PhishingRTDS: A real-time detection system for phishing attacks using a Deep Learning model

Abstract

In recent years, phishing attacks have become more intelligent and more challenging to detect using typical phishing methods. Moreover, attackers have leveraged some web development techniques to increase the website's legitimacy in victims' eyes, such as using JFrame to design a window that looks like a browser inside the webpage. In this paper, we design a system that detects three types of phishing attacks: Tiny Uniform Resource Locators (TinyURLs), Browsers in the Browser (BiTB), and regular phishing attacks. In this system, we aim to protect victims from mistakenly downloading malicious software into their systems. We split our system into three parts: Deep Learning model (DL), browser extension, and docker container. First, we design a DL model using bidirectional long short-term memory (BiLSTM) and an attention mechanism to classify the URL as phishing or benign. Our model shows 99% in its precision, recall, and F1 score. Second, we design a browser extension to extract the original URL from the suspect webpage and then send it to the docker container. Then, the docker container opens the webpage and extracts all URLs from its HyperText Markup Language (HTML) and JavaScript. Then, each URL passes to a DL model for classification, resulting in a list of labels for each webpage. Therefore, we use three decision strategies: Single Phishing Strategy (SPhS), Mean Sum Strategy (MSS), and Weighted Average Strategy (WeAS) to decide whether the webpage is phishing or benign. Our findings indicate that the best results among the three strategies were WeAS.