Intelligent Phishing Detection Scheme Using Deep Learning Algorithms

Purpose: Phishing attacks have evolved in recent years due to high-tech-enabled economic growth worldwide. The rise in all types of fraud loss in 2019 has been attributed to the increase in deception scams and impersonation, as well as to sophisticated online attacks such as phishing. The global impact of phishing attacks will continue to intensify, and thus, a more efficient phishing detection method is required to protect online user activities. To address this need, this study focussed on the design and development of a deep learning-based phishing detection solution that leveraged the universal resource locator and website content such as images, text and frames. Design/methodology/approach: Deep learning techniques are efficient for natural language and image classification. In this study, the convolutional neural network (CNN) and the long short-term memory (LSTM) algorithm were used to build a hybrid classification model named the intelligent phishing detection system (IPDS). To build the proposed model, the CNN and LSTM classifier were trained by using 1m universal resource locators and over 10,000 images. Then, the sensitivity of the proposed model was determined by considering various factors such as the type of feature, number of misclassifications and split issues. Findings: An extensive experimental analysis was conducted to evaluate and compare the effectiveness of the IPDS in detecting phishing web pages and phishing attacks when applied to large data sets. The results showed that the model achieved an accuracy rate of 93.28% and an average detection time of 25 s. Originality/value: The hybrid approach using deep learning algorithm of both the CNN and LSTM methods was used in this research work. On the one hand, the combination of both CNN and LSTM was used to resolve the problem of a large data set and higher classifier prediction performance. Hence, combining the two methods leads to a better result with less training time for LSTM and CNN architecture, while using the image, frame and text features as a hybrid for our model detection. The hybrid features and IPDS classifier for phishing detection were the novelty of this study to the best of the authors' knowledge

An Intelligent Phishing Detection and Protection Scheme using a fusion of Images, Frames and Text

A phishing attack is one of the most common forms of cybercrime worldwide. In recent years, phishing attacks have continued to escalate in severity, frequency and impact. Globally, the attacks cause billions of dollars of losses each year. Cybercriminals use phishing for various illicit activities such as personal identity theft and fraud, and to perpetrate sophisticated corporate-level attacks against financial institutions, healthcare providers, government agencies and businesses. Several solutions using various methodologies have been proposed in the literature to counter web-phishing threats. This research work adopts a novel strategy to the detection and prevention of website phishing attacks, with a practical implementation through development towards a browser toolbar add-in. A three-fold approach to the mitigation of phishing attacks is developed. Firstly, a total of 13,000 features and 10,000 images were collected from both phishing and legitimate websites to collate a database that was used in the current work. This database has been donated to the public domain to promote further work on phishing detection within the wider research community. Secondly, a hybrid feature selection approach is adopted. This approach combines the associated elements of images, frames and text of legitimate and non-legitimate websites which can then be collectively processed by an Artificial Intelligence scheme based on the adaptive neuro-fuzzy inference system (ANFIS). Thirdly, an alternative novel approach is evaluated using two deep learning techniques, the Convoluted Neural Network (CNN) and the Long-Short Term Memory (LSTM) variant as a combined classifier called the Intelligent Phishing Detection System (IPDS). The IPDS is shown to be highly effective both in the detection of phishing attacks and in the identification of fake websites. Experimental results show that an offline approach using the ANFIS has a 98.3% accuracy with an average detection time of 30 seconds, whilst the CNN+LSTM approach has a slightly lower accuracy with an average detection rate of 25 seconds. These times are within typical times for loading a web page which makes toolbar integration into a browser a practical option for website phishing detection in real time. The results of this research are compared with previous work and demonstrates both better or similar detection performance. This is the first work that considers how best to integrate images, text and frames in a hybrid feature-based solution for a phishing detection scheme

Deep Learning with Convolutional Neural Network and Long Short-Term Memory for Phishing Detection

Phishers sometimes exploit users’ trust of a known website’s appearance by using a similar page that looks like the legitimate site. In recent times, researchers have tried to identify and classify the issues that can contribute to the detection of phishing websites. This study focuses on design and development of a deep learning based phishing detection solution that leverages the Universal Resource Locator and website content such as images and frame elements. A Convolutional Neural Network (CNN) and the Long Short-Term Memory (LSTM) algorithm were used to build a classification model. The experimental results showed that the proposed model achieved an accuracy rate of 93.28%