Phishing Attacks Detection A Machine Learning-Based Approach

Phishing attacks are one of the most common social engineering attacks targeting users’ emails to fraudulently steal confidential and sensitive information. They can be used as a part of more massive attacks launched to gain a foothold in corporate or government networks. Over the last decade, a number of anti-phishing techniques have been proposed to detect and mitigate these attacks. However, they are still inefficient and inaccurate. Thus, there is a great need for efficient and accurate detection techniques to cope with these attacks. In this paper, we proposed a phishing attack detection technique based on machine learning. We collected and analyzed more than 4000 phishing emails targeting the email service of the University of North Dakota. We modeled these attacks by selecting 10 relevant features and building a large dataset. This dataset was used to train, validate, and test the machine learning algorithms. For performance evaluation, four metrics have been used, namely probability of detection, probability of miss-detection, probability of false alarm, and accuracy. The experimental results show that better detection can be achieved using an artificial neural network.

[1]  Saruladha Krishnamurthy,et al.  Information Retrieval Models: Trends and Techniques , 2017 .

[2]  Naima Kaabouch,et al.  A Novel Jamming Attacks Detection Approach Based on Machine Learning for Wireless Communication , 2020, 2020 International Conference on Information Networking (ICOIN).

[3]  Konstantinos E. Psannis,et al.  Defending against phishing attacks: taxonomy of methods, current issues and future directions , 2017, Telecommunication Systems.

[4]  N. Mohan Krishna Varma,et al.  Review on Supervised Learning Techniques , 2020 .

[5]  Naima Kaabouch,et al.  Security threats, detection, and countermeasures for physical layer in cognitive radio networks: A survey , 2020, Phys. Commun..

[6]  Jayaprakash Kar,et al.  Public Key Infrastructure: A Survey , 2015 .

[7]  Yuji Suga SSL/TLS Servers Status Survey about Enabling Forward Secrecy , 2014, 2014 17th International Conference on Network-Based Information Systems.

[8]  Jinghui Qin,et al.  Phishing URL Detection via CNN and Attention-Based Hierarchical RNN , 2019, 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[9]  William K. Robertson,et al.  Surveylance: Automatically Detecting Online Survey Scams , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[10]  Yada Zhu,et al.  Social Engineering/Phishing , 2014, Encyclopedia of Social Network Analysis and Mining.

[11]  T. L. McCluskey,et al.  Intelligent rule-based phishing websites classification , 2014, IET Inf. Secur..

[12]  Nafiz Arica,et al.  A comparison of activation functions in artificial neural networks , 2018, 2018 26th Signal Processing and Communications Applications Conference (SIU).

[13]  Jiwon Hong,et al.  Phishing URL Detection with Lexical Features and Blacklisted Domains , 2020, Adaptive Autonomous Secure Cyber Systems.

[14]  Naima Kaabouch,et al.  Social Engineering Attacks: A Survey , 2019, Future Internet.

[15]  Ali Yazdian Varjani,et al.  New rule-based phishing detection method , 2016, Expert Syst. Appl..

[16]  Ilango Krishnamurthi,et al.  An efficacious method for detecting phishing webpages through target domain identification , 2014, Decis. Support Syst..