Effectiveness of Machine Learning Techniques in Phishing Detection

Vahid Shahrivari; Mohammad Izadi; Mohammad Mahdi Darabi

Effectiveness of Machine Learning Techniques in Phishing Detection

Vahid Shahrivari ¹, Mohammad Izadi ¹, Mohammad Mahdi Darabi ²

Affiliations
1 Computer Engineering Department, Sharif University of Technology, Tehran, Iran, Islamic Republic of
2 School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran, Islamic Republic of

The Internet has become an indispensable part of our life, However, It also has provided opportunities to anonymously perform malicious activities like Phishing. Phishers try to deceive their victims by social engineering or creating mock-up websites to steal information such as account ID, username, password from individuals and organizations. Although many methods have been proposed to detect phishing websites, Phishers have evolved their methods to escape from these detection methods. One of the most successful methods for detecting these malicious activities is Machine Learning. This is because most Phishing attacks have some common characteristics which can be identified by machine learning methods. In this paper, we compared the results of multiple machine learning methods for predicting phishing websites.

Keywords

Classification, Cybercrime, Machine-learning, Phishing.

I-Scholar

Journal Help

Subscription Login to verify subscription

User

Notifications

Journal Content
Browse

Font Size

Information

FBI, “Ic3 annual report released.” [2] APWG, “Phishing activity trends report.” [3] V. Bhavsar, A. Kadlak, and S. Sharma, “Study on phishing attacks,” International Journal of Computer Applications, vol. 182, no. 33, pp. 27-29, 2018.

I.-F. Lam, W.-C. Xiao, S.-C. Wang, and K.-T. Chen, “Counteracting phishing page polymorphism: An image layout analysis approach,” in International Conference on Information Security and Assurance, Springer, 2009, pp. 270-279.

W. Jing, “Covert redirect vulnerability,” 2017.

K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Advanced social engineering attacks,” Journal of Information Security and Applications, vol. 22, pp. 113-122, 2015.

P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M. A. Blair, and T. Pham, “School of phish: A real-world evaluation of antiphishing training,” in Proceedings of the 5th Symposium on Usable Privacy and Security, 2009, pp. 1-12.

R. C. Dodge Jr., C. Carver, and A. J. Ferguson, “Phishing for user security awareness,” Computers & Security, vol. 26, no. 1, pp. 73-80, 2007.

R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006, pp. 581-590.

C. Ludl, S. McAllister, E. Kirda, and C. Kruegel, “On the effectiveness of techniques to detect phishing sites,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2007, pp. 20-39.

A. P. Rosiello, E. Kirda, F. Ferrandi, et al., “A layout-similarity-based approach for detecting phishing pages,” in 2007 3rd International Conference on Security and Privacy in Communications Networks and the Workshops-Secure Comm 2007, IEEE, 2007, pp. 454-463.

S. Afroz, and R. Greenstadt, “Phishzoo: Detecting phishing websites by looking at them,” in 2011 IEEE 5th International Conference on Semantic Computing, IEEE, 2011, pp. 368-375.

K.-T. Chen, J.-Y. Chen, C.-R. Huang, and C.-S. Chen, “Fighting phishing with discriminative keypoint features,” IEEE Internet Computing, vol. 13, no. 3, pp. 56-63, 2009.

A. K. Jain, and B. B. Gupta, “Phishing detection: Analysis of visual similarity based approaches,” Security and Communication Networks, vol. 2017, 2017.

R. S. Rao, and S. T. Ali, “A computer vision technique to detect phishing attacks,” in 2015 5th International Conference on Communication Systems and Network Technologies, IEEE, 2015, pp. 596-601.

B. B. Gupta, N. A. Arachchilage, and K. E. Psannis, “Defending against phishing attacks: Taxonomy of

methods, current issues and future directions,” Telecommunication Systems, vol. 67, no. 2, pp. 247-267, 2018.

A. Karatzoglou, D. Meyer, and K. Hornik, “Support vector machines in r,” Journal of Statistical Software, vol. 15, no. 9, pp. 1-28, 2006.

L. Breiman, “Random forests,” Machine Learning, vol. 45, no. 1, pp. 5-32, 2001.

T. Hastie, S. Rosset, J. Zhu, and H. Zou, “Multi-class adaboost,” Statistics and its Interface, vol. 2, no. 3, pp. 349-360, 2009.

J. H. Friedman, “Stochastic gradient boosting,” Computational Statistics & Data Analysis, vol. 38, no. 4, pp. 367-378, 2002.

T. Chen, and C. Guestrin, “Xgboost: A scalable tree boosting system,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2016, pp. 785-794.

I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. MIT Press, 2016.

R. M. Mohammad, F. Thabtah, and L. McCluskey, “Phishing websites features,” School of Computing and Engineering, University of Huddersfield, 2015.

Abstract Views: 127

PDF Views: 0

Journal of Network and Information Security

Effectiveness of Machine Learning Techniques in Phishing Detection

Subscribe/Renew Journal

Keywords

Effectiveness of Machine Learning Techniques in Phishing Detection

Authors

Abstract

Keywords

References

Username
Password
Remember me

Username
Password
Remember me