Phishing Website Detection Research Articles

Feature Classification and Extreme Learning Machine Based Detection of Phishing Websites

Phishing is a cyber-attack that uses a phishing website impersonating a real website to deceive internet users into disclosing sensitive information. Attackers using stolen credentials not only utilize them for the targeted website, but they may also be used to access other famous genuine websites. This paper proposes a novel approach for detecting phishing websites using a feature classification technique and an Extreme Learning Machine (ELM) algorithm. The proposed system extracts various features from the website URL and content, including text-based, image-based, and behavior-based features. These features are then classified using a feature selection technique, which selects the most relevant features to improve the detection accuracy. The selected features are then fed into the ELM algorithm, which is a powerful machine learning method for classifying and predicting data. The ELM algorithm It trains upon a huge set of data legitimate & phishing websites, and final outcome model is applied to classify unknown websites as either legitimate or phishing. The proposed approach is evaluated on several benchmark datasets and compared with other state-of-the-art phishing detection methods.
 The experimental results demonstrate that the proposed approach achieves high detection accuracy and outperforms other methods in terms of precision, recall, and F1-score. The proposed approach can be used as an effective tool for detecting and preventing phishing attacks, which are a major threat to the security of online users.

Detecting Phishing Websites using Decision Trees: A Machine Learning Approach

This study emphasises the value of feature selection and preprocessing in improving model performance and demonstrates the efficiency of decision trees in identifying phishing websites. Internet users are significantly threatened by phishing websites, hence a strong detection strategy is required. The Phishing Websites Dataset from the UCI Machine Learning Repository, which contains 30 website-related features, is used in the study together with a decision tree classifier from the scikit-learn package. The dataset is preprocessed to remove invalid and missing values, and the most pertinent features are chosen for model training. 80% of the dataset is utilised to train the model, while the remaining 20% is used for testing. The findings demonstrate the decision tree classifier's precision in detecting phishing websites, scoring 95.97% accurate and showing a high true positive rate (96.64%) and a negligible (3.04%) false positive rate using the confusion matrix. This study highlights the significance of feature selection and preprocessing for optimal model performance in addition to validating the efficacy of decision trees in phishing detection. The method described here can be helpful for businesses and individuals looking to protect themselves from phishing assaults, and the given data visualisations make it easier to understand datasets and assess models.

Improving Phishing Website Detection Using a Hybrid Two-level Framework for Feature Selection and XGBoost Tuning

In the last few decades, the World Wide Web has become a necessity that offers numerous services to end users. The number of online transactions increases daily, as well as that of malicious actors. Machine learning plays a vital role in the majority of modern solutions. To further improve Web security, this paper proposes a hybrid approach based on the eXtreme Gradient Boosting (XGBoost) machine learning model optimized by an improved version of the well-known metaheuristics algorithm. In this research, the improved firefly algorithm is employed in the two-tier framework, which was also developed as part of the research, to perform both the feature selection and adjustment of the XGBoost hyper-parameters. The performance of the introduced hybrid model is evaluated against three instances of well-known publicly available phishing website datasets. The performance of novel introduced algorithms is additionally compared against cutting-edge metaheuristics that are utilized in the same framework. The first two datasets were provided by Mendeley Data, while the third was acquired from the University of California, Irvine machine learning repository. Additionally, the best performing models have been subjected to SHapley Additive exPlanations (SHAP) analysis to determine the impact of each feature on model decisions. The obtained results suggest that the proposed hybrid solution achieves a superior performance level in comparison to other approaches, and that it represents a perspective solution in the domain of web security.

Machine Learning Approach for Detection of Phishing Website

Abstract: Phishing attacks are the easiest way to get sensitive information from innocent users. The purpose of phishing is to obtain critical information like the private information of users. Phishing sites pretend to be relevant sites and it is more difficult to distinguish these sites. It is one of the greatest threats that every individual and management has ever faced. URLs are referred to as web pages through which users locate pieces of information on the Internet. This paper focuses on phishing website detection which is important for the prevention of our sensitive information. There are different types of websites with different features. Therefore, we need to use a specific set of features on websites to protect against phishing. A machine learning model has been proposed to detect phishing websites. To detect phishing sites, we proposed the machine learning model. The essential objective of this paper is to classify the various algorithm of machine learning by extracting and analyzing various features of legitimate and phishing URLs.

Phishing Website Detection Using Machine Learning: A Review

Phishing, a form of cyber attack in which perpetrators employ fraudulent websites or emails to Deceive individuals into divulging sensitive information such as passwords or financial data, can be mitigated through various machine-learning algorithms for website detection.
 These algorithms, including decision trees, support vector machines, and Random Forest, analyze multiple website features, such as URL structure, website content, and the presence of specific keywords or patterns, to ascertain the likelihood of a website being a phishing site.
 This comprehensive review elucidates the concept of phishing website detection and the diverse techniques employed while summarizing previous studies, their outcomes, and their contributions. Overall, machine learning algorithms serve as a potent tool in the identification of phishing websites, thereby safeguarding users against falling prey to such malicious attacks.

Addressing feature selection and extreme learning machine tuning by diversity-oriented social network search: an application for phishing websites detection

AbstractFeature selection and hyper-parameters optimization (tuning) are two of the most important and challenging tasks in machine learning. To achieve satisfying performance, every machine learning model has to be adjusted for a specific problem, as the efficient universal approach does not exist. In addition, most of the data sets contain irrelevant and redundant features that can even have a negative influence on the model’s performance. Machine learning can be applied almost everywhere; however, due to the high risks involved with the growing number of malicious, phishing websites on the world wide web, feature selection and tuning are in this research addressed for this particular problem. Notwithstanding that many metaheuristics have been devised for both feature selection and machine learning tuning challenges, there is still much space for improvements. Therefore, the research exhibited in this manuscript tries to improve phishing website detection by tuning extreme learning model that utilizes the most relevant subset of phishing websites data sets features. To accomplish this goal, a novel diversity-oriented social network search algorithm has been developed and incorporated into a two-level cooperative framework. The proposed algorithm has been compared to six other cutting-edge metaheuristics algorithms, that were also implemented in the framework and tested under the same experimental conditions. All metaheuristics have been employed in level 1 of the devised framework to perform the feature selection task. The best-obtained subset of features has then been used as the input to the framework level 2, where all algorithms perform tuning of extreme learning machine. Tuning is referring to the number of neurons in the hidden layers and weights and biases initialization. For evaluation purposes, three phishing websites data sets of different sizes and the number of classes, retrieved from UCI and Kaggle repositories, were employed and all methods are compared in terms of classification error, separately for layers 1 and 2 over several independent runs, and detailed metrics of the final outcomes (output of layer 2), including precision, recall, f1 score, receiver operating characteristics and precision–recall area under the curves. Furthermore, an additional experiment is also conducted, where only layer 2 of the proposed framework is used, to establish metaheuristics performance for extreme machine learning tuning with all features, which represents a large-scale NP-hard global optimization challenge. Finally, according to the results of statistical tests, final research findings suggest that the proposed diversity-oriented social network search metaheuristics on average obtains better achievements than competitors for both challenges and all data sets. Finally, the SHapley Additive exPlanations analysis of the best-performing model was applied to determine the most influential features.

Hybrid Phishing Detection Based on Automated Feature Selection Using the Chaotic Dragonfly Algorithm

Due to the increased frequency of phishing attacks, network security has gained the attention of researchers. In addition to this, large volumes of data are created every day, and these data include inappropriate and unrelated features that influence the accuracy of machine learning. There is therefore a need for a robust method of detecting phishing threats and improving detection accuracy. In this study, three classifiers were applied to improve the accuracy of a detection algorithm: decision tree, k-nearest neighbors (KNN), and support vector machine (SVM). Selecting the relevant features improves the detection accuracy for a target class and determines the class label with the greatest probability. The proposed work clearly describes how feature selection using the Chaotic Dragonfly Algorithm provides more accurate results than all other baseline classifiers. It also indicates the appropriate classifier to be applied when detecting phishing websites. Three publicly available datasets were used to evaluate the method. They are reliable datasets for training the model and measuring prediction accuracy.

A Lightweight Multi-View Learning Approach for Phishing Attack Detection Using Transformer with Mixture of Experts

Phishing poses a significant threat to the financial and privacy security of internet users and often serves as the starting point for cyberattacks. Many machine-learning-based methods for detecting phishing websites rely on URL analysis, offering simplicity and efficiency. However, these approaches are not always effective due to the following reasons: (1) highly concealed phishing websites may employ tactics such as masquerading URL addresses to deceive machine learning models, and (2) phishing attackers frequently change their phishing website URLs to evade detection. In this study, we propose a robust, multi-view Transformer model with an expert-mixture mechanism for accurate phishing website detection utilizing website URLs, attributes, content, and behavioral information. Specifically, we first adapted a pretrained language model for URL representation learning by applying adversarial post-training learning in order to extract semantic information from URLs. Next, we captured the attribute, content, and behavioral features of the websites and encoded them as vectors, which, alongside the URL embeddings, constitute the website’s multi-view information. Subsequently, we introduced a mixture-of-experts mechanism into the Transformer network to learn knowledge from different views and adaptively fuse information from various views. The proposed method outperforms state-of-the-art approaches in evaluations of real phishing websites, demonstrating greater performance with less label dependency. Furthermore, we show the superior robustness and enhanced adaptability of the proposed method to unseen samples and data drift in more challenging experimental settings.

Real-Time Phishing Website Detection using Machine Learning and Updating Phishing Probability with User Feedback

Phishing attacks remain a significant threat to internet users worldwide. Cybercriminals often send out phishing links through various channels such as emails, social media platforms, or text messages, to trick users into disclosing their sensitive infor-mation such as passwords, usernames, or credit card details. This stolen information is then used to perpetrate various types of fraud or sold on the dark web for profit. To combat this problem, various machine learning-based solutions have been developed for detect-ing phishing websites. However, these solutions vary in their effec-tiveness, with some focusing on URL-based algorithms while oth-ers focus on website content. This paper proposes a machine learn-ing-based approach to real-time phishing website detection, with a focus on the website's URL, domain page, and content. The pro-posed framework will be implemented as a browser plug-in, which can identify phishing risks as users visit websites. The framework integrates several techniques, including blacklist interception, whitelist filtering, and machine learning prediction, to improve ac-curacy, reduce false alarm rates, and minimize computation times. The proposed approach also incorporates user feedback to update the phishing probability over time, thereby increasing the accuracy of detecting phishing websites. This feedback loop involves users reporting suspected phishing websites to the system, which then updates the phishing probability calculation with new information to improve its accuracy. The significance of this research lies in its ability to provide real-time phishing detection capabilities, which can help protect internet users from falling victim to phishing at-tacks. Furthermore, the use of machine learning-based algorithms and user feedback ensures that the system is continuously updated to remain effective against new and emerging threats.

Machine Learning and Deep Learning for Phishing Page Detection

The term "phishing" is often used to describe an attempt to obtain confidential data such as passwords or credit card details by impersonating a trustworthy source. In most cases, the term refers to attempts to trick users into providing sensitive information in response to a fraudulent email or web page. However, the term is also used to describe a broader category of online attacks to obtain sensitive information or to disrupt services or systems. Incorporating different machine learning and deep learning algorithms, including Support Vector Machine (SVM), Gradient Boosting Machine (GBM), and random forest, the authors of this research presented a technique for identifying phishing websites. The data sets from PhishTank and the University of New Brunswick were used to train and test the learning models. The XGboost model was able to surpass most existing techniques by achieving a maximum accuracy of 86.8%. This technique can be used in modern web browsers like Google Chrome and Mozilla Firefox to accurately detect phishing websites.

Phishing Website Detection Based on Machine Learning Algorithm

Phishing websites utilise a variety of techniques to imitate the URL address and page content of a legitimate website in order to steal users' personal information. In this study, we analyse the structural properties of the phishing website URL, extract 12 different types of data, and train four machine learning algorithms. Then, in order to identify unknown URLs, utilise the method that performed the best as our model. The recommendation of the original regular web page of the phishing web page is implemented after a snapshot of the web page is extracted and compared with the regular web page snapshot.

A Deep Learning-Based Innovative Technique for Phishing Detection in Modern Security with Uniform Resource Locators.

Organizations and individuals worldwide are becoming increasingly vulnerable to cyberattacks as phishing continues to grow and the number of phishing websites grows. As a result, improved cyber defense necessitates more effective phishing detection (PD). In this paper, we introduce a novel method for detecting phishing sites with high accuracy. Our approach utilizes a Convolution Neural Network (CNN)-based model for precise classification that effectively distinguishes legitimate websites from phishing websites. We evaluate the performance of our model on the PhishTank dataset, which is a widely used dataset for detecting phishing websites based solely on Uniform Resource Locators (URL) features. Our approach presents a unique contribution to the field of phishing detection by achieving high accuracy rates and outperforming previous state-of-the-art models. Experiment results revealed that our proposed method performs well in terms of accuracy and its false-positive rate. We created a real data set by crawling 10,000 phishing URLs from PhishTank and 10,000 legitimate websites and then ran experiments using standard evaluation metrics on the data sets. This approach is founded on integrated and deep learning (DL). The CNN-based model can distinguish phishing websites from legitimate websites with a high degree of accuracy. When binary-categorical loss and the Adam optimizer are used, the accuracy of the k-nearest neighbors (KNN), Natural Language Processing (NLP), Recurrent Neural Network (RNN), and Random Forest (RF) models is 87%, 97.98%, 97.4% and 94.26%, respectively, in contrast to previous publications. Our model outperformed previous works due to several factors, including the use of more layers and larger training sizes, and the extraction of additional features from the PhishTank dataset. Specifically, our proposed model comprises seven layers, starting with the input layer and progressing to the seventh, which incorporates a layer with pooling, convolutional, linear 1 and 2, and linear six layers as the output layers. These design choices contribute to the high accuracy of our model, which achieved a 98.77% accuracy rate.

Phishing Website Detection using Machine Learning Rules with Cryptography Technique

Phishing, a type of cybersecurity attack aimed at stealing personal information like passwords and credit card numbers, can be mitigated through the use of machine learning techniques for detecting phishing websites. In response, cybersecurity experts are actively seeking reliable and robust detection techniques to identify phishing websites. This research paper focuses on the implementation of machine learning technology for detecting phishing URLs by extracting and analyzing various features from both legitimate and phishing URLs. Support Vector Machine algorithms are employed for this purpose, to identify the most effective algorithm based on accuracy rate, false positive rate, and false negative rate, to enhance phishing detection measures. Cryptography Technique like the RSA algorithm is used to secure encryption method to encrypt the user search data before being stored on the server. The paper further discusses the reasons why ensemble machine learning methods are well-suited for binary phishing classification challenges in real-time detection scenarios, underscoring their efficacy in anti-phishing techniques.

A Review on Phishing Website Detection Using Machine Learning Approach

Phishing attacks are a rapidly growing threat in the cyber world. Every person is truly dependent on the internet. Everyone is doing online purchasing and online activities like online banking, online booking, and online billing on the internet. Phishing is a type of threat on a website and phishing is the illegal use of real information on the website information such as login id, password, information of credit card. Phishers use websites that visually and semantically resemble real websites. How can someone tell the difference between a website that is a phishing website and a real website? The identification of a website as a phishing website depends on several factors such as URL length, including the special letter '@', double slash redirect, and the existence of subdomains. Although the above factors are present on the website, no one can claim that the website is a phishing website, it can also be an original website. For solving this type of problem we can use the machine learning algorithm. The review creates phishing attack alerts, detects the attack, and motivate readers to use phishing prevention. With a large number of phishing emails or messages coming today, it is for businesses or individuals impossible to find them.

Phishing Website Detection Using Deep Learning and Machine Learning

Phishing Website Detection Using Deep Learning and Machine Learning

Intelligent phishing website detection using machine learning

Intelligent phishing website detection using machine learning

Comparison of Logistic Regression and Random Forest using Correlation-based Feature Selection for Phishing Website Detection

The world is currently experiencing mass developments in information technology, especially during the current pandemic, which requires all of us to learn and even work online. They are triggered much crime in the internet world. One of them is stealing internet user data through a fake website built like the original or called a phishing website. In this research , a classification model is needed to detect phishing websites using the best performance from one of the logistic regression and random forest classification algorithms to overcome the rise of phishing websites in cyberspace. Classification performance can be improved using the correlation-based feature selection (CFS) method to select the most influential attribute in detecting web phishing . Based on the test results, applying the logistic regression and random forest classification algorithm in the classification of web phishing resulted in an accuracy of 93.035% and 96.834%. After feature selection with CFS, the accuracy was 92.718% and 97.015%, respectively. On the Testing, There was an increase in accuracy in RandomForest by 0.181% and an insignificant decrease in logistic regression. The test results prove that feature selection with CFS can eliminate redundant attributes and the resulting classification algorithm accuracy is not much different when the details are complete and Random Forest has accuracy better than after using CSF . Keywords : website phis h ing, classification, logistic regression, random forest, correlation-based

An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders

AbstractPhishing attacks have become one of the powerful sources for cyber criminals to impose various forms of security attacks in which fake website Uniform Resource Locators (URL) are circulated around the Internet community in the form of email, messages etc., in order to deceive users, resulting in the loss of their valuable assets. The phishing URLs are predicted using several blacklist‐based traditional phishing website detection techniques. However, numerous phishing websites are frequently constructed and launched on the Internet over time; these blacklist‐based traditional methods do not accurately predict most phishing websites. In order to effectively identify malicious URLs, an enhanced deep learning‐based phishing detection approach has been proposed by integrating the strength of Variational Autoencoders (VAE) and deep neural networks (DNN). In the proposed framework, the inherent features of a raw URL are automatically extracted by the VAE model by reconstructing the original input URL to enhance phishing URL detection. For experimentation, around 1 lakh URLs were crawled from two publicly available datasets, namely ISCX‐URL‐2016 dataset and Kaggle dataset. The experimental results suggested that the proposed model has reached a maximum accuracy of 97.45% and exhibits a quicker response time of 1.9 s, which is better when compared to all the other experimented models.

A Novel Phishing Website Detection Model Based on LightGBM and Domain Name Features

Phishing attacks have evolved in terms of sophistication and have increased in sheer number in recent years. This has led to corresponding developments in the methods used to evade the detection of phishing attacks, which pose daunting challenges to the privacy and security of the users of smart systems. This study uses LightGBM and features of the domain name to propose a machine-learning-based method to identify phishing websites and maintain the security of smart systems. Domain name features, often known as symmetry, are the property wherein multiple domain-name-generation algorithms remain constant. The proposed model of detection is first used to extract features of the domain name of the given website, including character-level features and information on the domain name. The features are filtered to improve the model’s accuracy and are subsequently used for classification. The results of experimental comparisons showed that the proposed model of detection, which integrates two types of features for training, significantly outperforms the model that uses a single type of feature. The proposed method also has a higher detection accuracy than other methods and is suitable for the real-time detection of many phishing websites.

PhiKitA: Phishing Kit Attacks Dataset for Phishing Websites Identification

Recent studies have shown that phishers are using phishing kits to deploy phishing attacks faster, easier and more massive. Detecting phishing kits in deployed websites might help to detect phishing campaigns earlier. To the best of our knowledge, there are no datasets providing a set of phishing kits that are used in websites that were attacked by phishing. In this work, we propose PhiKitA, a novel dataset that contains phishing kits and also phishing websites generated using these kits. We have applied MD5 hashes, fingerprints, and graph representation DOM algorithms to obtain baseline results in PhiKitA in three experiments: familiarity analysis of phishing kit samples, phishing website detection and identifying the source of a phishing website. In the familiarity analysis, we find evidence of different types of phishing kits and a small phishing campaign. In the binary classification problem for phishing detection, the graph representation algorithm achieved an accuracy of 92.50%, showing that the phishing kit data contain useful information to classify phishing. Finally, the MD5 hash representation obtained a 39.54% F1 score, which means that this algorithm does not extract enough information to distinguish phishing websites and their phishing kit sources properly.