Hybrid Approach for Phishing Website Detection Using Classification Algorithms

Abstract

The internet has significantly altered how we work and interact with one another.Statistics show 63.1 % of the present world population are internet users. This clearly indicates how heavily man is dependent on digital media. Digital media users are on the rise and so is the incidence of  cyber crimes. People who lack experience and knowledge are more vulnerable and susceptible to phishing scams.The victims experience severe consequences as their personal credentials are at stake. Phishers use publicly available sources to acquire details about the victim's professional and personal history.Countermeasures must be implemented with the highest priority. Detection of malicious websites can significantly reduce the risk of phishing attempts.In this research, a highly accurate website phishing detection method based on URL features is proposed. We investigated eight existing machine learning classification techniques for this, including extreme gradient boosting (XGBoost), random forest (RF), adaptive boosting (AdaBoost), decision trees (DT), K-nearest neighbors (KNN), support vector machines (SVM), logistic regression and naïve bayes (NB) to detect malicious websites.The results show that XGboost had the best accuracy  with a score of 96.71%, followed by random forest and AdaBoost.We further experimented with various hybrid combinations of the top three classifiers and observed that XGboost-Random Forest hybrid algorithms produced the best results.The hybrid model classified the websites as legitimate or phishing with an accuracy of 97.07%.