Yufeng Xu,Lun Zhang,Turan Vural,Peng Qian,Yanbin Wang,Yuqing Fan,Ming Li,Xueyan Tang,Zheng Cao

DOI: https://doi.org/10.1145/3650400.3650499

2023-01-01

Abstract:Due to the decentralized and transparent characteristics of the blockchain ecosystem, malicious activities such as phishing scams on the Ethereum platform result in significant financial losses for users. The current methods for detecting phishing largely rely on analyzing original transactions, which makes uncovering hidden transaction patterns challenging. To tackle this limitation, we introduce the Spatio-Temporal Fusion Network (STFN) designed to identify phishing scams on the Ethereum network. Specifically, STFN incorporates two key components: the transactions subgraph encoder for formalizing spatial features, and the transaction sequence BERT encoder for capturing temporal features. By fusing these spatio-temporal features, we facilitate their integration into a machine learning algorithm for classifying phishing accounts. The experimental outcomes underscore the effectiveness of the STFN, achieving an AUC of 93.26% and a Recall of 94.53%, outperforming previous methods for Ethereum phishing detection.

Yu Chen,Yajian Zhou,Qingqing Dong,Qi Li

DOI: https://doi.org/10.1109/TOCS50858.2020.9339761

2020-01-01

Abstract:In recent years, phishing events occur frequently, and the detection of phishing URL has become a common concern in the field of network security. In previous studies, researchers distinguish phishing URLs from normal URLs by the string characteristics. However, this method is difficult to achieve efficient detection accuracy in the case of attacker's forgery of URL features. In this paper, we propose a phishing URL detection method based on URL content. Firstly, the simple features are used for preliminary screening, and then, the URLs that cannot be distinguished by simple features are input into the simulation environment to obtain the page content. Finally, the method based on CNN is used to detect malicious URLs based on the page content. Experiments show that our method can achieve satisfying detection accuracy.

Manika Nanda,Shivani Goel

DOI: https://doi.org/10.1007/s11042-023-17993-0

IF: 2.577

2024-01-31

Multimedia Tools and Applications

Abstract:Phishing is an attack that attempts to replicate the official websites of businesses, including government agencies, financial institutions, e-commerce platforms, and banks. These fraudulent websites aim to obtain sensitive information from users, such as credit card numbers, email addresses, passwords, and personal identities. In response to the increasing number of phishing assaults, several anti-phishing strategies have been developed. However, existing techniques often fail to extract the most crucial features, leading to potential misclassification. Additionally, the complex algorithms employed result in high response times. To address these challenges, this paper proposes a novel approach called Bidirectional Long Short-Term Memory based Gated Highway Attention block Convolutional Neural Network (BiLSTM-GHA-CNN) for detecting phishing URLs. The BiLSTM captures contextual features, while the CNN extracts salient features. The integration of the highway network into the BiLSTM-CNN architecture enables the capture of significant features with rapid convergence. Furthermore, a gating mechanism is employed to weigh the output features of the CNN and BiLSTM. Five datasets from diverse sources such as Phish Tank and Open Phish were created for experimentation. The results demonstrate that BiLSTM-GHA-CNN achieves superior detection accuracy, precision recall, and F1-score compared to state-of-the-art techniques. Moreover, the proposed system significantly reduces the response time to a remarkable 12.46 ms.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xi Xiao,Wentao Xiao,Dianyan Zhang,Bin Zhang,Guangwu Hu,Qing Li,Shutao Xia

DOI: https://doi.org/10.1016/j.cose.2021.102372

IF: 5.105

2021-01-01

Computers & Security

Abstract:Phishing websites belong to a social engineering attack where perpetrators fake legitimate websites to lure people to access so as to illegally acquire user’s identity, password, privacy and even properties. This attack imposes a great threat to people and becomes more and more severe. In order to identify phishing websites, many proposals have shown their merits. For example, the classical proposal CNN-LSTM received a very high precision by combining Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) together. However, despite CNN achieved great success in AI area, LSTM still exists the biases issue since it always treats the later features much more important than the former ones. In the meanwhile, as the self-attention mechanism can discover the text’s inner dependency relationships, it has been widely applied to various tasks of deep learning-based Natural Language Processing (NLP). If we treat a URL as a text string, this mechanism can learn comprehensive URL representations. In order to improve the accuracy for phishing websites detection further, in this paper, we propose a novel Convolutional Neural Network (CNN) with self-attention named self-attention CNN for phishing Uniform Resource Locators (URLs) identification. Specifically, self-attention CNN first leverages Generative Adversarial Network (GAN) to generate phishing URLs so as to balance the datasets of legitimate and phishing URLs. Then it utilizes CNN and multi-head self-attention to construct our new classifier which is comprised of four blocks, namely the input block, the attention block, the feature block and the output block. Finally, the trained classifier can give a high-accuracy result for an unknown website URL. Overall thorough experiments indicate that self-attention CNN achieves 95.6% accuracy, which outperforms CNN-LSTM, single CNN and single LSTM by 1.4%, 4.6% and 2.1% respectively.

Zainab Alshingiti,Rabeah Alaqel,Jalal Al-Muhtadi,Qazi Emad Ul Haq,Kashif Saleem,Muhammad Hamza Faheem

DOI: https://doi.org/10.3390/electronics12010232

IF: 2.9

2023-01-04

Electronics

Abstract:In terms of the Internet and communication, security is the fundamental challenging aspect. There are numerous ways to harm the security of internet users; the most common is phishing, which is a type of attack that aims to steal or misuse a user's personal information, including account information, identity, passwords, and credit card details. Phishers gather information about the users through mimicking original websites that are indistinguishable to the eye. Sensitive information about the users may be accessed and they might be subject to financial harm or identity theft. Therefore, there is a strong need to develop a system that efficiently detects phishing websites. Three distinct deep learning-based techniques are proposed in this paper to identify phishing websites, including long short-term memory (LSTM) and convolutional neural network (CNN) for comparison, and lastly an LSTM–CNN-based approach. Experimental findings demonstrate the accuracy of the suggested techniques, i.e., 99.2%, 97.6%, and 96.8% for CNN, LSTM–CNN, and LSTM, respectively. The proposed phishing detection method demonstrated by the CNN-based system is superior.

engineering, electrical & electronic,computer science, information systems,physics, applied

Erzhou Zhu,Qixiang Yuan,Zhile Chen,Xuejian Li,Xianyong Fang,Yuan, Qixiang,Chen, Zhile

DOI: https://doi.org/10.1007/s12559-022-10024-4

IF: 4.89

2022-05-19

Cognitive Computation

Abstract:Phishing, in which social engineering techniques such as emails and instant messaging are employed and malicious links are disguised as normal URLs to steal sensitive information, is currently a major threat to networks worldwide. Phishing detection systems generally adopt feature engineering as one of the most important approaches to detect or even prevent phishing attacks. However, the accuracy of feature engineering systems is heavily dependent on the prior knowledge of features. In addition, extracting comprehensive features from different dimensions for high detection accuracy is time-consuming. To address these issues, this paper proposes a lightweight model that combines convolutional neural network (CNN), bi-directional long short-term memory (BiLSTM), and the attention mechanism for phishing detection. The proposed model, called the char-convolutional and BiLSTM with attention mechanism (CCBLA) model, employs deep learning to automatically extract features from target URLs and uses the attention mechanism to weight the importance of the selected features under different roles during phishing detection. The results of experiments conducted on two datasets with different scales show that CCBLA is accurate in phishing attack detection with minimal time consumption.

computer science, artificial intelligence,neurosciences

Xi Xiao,Dianyan Zhang,Guangwu Hu,Yong Jiang,Shutao Xia

DOI: https://doi.org/10.1016/j.neunet.2020.02.013

2020-01-01

Abstract:Increasing phishing sites today have posed great threats due to their terribly imperceptible hazard. They expect users to mistake them as legitimate ones so as to steal user information and properties without notice. The conventional way to mitigate such threats is to set up blacklists. However, it cannot detect one-time Uniform Resource Locators (URL) that have not appeared in the list. As an improvement, deep learning methods are applied to increase detection accuracy and reduce the misjudgment ratio. However, some of them only focus on the characters in URLs but ignore the relationships between characters, which results in that the detection accuracy still needs to be improved. Considering the multi-head self-attention (MHSA) can learn the inner structures of URLs, in this paper, we propose CNN-MHSA, a Convolutional Neural Network (CNN) and the MHSA combined approach for highly-precise. To achieve this goal, CNN-MHSA first takes a URL string as the input data and feeds it into a mature CNN model so as to extract its features. In the meanwhile, MHSA is applied to exploit characters' relationships in the URL so as to calculate the corresponding weights for the CNN learned features. Finally, CNN-MHSA can produce highly-precise detection result for a URL object by integrating its features and their weights. The thorough experiments on a dataset collected in real environment demonstrate that our method achieves 99.84% accuracy, which outperforms the classical method CNN-LSTM and at least 6.25% higher than other similar methods on average.

Yahia Said,Ahmed A. Alsheikhy,Husam Lahza,Tawfeeq Shawly

DOI: https://doi.org/10.1016/j.asej.2024.102643

IF: 4.79

2024-01-01

Ain Shams Engineering Journal

Abstract:Emerging technologies have made internet connection a vital activity facilitating access to many services. However, internet connection raises many security concerns, such as illegally acquiring private information, passwords, and identifiers. Phishing websites are the first choice for attackers that try to have users' private space. Social engineering attacks are performed by designing fake websites similar to real ones and inviting the victim to access those websites to collect their sensitive information and then redirect them to the actual site. Due to the importance of detecting phishing websites, building a robust detector that filters them and blocks their activity on the Internet is necessary. In this paper, we proposed a phishing website detector based on improving the convolutional neural network (CNN) with a self-attention mechanism. The proposed detector collects phishing Uniform Resource Locators (URLs) by treating them as strings. CNN models have proved their efficiency when dealing with text strings compared to Long Short-Term Memory (LSTM) which focuses on temporal features. Using CNN allows learning comprehensive features of the URLs and facilitates the detection of phishing ones. The self-attention mechanism was added to enhance the model's focus and detection accuracy. Besides, the training dataset was balanced by generating phishing URLs using a Generative Adversarial Network (GAN). A set of experiments has proved the robustness of the proposed detector by achieving high detection accuracy on the test set. Besides, the proposed detector was tested using unknown URLs and achieved excellent results. The improved CNN's detection precision of 99.7 is higher than the regular CNN model by 2.74%. The reported results show that using the self-attention mechanism has improved the detection accuracy and made the CNN model more efficient for detecting phishing websites.

engineering, multidisciplinary

Alper Ozcan,Cagatay Catal,Emrah Donmez,Behcet Senturk

DOI: https://doi.org/10.1007/s00521-021-06401-z

Abstract:Phishing is an attack targeting to imitate the official websites of corporations such as banks, e-commerce, financial institutions, and governmental institutions. Phishing websites aim to access and retrieve users' important information such as personal identification, social security number, password, e-mail, credit card, and other account information. Several anti-phishing techniques have been developed to cope with the increasing number of phishing attacks so far. Machine learning and particularly, deep learning algorithms are nowadays the most crucial techniques used to detect and prevent phishing attacks because of their strong learning abilities on massive datasets and their state-of-the-art results in many classification problems. Previously, two types of feature extraction techniques [i.e., character embedding-based and manual natural language processing (NLP) feature extraction] were used in isolation. However, researchers did not consolidate these features and therefore, the performance was not remarkable. Unlike previous works, our study presented an approach that utilizes both feature extraction techniques. We discussed how to combine these feature extraction techniques to fully utilize from the available data. This paper proposes hybrid deep learning models based on long short-term memory and deep neural network algorithms for detecting phishing uniform resource locator and evaluates the performance of the models on phishing datasets. The proposed hybrid deep learning models utilize both character embedding and NLP features, thereby simultaneously exploiting deep connections between characters and revealing NLP-based high-level connections. Experimental results showed that the proposed models achieve superior performance than the other phishing detection models in terms of accuracy metric.

Rundong Yang,Kangfeng Zheng,Bin Wu,Chunhua Wu,Xiujuan Wang

DOI: https://doi.org/10.3390/s21248281

IF: 3.9

2021-12-10

Sensors

Abstract:Phishing has become one of the biggest and most effective cyber threats, causing hundreds of millions of dollars in losses and millions of data breaches every year. Currently, anti-phishing techniques require experts to extract phishing sites features and use third-party services to detect phishing sites. These techniques have some limitations, one of which is that extracting phishing features requires expertise and is time-consuming. Second, the use of third-party services delays the detection of phishing sites. Hence, this paper proposes an integrated phishing website detection method based on convolutional neural networks (CNN) and random forest (RF). The method can predict the legitimacy of URLs without accessing the web content or using third-party services. The proposed technique uses character embedding techniques to convert URLs into fixed-size matrices, extract features at different levels using CNN models, classify multi-level features using multiple RF classifiers, and, finally, output prediction results using a winner-take-all approach. On our dataset, a 99.35% accuracy rate was achieved using the proposed model. An accuracy rate of 99.26% was achieved on the benchmark data, much higher than that of the existing extreme model.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shuaicong Yu,Changqing An,Tao Yu,Ziyi Zhao,Tianshu Li,Jilong Wang

DOI: https://doi.org/10.1109/ipccc55026.2022.9894337

2022-01-01

Abstract:Phishing detection methods are used to protect Internet users from leaking private information to phishing websites. However, the passive phishing detection method, which is widely used and based on blacklists, has limitations on timeliness and defense against zero-day phishing attacks and active phishing detection models with single-feature can be easily targeted by attackers. It is necessary to design and establish an active phishing detection model with high timeliness and strong adaptability. We propose a phishing detection method based on multi-feature extraction and deep learning technology. The model is constructed of a multilayer perceptron (MLP) for selfdefined feature, a convolutional neural network (CNN) for image feature, a recurrent neural network (RNN) for text feature to extract feature vectors, and a classification network to fuse features and make the judgement. Our model's accuracy achieves 0.9775 and recall reaches up to 0.9901. Experiment results of our model prove superior performance to those of other classification algorithms, demonstrating our model's ability to deal with complex and changeable phishing detection tasks at this stage.

Eman Abdullah Aldakheel,Mohammed Zakariah,Ghada Abdalaziz Gashgari,Fahdah A. Almarshad,Abdullah I. A. Alzahrani

DOI: https://doi.org/10.3390/s23094403

IF: 3.9

2023-04-30

Sensors

Abstract:Organizations and individuals worldwide are becoming increasingly vulnerable to cyberattacks as phishing continues to grow and the number of phishing websites grows. As a result, improved cyber defense necessitates more effective phishing detection (PD). In this paper, we introduce a novel method for detecting phishing sites with high accuracy. Our approach utilizes a Convolution Neural Network (CNN)-based model for precise classification that effectively distinguishes legitimate websites from phishing websites. We evaluate the performance of our model on the PhishTank dataset, which is a widely used dataset for detecting phishing websites based solely on Uniform Resource Locators (URL) features. Our approach presents a unique contribution to the field of phishing detection by achieving high accuracy rates and outperforming previous state-of-the-art models. Experiment results revealed that our proposed method performs well in terms of accuracy and its false-positive rate. We created a real data set by crawling 10,000 phishing URLs from PhishTank and 10,000 legitimate websites and then ran experiments using standard evaluation metrics on the data sets. This approach is founded on integrated and deep learning (DL). The CNN-based model can distinguish phishing websites from legitimate websites with a high degree of accuracy. When binary-categorical loss and the Adam optimizer are used, the accuracy of the k-nearest neighbors (KNN), Natural Language Processing (NLP), Recurrent Neural Network (RNN), and Random Forest (RF) models is 87%, 97.98%, 97.4% and 94.26%, respectively, in contrast to previous publications. Our model outperformed previous works due to several factors, including the use of more layers and larger training sizes, and the extraction of additional features from the PhishTank dataset. Specifically, our proposed model comprises seven layers, starting with the input layer and progressing to the seventh, which incorporates a layer with pooling, convolutional, linear 1 and 2, and linear six layers as the output layers. These design choices contribute to the high accuracy of our model, which achieved a 98.77% accuracy rate.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Weibo Chu,Bin B. Zhu,Feng Xue,Xiaohong Guan,Zhongmin Cai

DOI: https://doi.org/10.1109/ICC.2013.6654816

2013-01-01

Abstract:Phishing is the third cyber-security threat globally and the first cyber-security threat in China. There were 61.69 million phishing victims in China alone from June 2011 to June 2012, with the total annual monetary loss more than 4.64 billion US dollars. These phishing attacks were highly concentrated in targeting at a few major Websites. Many phishing Webpages had a very short life span. In this paper, we assume the Websites to protect against phishing attacks are known, and study the effectiveness of machine learning based phishing detection using only lexical and domain features, which are available even when the phishing Webpages are inaccessible. We propose several novel highly effective features, and use the real phishing attack data against Taobao and Tencent, two main phishing targets in China, in studying the effectiveness of each feature, and each group of features. We then select an optimal set of features in our phishing detector, which has achieved a detection rate better than 98%, with a false positive rate of 0.64% or less. The detector is still effective when the distribution of phishing URLs changes.

Yun Lin,Ruofan Liu,Dinil Mon Divakaran,Jun Yang Ng,Qing Zhou Chan,Yiwen Lu,Yuxuan Si,Fan Zhang,Jin Song Dong

2021-01-01

Abstract:Recent years have seen the development of phishing detection and identification approaches to defend against phishing attacks. Phishing detection solutions often report binary results, i.e., phishing or not, without any explanation. In contrast, phishing identification approaches identify phishing webpages by visually comparing webpages with predefined legitimate references and report phishing along with its target brand, thereby having explainable results. However, there are technical challenges in visual analyses that limit existing solutions from being effective (with high accuracy) and efficient (with low runtime overhead), to be put to practical use. In this work, we design a hybrid deep learning system, Phishpedia, to address two prominent technical challenges in phishing identification, i.e., (i) accurate recognition of identity logos on webpage screenshots, and (ii) matching logo variants of the same brand. Phishpedia achieves both high accuracy and low runtime overhead. And very importantly, different from common approaches, Phishpedia does not require training on any phishing samples. We carry out extensive experiments using real phishing data; the results demonstrate that Phishpedia significantly outperforms baseline identification approaches (EMD, PhishZoo, and LogoSENSE) in accurately and efficiently identifying phishing pages. We also deployed Phishpedia with CertStream service and discovered 1,704 new real phishing websites within 30 days, significantly more than other solutions; moreover, 1,133 of them are not reported by any engines in VirusTotal.

Jian Feng,Lianyang Zou,Ou Ye,Jingzhou Han

DOI: https://doi.org/10.1109/access.2020.3043188

IF: 3.9

2020-01-01

IEEE Access

Abstract:Phishing is a kind of online attack that attempts to defraud sensitive information of network users. Current phishing webpage detection methods mainly use manual feature collection, and there are problems that feature extraction is complicated and the possible correlation between features cannot be avoided. To solve the problems, a new phishing webpage detection model is proposed, among which the main components are automatic learning representations from multi-aspects features through representation learning and extracting features by hybrid deep learning network. Firstly, the model treats URL, HTML page content, and DOM (Document Object Model) structure of webpages as character sequences respectively, and uses representation learning technology to automatically learn the representation of the webpages; then, sends multiple representations to a hybrid deep learning network composed of a convolutional neural network and a bidirectional long and short-term memory network through different channels to extract local and global features, and use the attention mechanism to strengthen the influence of important features; finally, the output of multiple channels is fused to realize classification prediction. Through four sets of experiments to verify the detection effect of the model, the results show that the overall classification effect of the model is better than the existing classic phishing webpage detection methods, the accuracy reaches 99.05%, and the false positive rate is only 0.25%. It is proved that the strategies of extracting webpage features from all aspects through representation learning and hybrid deep learning network can effectively improve the detection effect of phishing webpages.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lizhen Tang,Qusay H. Mahmoud

DOI: https://doi.org/10.3390/make3030034

2021-08-20

Machine Learning and Knowledge Extraction

Abstract:With the development of the Internet, network security has aroused people’s attention. It can be said that a secure network environment is a basis for the rapid and sound development of the Internet. Phishing is an essential class of cybercriminals which is a malicious act of tricking users into clicking on phishing links, stealing user information, and ultimately using user data to fake logging in with related accounts to steal funds. Network security is an iterative issue of attack and defense. The methods of phishing and the technology of phishing detection are constantly being updated. Traditional methods for identifying phishing links rely on blacklists and whitelists, but this cannot identify new phishing links. Therefore, we need to solve how to predict whether a newly emerging link is a phishing website and improve the accuracy of the prediction. With the maturity of machine learning technology, prediction has become a vital ability. This paper offers a state-of-the-art survey on methods for phishing website detection. It starts with the life cycle of phishing, introduces common anti-phishing methods, mainly focuses on the method of identifying phishing links, and has an in-depth understanding of machine learning-based solutions, including data collection, feature extraction, modeling, and evaluation performance. This paper provides a detailed comparison of various solutions for phishing website detection.

Jun-Ho Yoon,Seok-Jun Buu,Hae-Jung Kim

DOI: https://doi.org/10.3390/electronics13163344

IF: 2.9

2024-08-24

Electronics

Abstract:Detecting phishing webpages is a critical task in the field of cybersecurity, with significant implications for online safety and data protection. Traditional methods have primarily relied on analyzing URL features, which can be limited in capturing the full context of phishing attacks. In this study, we propose an innovative approach that integrates HTML DOM graph modeling with URL feature analysis using advanced deep learning techniques. The proposed method leverages Graph Convolutional Networks (GCNs) to model the structure of HTML DOM graphs, combined with Convolutional Neural Networks (CNNs) and Transformer Networks to capture the character and word sequence features of URLs, respectively. These multi-modal features are then integrated using a Transformer network, which is adept at selectively capturing the interdependencies and complementary relationships between different feature sets. We evaluated our approach on a real-world dataset comprising URL and HTML DOM graph data collected from 2012 to 2024. This dataset includes over 80 million nodes and edges, providing a robust foundation for testing. Our method demonstrated a significant improvement in performance, achieving a 7.03 percentage point increase in classification accuracy compared to state-of-the-art techniques. Additionally, we conducted ablation tests to further validate the effectiveness of individual features in our model. The results validate the efficacy of integrating HTML DOM structure and URL features using deep learning. Our framework significantly enhances phishing detection capabilities, providing a more accurate and comprehensive solution to identifying malicious webpages.

engineering, electrical & electronic,computer science, information systems,physics, applied

Najwa Altwaijry,Isra Al-Turaiki,Reem Alotaibi,Fatimah Alakeel

DOI: https://doi.org/10.3390/s24072077

IF: 3.9

2024-03-25

Sensors

Abstract:Black Phishing is one of the most dangerous attacks targeting individuals, organizations, and nations. Although many traditional methods for email phishing detection exist, there is a need to improve accuracy and reduce false-positive rates. Our work investigates one-dimensional CNN-based models (1D-CNNPD) to detect phishing emails in order to address these challenges. Additionally, further improvement is achieved with the augmentation of the base 1D-CNNPD model with recurrent layers, namely, LSTM, Bi-LSTM, GRU, and Bi-GRU, and experimented with the four resulting models. Two benchmark datasets were used to evaluate the performance of our models: Phishing Corpus and Spam Assassin. Our results indicate that, in general, the augmentations improve the performance of the 1D-CNNPD base model. Specifically, the 1D-CNNPD with Bi-GRU yields the best results. Overall, the performance of our models is comparable to the state of the art of CNN-based phishing email detection. The Advanced 1D-CNNPD with Leaky ReLU and Bi-GRU achieved 100% precision, 99.68% accuracy, an F1 score of 99.66%, and a recall of 99.32%. We observe that increasing model depth typically leads to an initial performance improvement, succeeded by a decline. In conclusion, this study highlights the effectiveness of augmented 1D-CNNPD models in detecting phishing emails with improved accuracy. The reported performance measure values indicate the potential of these models in advancing the implementation of cybersecurity solutions to combat email phishing attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ali Aljofey,Qingshan Jiang,Abdur Rasool,Hui Chen,Wenyin Liu,Qiang Qu,Yang Wang

DOI: https://doi.org/10.1038/s41598-022-10841-5

IF: 4.6

2022-05-26

Scientific Reports

Abstract:Today's growing phishing websites pose significant threats due to their extremely undetectable risk. They anticipate internet users to mistake them as genuine ones in order to reveal user information and privacy, such as login ids, pass-words, credit card numbers, etc. without notice. This paper proposes a new approach to solve the anti-phishing problem. The new features of this approach can be represented by URL character sequence without phishing prior knowledge, various hyperlink information, and textual content of the webpage, which are combined and fed to train the XGBoost classifier. One of the major contributions of this paper is the selection of different new features, which are capable enough to detect 0-h attacks, and these features do not depend on any third-party services. In particular, we extract character level Term Frequency-Inverse Document Frequency (TF-IDF) features from noisy parts of HTML and plaintext of the given webpage. Moreover, our proposed hyperlink features determine the relationship between the content and the URL of a webpage. Due to the absence of publicly available large phishing data sets, we needed to create our own data set with 60,252 webpages to validate the proposed solution. This data contains 32,972 benign webpages and 27,280 phishing webpages. For evaluations, the performance of each category of the proposed feature set is evaluated, and various classification algorithms are employed. From the empirical results, it was observed that the proposed individual features are valuable for phishing detection. However, the integration of all the features improves the detection of phishing sites with significant accuracy. The proposed approach achieved an accuracy of 96.76% with only 1.39% false-positive rate on our dataset, and an accuracy of 98.48% with 2.09% false-positive rate on benchmark dataset, which outperforms the existing baseline approaches.

multidisciplinary sciences

Y. Bhanu Prasad,D. Venkatesulu

DOI: https://doi.org/10.1016/j.cose.2024.104123

IF: 5.105

2024-09-20

Computers & Security

Abstract:Phishing is a cyber-attack that exploits victims' technical ignorance or naivety and commonly involves a Uniform Resources Locator (URL). As a result, it is beneficial to examine URLs before accessing them to spot a phishing assault. Several algorithms based on machine learning have been presented to detect phishing attempts. However, these approaches often suffer from lower performance outcomes, such as lower accuracy, longer response times, and higher false positive rates. Furthermore, many existing methods rely heavily on predefined feature sets, which may limit their adaptability and robustness. In contrast, our proposed method leverages a more dynamic feature selection process, which includes the Conditional Wasserstein Generative Adversarial Network (CWGAN) for addressing data imbalance and the Binary Grey Goose Optimization Algorithm (BGGOA) for optimal feature selection. This dynamic approach enhances the model's ability to adapt to varying data characteristics, improving detection performance. The proposed solution is divided into two stages: pre-deployment and deployment. During the pre-deployment stage, the dataset is preprocessed, including data transformation, handling irrelevant and redundant data, and ensuring data balancing. Minority samples are increased using CWGAN to avoid class imbalance. Features are then selected using BGGOA, resulting in a feature-reduced dataset used for training and testing ensemble deep learning classifiers, specifically the Novel Pyramid Depth-wise Separable-MobileNetV3 (PyDS-MV3) and Deformable Convolutional Residual Neural Network (DCRNN), termed PDSMV3-DCRNN. During the deployment phase, the Boosted ConvNeXt approach extracts URL features fed into the trained classifier to predict "phishing" or "benign". According to experimental findings, the proposed solution outperforms all other tested approaches, displaying a faster training time of 0.11 seconds and achieving an optimal accuracy of 99.21%.

computer science, information systems