Towards a Multi-Layered Phishing Detection

Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.

[1]  Tarrah R. Glass-Vanderlan,et al.  A Survey of Intrusion Detection Systems Leveraging Host Data , 2018, ACM Comput. Surv..

[2]  Fadi A. Thabtah,et al.  Intelligent phishing detection system for e-banking using fuzzy data mining , 2010, Expert Syst. Appl..

[3]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[4]  Mohamad Monzer,et al.  Model based rules generation for Intrusion Detection System for industrial systems * , 2019, 2019 International Conference on Control, Automation and Diagnosis (ICCAD).

[5]  Rakesh M. Verma,et al.  Catching Classical and Hijack-Based Phishing Attacks , 2014, ICISS.

[6]  Reza Shokri,et al.  Machine Learning with Membership Privacy using Adversarial Regularization , 2018, CCS.

[7]  Baojiang Cui,et al.  Learning URL Embedding for Malicious Website Detection , 2020, IEEE Transactions on Industrial Informatics.

[8]  Jugal K. Kalita,et al.  A multi-step outlier-based anomaly detection approach to network-wide traffic , 2016, Inf. Sci..

[9]  Tommy Chin,et al.  A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection , 2019, IEEE Access.

[10]  Ting Yu,et al.  A Survey on Malicious Domains Detection through DNS Data Analysis , 2018, ACM Comput. Surv..

[11]  Zoheir A. Sabeur,et al.  Large Scale Surveillance, Detection and Alerts Information Management System for Critical Infrastructure , 2017, ISESS.

[12]  Gregor von Bochmann,et al.  Using URL shorteners to compare phishing and malware attacks , 2018, 2018 APWG Symposium on Electronic Crime Research (eCrime).

[13]  Rakesh M. Verma,et al.  SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective , 2019, IEEE Communications Surveys & Tutorials.

[14]  Choon Lin Tan,et al.  A new hybrid ensemble feature selection framework for machine learning-based phishing detection system , 2019, Inf. Sci..

[15]  Leyla Bilge,et al.  Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains , 2014, TSEC.

[16]  Paul D. Yoo,et al.  From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods , 2018, IEEE Communications Surveys & Tutorials.

[17]  Dawn Xiaodong Song,et al.  Lifelong Anomaly Detection Through Unlearning , 2019, CCS.

[18]  Simon Bell,et al.  An Analysis of Phishing Blacklists: Google Safe Browsing, OpenPhish, and PhishTank , 2020, ACSW.

[19]  Elijah Blessing Rajsingh,et al.  Intelligent phishing url detection using association rule mining , 2016, Human-centric Computing and Information Sciences.

[20]  Dimitris Gritzalis,et al.  Automatic Detection of Various Malicious Traffic Using Side Channel Features on TCP Packets , 2018, ESORICS.

[21]  Yanick Fratantonio,et al.  Phishing Attacks on Modern Android , 2018, CCS.

[22]  K. S. Kuppusamy,et al.  PhiDMA - A phishing detection model with multi-filter approach , 2017, J. King Saud Univ. Comput. Inf. Sci..

[23]  Ankit Kumar Jain,et al.  Phishing Detection: Analysis of Visual Similarity Based Approaches , 2017, Secur. Commun. Networks.

[24]  Ole-Christoffer Granmo,et al.  Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation , 2019, EURASIP Journal on Information Security.

[25]  Gagandeep Kaur,et al.  A Novel Machine Learning Approach to Detect Phishing Websites , 2018, 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN).

[26]  Thamar Solorio,et al.  Lexical feature based phishing URL detection using online learning , 2010, AISec '10.

[27]  Wei Wang,et al.  Web Phishing Detection Using a Deep Learning Framework , 2018, Wirel. Commun. Mob. Comput..

[28]  Fadi A. Thabtah,et al.  Phishing detection based Associative Classification data mining , 2014, Expert Syst. Appl..

[29]  Jemal H. Abawajy,et al.  Multilayer hybrid strategy for phishing email zero‐day filtering , 2017, Concurr. Comput. Pract. Exp..

[30]  Harshal Tupsamudre,et al.  Everything Is in the Name - A URL Based Approach for Phishing Detection , 2019, CSCML.

[31]  Suresh N. Mali,et al.  Security Enrichment in Intrusion Detection System Using Classifier Ensemble , 2017, J. Electr. Comput. Eng..

[32]  Elisa Bertino,et al.  E-Spion: A System-Level Intrusion Detection System for IoT Devices , 2019, AsiaCCS.

[33]  Kang-Leng Chiew,et al.  Leverage Website Favicon to Detect Phishing Websites , 2018, Secur. Commun. Networks.

[34]  Md. Rafiqul Islam,et al.  A multi-tier phishing detection and filtering approach , 2013, J. Netw. Comput. Appl..

[35]  Yaser Jararweh,et al.  An intrusion detection system for connected vehicles in smart cities , 2019, Ad Hoc Networks.

[36]  Akira Yamada,et al.  Visual similarity-based phishing detection without victim site information , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[37]  Dimitris Gritzalis,et al.  Security Busters: Web browser security vs. rogue sites , 2015, Comput. Secur..

[38]  Nauman Aslam,et al.  Detection of online phishing email using dynamic evolving neural network based on reinforcement learning , 2018, Decis. Support Syst..

[39]  Anthony Keane,et al.  Detection of DNS Based Covert Channels , 2015 .

[40]  Banu Diri,et al.  Machine learning based phishing detection from URLs , 2019, Expert Syst. Appl..

[41]  Prateek Mittal,et al.  Privacy Risks of Securing Machine Learning Models against Adversarial Examples , 2019, CCS.

[42]  Philippe Owezarski,et al.  Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge , 2012, Comput. Commun..

[43]  Zhongmin Cai,et al.  Protect sensitive sites from phishing attacks using features extractable from inaccessible phishing URLs , 2013, 2013 IEEE International Conference on Communications (ICC).

[44]  Nicklaus A. Giacobe,et al.  Application of the JDL data fusion process model for cyber security , 2010, Defense + Commercial Sensing.