Abstract
In recent years, phishing attacks have become more intelligent and more challenging to detect using typical phishing methods. Moreover, attackers have leveraged some web development techniques to increase the website's legitimacy in victims' eyes, such as using JFrame to design a window that looks like a browser inside the webpage. In this paper, we design a system that detects three types of phishing attacks: Tiny Uniform Resource Locators (TinyURLs), Browsers in the Browser (BiTB), and regular phishing attacks. In this system, we aim to protect victims from mistakenly downloading malicious software into their systems. We split our system into three parts: Deep Learning model (DL), browser extension, and docker container. First, we design a DL model using bidirectional long short-term memory (BiLSTM) and an attention mechanism to classify the URL as phishing or benign. Our model shows 99% in its precision, recall, and F1 score. Second, we design a browser extension to extract the original URL from the suspect webpage and then send it to the docker container. Then, the docker container opens the webpage and extracts all URLs from its HyperText Markup Language (HTML) and JavaScript. Then, each URL passes to a DL model for classification, resulting in a list of labels for each webpage. Therefore, we use three decision strategies: Single Phishing Strategy (SPhS), Mean Sum Strategy (MSS), and Weighted Average Strategy (WeAS) to decide whether the webpage is phishing or benign. Our findings indicate that the best results among the three strategies were WeAS.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.