Abstract
Phishing is an attempt to obtain confidential information about a user or an organization. It is an act of impersonating a credible webpage to lure users to expose sensitive data, such as username, password and credit card information. It has cost the online community and various stakeholders hundreds of millions of dollars. There is a need to detect and predict phishing, and the machine learning classification approach is a promising approach to do so. However, it may take several phases to identify and tune the effective features from the dataset before the selected classifier can be trained to identify phishing sites correctly. This paper presents the performance of two feature selection techniques known as the Feature Selection by Omitting Redundant Features (FSOR) and Feature Selection by Filtering Method (FSFM) to the 'Phishing Websites' dataset from the University of California Irvine and evaluates the performance of phishing webpage detection via three different machine learning techniques: Random Forest (RF) tree, Multilayer Perceptron (MLP) and Naive Bayes (NB). The most effective classification performance of these machine learning algorithms is further rectified based on a selected subset of features set by various feature selection methods. The observational results have shown that the optimized Random Forest (RFPT) classifier with feature selection by the FSFM achieves the highest performance among all the techniques.
Highlights
Phishing is a simple yet complex mechanism that escalates threats to the security of the Internet community
The results show that Feature Selection by Omitting Redundant (FSOR) is the best performer when using Random Forest as a classifier, and the result is statistically significant at the 0.05 level
This study provides a comparison of performance between two feature selection methods (i.e., Feature Selection by Omitting Redundant and Feature Selection by Filter Method) in classifying phishing websites
Summary
Phishing is a simple yet complex mechanism that escalates threats to the security of the Internet community. With little information about the victim, the attacker can produce a believable and personalized email or webpage. It is hard to catch the attacker, as most of them tend to hide their location and work in almost complete anonymity [1]. Even with high technology and excellent security software, users can become victims of this scheme. This is due to the huge of number of methods that can be used by the attackers to attract users into their phishing scheme. A report by Forbes has highlighted that approximately $500 million losses related to phishing attacks occur every year in the US businesses
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
