enhance transparency and trustworthiness, Explainable AI techniques, such as SHAP, were employed to provide insights into feature importance. The study's findings highlight that effective feature selection and model interpretability can significantly bolster phishing detection systems, paving the way for more efficient and adaptable defenses against evolving cyber threats

Cryptography and Security,Artificial Intelligence

Yun Lin,Ruofan Liu,Dinil Mon Divakaran,Jun Yang Ng,Qing Zhou Chan,Yiwen Lu,Yuxuan Si,Fan Zhang,Jin Song Dong

2021-01-01

Abstract:Recent years have seen the development of phishing detection and identification approaches to defend against phishing attacks. Phishing detection solutions often report binary results, i.e., phishing or not, without any explanation. In contrast, phishing identification approaches identify phishing webpages by visually comparing webpages with predefined legitimate references and report phishing along with its target brand, thereby having explainable results. However, there are technical challenges in visual analyses that limit existing solutions from being effective (with high accuracy) and efficient (with low runtime overhead), to be put to practical use. In this work, we design a hybrid deep learning system, Phishpedia, to address two prominent technical challenges in phishing identification, i.e., (i) accurate recognition of identity logos on webpage screenshots, and (ii) matching logo variants of the same brand. Phishpedia achieves both high accuracy and low runtime overhead. And very importantly, different from common approaches, Phishpedia does not require training on any phishing samples. We carry out extensive experiments using real phishing data; the results demonstrate that Phishpedia significantly outperforms baseline identification approaches (EMD, PhishZoo, and LogoSENSE) in accurately and efficiently identifying phishing pages. We also deployed Phishpedia with CertStream service and discovered 1,704 new real phishing websites within 30 days, significantly more than other solutions; moreover, 1,133 of them are not reported by any engines in VirusTotal.

Nematullah Noori,Vyenkatesh Bawanthad,Mayur Pakhare,Ramashray Agrawal,Vinod Kimbahune

DOI: https://doi.org/10.22214/ijraset.2023.52342

2023-05-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Phishing attacks continue to pose a major threat for computer system defenders, often forming the first step in a multistage attack. There have been great strides made in phishing detection; however,some phishing emails appear to pass through filters by making simple structural and semantic changes to the messages. We tackle this problem through the use of a machine learning classifier operating on a large corpus of phishing and legitimate emails. We design a system to extract features, elevating some to higherlevel feature, that are meant to defeat common phishing email detection strategies. This paper presents an approach to detect phishing URLs in an efficient way based on URL features only. For detecting the phishing URLs SVM classifier is used. The performances are evaluated for different size of datasets using different number of features. The results are compared with other machine learning classification techniques. The proposed system is able to detect phishing websites using URL features only.

Ali Aljofey,Qingshan Jiang,Abdur Rasool,Hui Chen,Wenyin Liu,Qiang Qu,Yang Wang

DOI: https://doi.org/10.1038/s41598-022-10841-5

IF: 4.6

2022-05-26

Scientific Reports

Abstract:Today's growing phishing websites pose significant threats due to their extremely undetectable risk. They anticipate internet users to mistake them as genuine ones in order to reveal user information and privacy, such as login ids, pass-words, credit card numbers, etc. without notice. This paper proposes a new approach to solve the anti-phishing problem. The new features of this approach can be represented by URL character sequence without phishing prior knowledge, various hyperlink information, and textual content of the webpage, which are combined and fed to train the XGBoost classifier. One of the major contributions of this paper is the selection of different new features, which are capable enough to detect 0-h attacks, and these features do not depend on any third-party services. In particular, we extract character level Term Frequency-Inverse Document Frequency (TF-IDF) features from noisy parts of HTML and plaintext of the given webpage. Moreover, our proposed hyperlink features determine the relationship between the content and the URL of a webpage. Due to the absence of publicly available large phishing data sets, we needed to create our own data set with 60,252 webpages to validate the proposed solution. This data contains 32,972 benign webpages and 27,280 phishing webpages. For evaluations, the performance of each category of the proposed feature set is evaluated, and various classification algorithms are employed. From the empirical results, it was observed that the proposed individual features are valuable for phishing detection. However, the integration of all the features improves the detection of phishing sites with significant accuracy. The proposed approach achieved an accuracy of 96.76% with only 1.39% false-positive rate on our dataset, and an accuracy of 98.48% with 2.09% false-positive rate on benchmark dataset, which outperforms the existing baseline approaches.

multidisciplinary sciences

Ammar Odeh,Qasem Abu Al-Haija,Abdullah Aref,Anas Abu Taleb

DOI: https://doi.org/10.58346/jisis.2023.i4.001

2023-12-02

Abstract:Phishing via URLs involves cyber attackers crafting deceptive websites or emails, mimicking genuine entities like banks or social media outlets. The objective is to dupe users into divulging personal data, such as their passwords or card numbers. This study assesses the potential of machine learning in identifying phishing domains by constructing and contrasting three distinct models. These models, crafted using CatBoost, XGBoost, and LightGBM techniques, are then juxtaposed against prior solutions documented in academic literature. We employed the UCI phishing domains dataset, sourced from URLs, as a performance benchmark for our models. Findings indicate that the model built on CatBoost outperforms its counterparts and also surpasses earlier documented methods.

Ala Mughaid,Shadi AlZu'bi,Adnan Hnaif,Salah Taamneh,Asma Alnajjar,Esraa Abu Elsoud

DOI: https://doi.org/10.1007/s10586-022-03604-4

Abstract:Recently, phishing attacks have become one of the most prominent social engineering attacks faced by public internet users, governments, and businesses. In response to this threat, this paper proposes to give a complete vision to what Machine learning is, what phishers are using to trick gullible users with different types of phishing attacks techniques and based on our survey that phishing emails is the most effective on the targeted sectors and users which we are going to compare as well. Therefore, more effective phishing detection technology is needed to curb the threat of phishing emails that are growing at an alarming rate in recent years, thus will discuss the techniques of mitigation of phishing by Machine learning algorithms and technical solutions that have been proposed to mitigate the problem of phishing and valuable awareness knowledge users should be aware to detect and prevent from being duped by phishing scams. In this work, we proposed a detection model using machine learning techniques by splitting the dataset to train the detection model and validating the results using the test data , to capture inherent characteristics of the email text, and other features to be classified as phishing or non-phishing using three different data sets, After making a comparison between them, we obtained that the most number of features used the most accurate and efficient results achieved. the best ML algorithm accuracy were 0.88, 1.00, and 0.97 consecutively for boosted decision tree on the applied data sets.

Noura Fahad Almujahid,Mohd Anul Haq,Mohammed Alshehri

DOI: https://doi.org/10.7717/peerj-cs.2131

2024-06-24

PeerJ Computer Science

Abstract:The advent of Internet technologies has resulted in the proliferation of electronic trading and the use of the Internet for electronic transactions, leading to a rise in unauthorized access to sensitive user information and the depletion of resources for enterprises. As a consequence, there has been a marked increase in phishing, which is now considered one of the most common types of online theft. Phishing attacks are typically directed towards obtaining confidential information, such as login credentials for online banking platforms and sensitive systems. The primary objective of such attacks is to acquire specific personal information to either use for financial gain or commit identity theft. Recent studies have been conducted to combat phishing attacks by examining domain characteristics such as website addresses, content on websites, and combinations of both approaches for the website and its source code. However, businesses require more effective anti-phishing technologies to identify phishing URLs and safeguard their users. The present research aims to evaluate the effectiveness of eight machine learning (ML) and deep learning (DL) algorithms, including support vector machine (SVM), k-nearest neighbors (KNN), random forest (RF), Decision Tree (DT), Extreme Gradient Boosting (XGBoost), logistic regression (LR), convolutional neural network (CNN), and DL model and assess their performances in identifying phishing. This study utilizes two real datasets, Mendeley and UCI, employing performance metrics such as accuracy, precision, recall, false positive rate (FPR), and F-1 score. Notably, CNN exhibits superior accuracy, emphasizing its efficacy. Contributions include using purpose-specific datasets, meticulous feature engineering, introducing SMOTE for class imbalance, incorporating the novel CNN model, and rigorous hyperparameter tuning. The study demonstrates consistent model performance across both datasets, highlighting stability and reliability.

computer science, information systems, artificial intelligence, theory & methods

Asif Newaz,Farhan Shahriyar Haq,Nadim Ahmed

2024-03-13

Abstract:Phishing is an increasingly sophisticated form of cyberattack that is inflicting huge financial damage to corporations throughout the globe while also jeopardizing individuals' privacy. Attackers are constantly devising new methods of launching such assaults and detecting them has become a daunting task. Many different techniques have been suggested, each with its own pros and cons. While machine learning-based techniques have been most successful in identifying such attacks, they continue to fall short in terms of performance and generalizability. This paper proposes a comprehensive methodology for detecting phishing websites. The goal is to design a system that is capable of accurately distinguishing phishing websites from legitimate ones and provides generalized performance over a broad variety of datasets. A combination of feature selection, greedy algorithm, cross-validation, and deep learning methods have been utilized to construct a sophisticated stacking ensemble classifier. Extensive experimentation on four different phishing datasets was conducted to evaluate the performance of the proposed technique. The proposed algorithm outperformed the other existing phishing detection models obtaining accuracy of 97.49%, 98.23%, 97.48%, and 98.20% on dataset-1 (UCI Phishing Websites Dataset), dataset-2 (Phishing Dataset for Machine Learning: Feature Evaluation), dataset-3 (Phishing Websites Dataset), and dataset-4 (Web page phishing detection), respectively. The high accuracy values obtained across all datasets imply the models' generalizability and effectiveness in the accurate identification of phishing websites.

Cryptography and Security,Artificial Intelligence

Alper Ozcan,Cagatay Catal,Emrah Donmez,Behcet Senturk

DOI: https://doi.org/10.1007/s00521-021-06401-z

Abstract:Phishing is an attack targeting to imitate the official websites of corporations such as banks, e-commerce, financial institutions, and governmental institutions. Phishing websites aim to access and retrieve users' important information such as personal identification, social security number, password, e-mail, credit card, and other account information. Several anti-phishing techniques have been developed to cope with the increasing number of phishing attacks so far. Machine learning and particularly, deep learning algorithms are nowadays the most crucial techniques used to detect and prevent phishing attacks because of their strong learning abilities on massive datasets and their state-of-the-art results in many classification problems. Previously, two types of feature extraction techniques [i.e., character embedding-based and manual natural language processing (NLP) feature extraction] were used in isolation. However, researchers did not consolidate these features and therefore, the performance was not remarkable. Unlike previous works, our study presented an approach that utilizes both feature extraction techniques. We discussed how to combine these feature extraction techniques to fully utilize from the available data. This paper proposes hybrid deep learning models based on long short-term memory and deep neural network algorithms for detecting phishing uniform resource locator and evaluates the performance of the models on phishing datasets. The proposed hybrid deep learning models utilize both character embedding and NLP features, thereby simultaneously exploiting deep connections between characters and revealing NLP-based high-level connections. Experimental results showed that the proposed models achieve superior performance than the other phishing detection models in terms of accuracy metric.

Naveen Palanichamy,Yoga Shri Murti

DOI: https://doi.org/10.18080/jtde.v11n3.778

2023-09-30

Journal of Telecommunications and the Digital Economy

Abstract:Phishing emails pose a severe risk to online users, necessitating effective identification methods to safeguard digital communication. Detection techniques are continuously researched to address the evolution of phishing strategies. Machine learning (ML) is a powerful tool for automated phishing email detection, but existing techniques like support vector machines and Naive Bayes have proven slow or ineffective in handling spam filtering. This study attempts to provide a phishing email detector and reliable classifier using a hybrid machine classifier with term frequency-inverse document frequency (TF-IDF) and an effective feature extraction technique (FET) on a real-world dataset from Kaggle. Exploratory data analysis is conducted to enhance understanding of the dataset and identify any conspicuous errors and outliers to facilitate the detection process. The FET converts the data text into a numerical representation that can be used for ML algorithms. The model’s performance is evaluated using accuracy, precision, recall, F1 score, receiver operating characteristic (ROC) curve and area under the ROC curve metrics. The research findings indicate that the hybrid model utilising TF-IDF achieved superior performance, with an accuracy of 87.5%. The paper offers valuable knowledge on using ML to identify phishing emails and highlights the importance of combining various models.

Sagnik Anupam,Arpan Kumar Kar

DOI: https://doi.org/10.1007/s11235-020-00739-w

2020-11-19

Telecommunication Systems

Abstract:Phishing websites are amongst the biggest threats Internet users face today, and existing methods like blacklisting, using SSL certificates, etc. often fail to keep up with the increasing number of threats. This paper aims to utilise different properties of a website URL, and use a machine learning model to classify websites as phishing and non-phishing. These properties include the IP address length, the authenticity of the HTTPs request being sent by the website, usage of pop-up windows to enter data, Server Form Handler status, etc. A Support Vector Machine binary classifier trained on an existing dataset has been used to predict if a website was a legitimate website or not, by finding an optimum hyperplane to separate the two categories. This optimum hyperplane is found with the help of four optimization algorithms, the Bat Algorithm, the Firefly Algorithm, the Grey Wolf Optimiser algorithm and the Whale Optimization Algorithm, which are inspired by various natural phenomena. Amongst the four nature-inspired optimization algorithms, it has been determined that the Grey Wolf Optimiser algorithm's performance is significantly better than that of the Firefly Algorithm, but there is no significant difference while comparing the performance of any other pair of algorithms. However, all four nature-inspired optimization algorithms perform significantly better than the grid-search optimized Random Forest classifier model described in earlier research.

telecommunications

Saleem Raja Abdul Samad,Sundarvadivazhagan Balasubaramanian,Amna Salim Al-Kaabi,Bhisham Sharma,Subrata Chowdhury,Abolfazl Mehbodniya,Julian L. Webber,Ali Bostani

DOI: https://doi.org/10.3390/electronics12071642

IF: 2.9

2023-03-31

Electronics

Abstract:Phishing leverages people's tendency to share personal information online. Phishing attacks often begin with an email and can be used for a variety of purposes. The cybercriminal will employ social engineering techniques to get the target to click on the link in the phishing email, which will take them to the infected website. These attacks become more complex as hackers personalize their fraud and provide convincing messages. Phishing with a malicious URL is an advanced kind of cybercrime. It might be challenging even for cautious users to spot phishing URLs. The researchers displayed different techniques to address this challenge. Machine learning models improve detection by using URLs, web page content and external features. This article presents the findings of an experimental study that attempted to enhance the performance of machine learning models to obtain improved accuracy for the two phishing datasets that are used the most commonly. Three distinct types of tuning factors are utilized, including data balancing, hyper-parameter optimization and feature selection. The experiment utilizes the eight most prevalent machine learning methods and two distinct datasets obtained from online sources, such as the UCI repository and the Mendeley repository. The result demonstrates that data balance improves accuracy marginally, whereas hyperparameter adjustment and feature selection improve accuracy significantly. The performance of machine learning algorithms is improved by combining all fine-tuned factors, outperforming existing research works. The result shows that tuning factors enhance the efficiency of machine learning algorithms. For Dataset-1, Random Forest (RF) and Gradient Boosting (XGB) achieve accuracy rates of 97.44% and 97.47%, respectively. Gradient Boosting (GB) and Extreme Gradient Boosting (XGB) achieve accuracy values of 98.27% and 98.21%, respectively, for Dataset-2.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ahana Nandi Tultul,Romana Afroz,Md Alomgir Hossain

DOI: https://doi.org/10.11591/ijeecs.v28.i3.pp1640-1648

2022-12-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:We are using cyberspace for completing our daily life activities because of the growth of Internet. Attackers use some approachs, such as phishing, with the use of false websites to collect personal information of users. Although, software companies launch products to prevent phishing attacks, identifying a webpage as legitimate or phishing, is a very defficult and these products cannot protect from attacks. In this paper, an anti-phishing system has been introduced that can extract feature from website’s URL as instant basis and use four classification algorithms named as K-Nearest neighbor, decision tree, support vector machine, random forest on these features. According to the comparison of the experimental results from these algorithms, random forest algorithm with the selected features gives the highest performance with the 95.67% accuracy rate. Then we have used one deep learning algorithm as enhanced of our experiment named as deep neural decision forests which have given performance with the 92.67% accuracy rate. Then we have created a system which can extract the features from raw URL and pass the features to our deep neural decision forest trained model and can classify the URL as Phishing or legitimate.

Amol Babaso Majgave,Nitin L. Gavankar

DOI: https://doi.org/10.1016/j.cose.2024.104071

IF: 5.105

2024-08-28

Computers & Security

Abstract:In the digitally connected world cybersecurity is paramount, phishing where attackers pose as trusted entities to steal sensitive data, looms large. The proliferation of phishing attacks on the internet poses a substantial threat to individuals and organizations, compromising sensitive information and causing financial and reputational damage. This study's goal is to establish an automated system for the early detection and prevention of phishing websites, thereby enhancing online security and protecting users from cyber threats. This research initially employs One Hot Encoding (OHE) mechanism-based pre-processing mechanism that converts every URL string into a numerical vector with a particular dimension. This study utilizes two feature selection techniques which are transfer learning-based feature extraction using DarkNet19 and Variational Autoencoder (VAE) to select the value of the most important feature. The robust security mechanisms are presented to prevent phishing attacks and safeguard personal information on websites. List-based deep learning-based systems to prevent and detect phishing URLs more efficiently. The study proposes a transformer-based Deep Belief Network (TB-DBN), a veritable pre-trained deep transformer network model for phishing behaviour detection. A cross-validation technique with grid search hyper-parameter tuning based on the Intelligence Binary Bat Algorithm (IBBA) was designed using the proposed hybrid model. Predictions were made to classify the phishing URLs using a probabilistic estimation guided boosting classifier model and evaluate their performance in terms of accuracy, precision, recall, specificity, and F1- score. The risk level associated with the URL will be assessed based on various factors, such as the source's reputation, content analysis results, and behavioural anomalies. The computational complexity of DL model training is influenced by various factors, such as the model's complexity, the training data's size, and the optimization algorithm exploited, for training. The outcome demonstrates that tweaking variables increases the effectiveness of Python-based deep learning systems. The findings of the proposed method excel, achieving an accuracy of 99.4%, precision of 99.2%, recall of 99.3%, and an F1-score of 99.2%. This innovative automatic phishing website detection and prevention model, based on a Transformer-based Deep Belief Network, offers advanced accuracy and adaptability, strengthening cybersecurity measures to safeguard sensitive user information and mitigate the substantial threat of phishing attacks in the digitally connected world.

computer science, information systems

Lizhen Tang,Qusay H. Mahmoud

DOI: https://doi.org/10.3390/make3030034

2021-08-20

Machine Learning and Knowledge Extraction

Abstract:With the development of the Internet, network security has aroused people’s attention. It can be said that a secure network environment is a basis for the rapid and sound development of the Internet. Phishing is an essential class of cybercriminals which is a malicious act of tricking users into clicking on phishing links, stealing user information, and ultimately using user data to fake logging in with related accounts to steal funds. Network security is an iterative issue of attack and defense. The methods of phishing and the technology of phishing detection are constantly being updated. Traditional methods for identifying phishing links rely on blacklists and whitelists, but this cannot identify new phishing links. Therefore, we need to solve how to predict whether a newly emerging link is a phishing website and improve the accuracy of the prediction. With the maturity of machine learning technology, prediction has become a vital ability. This paper offers a state-of-the-art survey on methods for phishing website detection. It starts with the life cycle of phishing, introduces common anti-phishing methods, mainly focuses on the method of identifying phishing links, and has an in-depth understanding of machine learning-based solutions, including data collection, feature extraction, modeling, and evaluation performance. This paper provides a detailed comparison of various solutions for phishing website detection.

Kalaharsha Pagadala

DOI: https://doi.org/10.48550/arXiv.2205.05121

2022-05-03

Abstract:Now-a-days, cyberattacks are increasing at an unprecedented rate. Phishing is a social engineering attack which has a massive global impact, destroying the financial and economic value of corporations, government sectors and individuals. In phishing, attackers steal users personal information such as username, passwords, debit card information and so on. In order to detect zero-hour attacks and protect end-users from these attacks, various anti-phishing techniques are developed, but the end-users have to visit the websites to know whether they are safe or not, which may lead to infecting their system. In this paper, we propose a method where end-users can detect the genuineness of the sites without visiting them. The proposed method collects legitimate and phishing URLs and extract features from them. The extracted features are given as input to six different classifiers for training and constructing the model. The classifiers used are Naive-Bayes, Logistic Regression, Random Forest,CatBoost, XGBoost and Multilayer perceptron. The method is tested by developing into an extension so that the end-users can use it when browsing. In the browser extension when the user takes the cursor over any link, a pop-up appears showing the nature of the website i.e., safe site or deceptive site and then a confirm box shows up asking the user whether they want to visit or not. The performance of the approach is tested using a dataset consisting of 2000 phishing and legitimate website URLs and the method is able to detect the sites correctly in very little time. Random-Forest is chosen for constructing the model as it gives the highest accuracy of 95%.

Cryptography and Security

Jian Feng,Lianyang Zou,Ou Ye,Jingzhou Han

DOI: https://doi.org/10.1109/access.2020.3043188

IF: 3.9

2020-01-01

IEEE Access

Abstract:Phishing is a kind of online attack that attempts to defraud sensitive information of network users. Current phishing webpage detection methods mainly use manual feature collection, and there are problems that feature extraction is complicated and the possible correlation between features cannot be avoided. To solve the problems, a new phishing webpage detection model is proposed, among which the main components are automatic learning representations from multi-aspects features through representation learning and extracting features by hybrid deep learning network. Firstly, the model treats URL, HTML page content, and DOM (Document Object Model) structure of webpages as character sequences respectively, and uses representation learning technology to automatically learn the representation of the webpages; then, sends multiple representations to a hybrid deep learning network composed of a convolutional neural network and a bidirectional long and short-term memory network through different channels to extract local and global features, and use the attention mechanism to strengthen the influence of important features; finally, the output of multiple channels is fused to realize classification prediction. Through four sets of experiments to verify the detection effect of the model, the results show that the overall classification effect of the model is better than the existing classic phishing webpage detection methods, the accuracy reaches 99.05%, and the false positive rate is only 0.25%. It is proved that the strategies of extracting webpage features from all aspects through representation learning and hybrid deep learning network can effectively improve the detection effect of phishing webpages.

computer science, information systems,telecommunications,engineering, electrical & electronic

L. Lakshmi,M. Purushotham Reddy,Chukka Santhaiah,U. Janardhan Reddy

DOI: https://doi.org/10.1007/s11277-021-08196-7

IF: 2.017

2021-03-07

Wireless Personal Communications

Abstract:Phishing is the process of portraying malignant web pages in the place of genuine web pages to obtain important and delicate information from the end-user. Nowadays phishing is considered as one of the most serious threats to web security. Most of the existing techniques for phishing detection use Bayesian classification for differentiating malignant web pages from genuine web pages. These methods work well if a dataset contains less no of web pages and they provide accuracy up to 90 percent. In recent years the size of the web is increasing tremendously and the existing methods have not provideda good enough accuracy for large datasets. So this paper proffers an innovative approach to identify phishing websites using hyperlinks available in the source code of the HTML page in the corresponding website. The proposed method uses a feature vector with 30 parameters to detect malignant web pages. These features are used in training the supervised Deep Neural Network model with Adam optimizer for differentiating fraudulent websites from genuine websites. The proposed deep learning model with Adam Optimizer uses a Listwise approach to classify phishing websites and genuine websites. The performance of the proposed approach is decent when compared to other traditional machine learning approaches like SVM, Adaboost, AdaRank. The results show that the proposed approach provides more accurate results in detecting phishing websites.

telecommunications

Luka Jovanovic,Dijana Jovanovic,Milos Antonijevic,Bosko Nikolic,Nebojsa Bacanin,Miodrag Zivkovic,Ivana Strumberger

DOI: https://doi.org/10.13052/jwe1540-9589.2237

2023-07-03

Journal of Web Engineering

Abstract:In the last few decades, the World Wide Web has become a necessity that offers numerous services to end users. The number of online transactions increases daily, as well as that of malicious actors. Machine learning plays a vital role in the majority of modern solutions. To further improve Web security, this paper proposes a hybrid approach based on the eXtreme Gradient Boosting (XGBoost) machine learning model optimized by an improved version of the well-known metaheuristics algorithm. In this research, the improved firefly algorithm is employed in the two-tier framework, which was also developed as part of the research, to perform both the feature selection and adjustment of the XGBoost hyper-parameters. The performance of the introduced hybrid model is evaluated against three instances of well-known publicly available phishing website datasets. The performance of novel introduced algorithms is additionally compared against cutting-edge metaheuristics that are utilized in the same framework. The first two datasets were provided by Mendeley Data, while the third was acquired from the University of California, Irvine machine learning repository. Additionally, the best performing models have been subjected to SHapley Additive exPlanations (SHAP) analysis to determine the impact of each feature on model decisions. The obtained results suggest that the proposed hybrid solution achieves a superior performance level in comparison to other approaches, and that it represents a perspective solution in the domain of web security.

computer science, theory & methods, software engineering