1,335 research outputs found
A Survey of Website Phishing Detection Techniques
This article surveys the literature on website phishing detection. Web Phishing lures the user to interact with the fake website. The main objective of this attack is to steal the sensitive information from the user. The attacker creates similar website that looks like original website. It allows attacker to obtain sensitive information such as username, password, credit card details etc. This paper aims to survey many of the recently proposed website phishing detection techniques. A high-level overview of various types of phishing detection techniques is also presented
High Accuracy Phishing Detection Based on Convolutional Neural Networks
The persistent growth in phishing and the rising volume of phishing websites has led to individuals and organizations worldwide becoming increasingly exposed to various cyber-attacks. Consequently, more effective phishing detection is required for improved cyber defence. Hence, in this paper we present a deep learning-based approach to enable high accuracy detection of phishing sites. The proposed approach utilizes convolutional neural networks (CNN) for high accuracy classification to distinguish genuine sites from phishing sites. We evaluate the models using a dataset obtained from 6,157 genuine and 4,898 phishing websites. Based on the results of extensive experiments, our CNN based models proved to be highly effective in detecting unknown phishing sites. Furthermore, the CNN based approach performed better than traditional machine learning classifiers evaluated on the same dataset, reaching 98.2% phishing detection rate with an F1-score of 0.976. The method presented in this pa-per compares favourably to the state-of-the art in deep learning based phishing website detection
Effect of Metacognition on Phishing Detection: Mediating Role of Situational Awareness
The Internet Crime Report by the Federal Bureau of Investigation states that the number of internet crime compliant reaches about half a million cases with reported loss exceeding 3.5 billion dollars in the year 2019 in the United States (US). Phishing attack or phishing scheme is one of the classes of internet crime. Phishing attack is broadly defined by unsolicited email, text, and telephone calls from imposter individual or business firm. Among all the reported cyberattack types in 2019 in the US, phishing scheme has the highest number of victims. According to the Federal Trade Commission, scammers carry phishing attacks primarily to steal internet user credentials, financial information, and social security information from the victims. The phishing attack victims report a loss totaling 57 million dollars in 2019 in the US. Thus, preventing this attack can reduce significant damage. Extant research on phishing attack prevention can be classified into two streams– focusing on the technological factor in phishing detection and focusing on the human factor in phishing detection. The technical stream deals with developing efficient automatic phishing detection systems by using algorithmic approaches and providing effective mitigation techniques after the detection. However, these techniques are effective when the phishing attack is not highly targeted. Focusing on the human factor is critical in phishing detection because human can deal with unique scenarios. When an attack reaches a user, then the user needs to safeguard themselves. The human factor stream of phishing detection deals with finding the reasons why technology users are susceptible to a phishing attack and making the users aware through training and communication to increase the likelihood of phishing detection at the users’ side. Researches find that cybercriminals use persuasion techniques, emergency, and social pressure to attack the users. The user training and awareness studies investigate various approaches such as service policy, warning messages, educational notices, and mindfulness. Metacognitive knowledge, a psychological construct, usually deals with an individual’s deeper thought process in any complex and dynamic decision-making environment. Existing literature provides little evidence on how metacognitive knowledge can be beneficial in the phishing detection by human. Thus, an extension of the current literature is to investigate the impact of metacognition in phishing detection. Metacognitive knowledge is vital in the context of phishing detection because it can make the users more aware of the threat. There are three main aspects of metacognitive knowledge, namely declarative knowledge, procedural knowledge, and conditional knowledge, and all these three impacts situational awareness. Situational awareness (SA) is defined by the perception about the environment, comprehension about the scenario, and projection about the future consequences. SA plays a crucial role in phishing because of the individual’s need to assess the vulnerability and decide based on the situation. According to the Situational Awareness Theory (SAT), individual factors are antecedents of SA, and situational decision is a consequence of SA. Using SAT, we argue that an individual’s level of metacognitive knowledge impacts phishing detection through the mediating role of situational awareness
VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
Phishing websites are still a major threat in today's Internet ecosystem.
Despite numerous previous efforts, similarity-based detection methods do not
offer sufficient protection for the trusted websites - in particular against
unseen phishing pages. This paper contributes VisualPhishNet, a new
similarity-based phishing detection framework, based on a triplet Convolutional
Neural Network (CNN). VisualPhishNet learns profiles for websites in order to
detect phishing websites by a similarity metric that can generalize to pages
with new visual appearances. We furthermore present VisualPhish, the largest
dataset to date that facilitates visual phishing detection in an ecologically
valid manner. We show that our method outperforms previous visual similarity
phishing detection approaches by a large margin while being robust against a
range of evasion attacks
Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions
This work was supported in part by the Ministry of Higher Education under the Fundamental Research Grant Scheme under Grant FRGS/1/2018/ICT04/UTM/01/1; and in part by the Faculty of Informatics and Management, University of Hradec Kralove, through SPEV project under Grant 2102/2022.Phishing has become an increasing concern and captured the attention of end-users as well
as security experts. Existing phishing detection techniques still suffer from the de ciency in performance
accuracy and inability to detect unknown attacks despite decades of development and improvement.
Motivated to solve these problems, many researchers in the cybersecurity domain have shifted their attention
to phishing detection that capitalizes on machine learning techniques. Deep learning has emerged as a branch
of machine learning that becomes a promising solution for phishing detection in recent years. As a result,
this study proposes a taxonomy of deep learning algorithm for phishing detection by examining 81 selected
papers using a systematic literature review approach. The paper rst introduces the concept of phishing and
deep learning in the context of cybersecurity. Then, taxonomies of phishing detection and deep learning
algorithm are provided to classify the existing literature into various categories. Next, taking the proposed
taxonomy as a baseline, this study comprehensively reviews the state-of-the-art deep learning techniques
and analyzes their advantages as well as disadvantages. Subsequently, the paper discusses various issues
that deep learning faces in phishing detection and proposes future research directions to overcome these
challenges. Finally, an empirical analysis is conducted to evaluate the performance of various deep learning
techniques in a practical context, and to highlight the related issues that motivate researchers in their future
works. The results obtained from the empirical experiment showed that the common issues among most of
the state-of-the-art deep learning algorithms are manual parameter-tuning, long training time, and de cient
detection accuracy.Ministry of Higher Education under the Fundamental Research Grant Scheme FRGS/1/2018/ICT04/UTM/01/1Faculty of Informatics and Management, University of Hradec Kralove, through SPEV project 2102/202
HTMLPhish: Enabling Phishing Web Page Detection by Applying Deep Learning Techniques on HTML Analysis
Recently, the development and implementation of phishing attacks require little technical skills and costs. This uprising has led to an ever-growing number of phishing attacks on the World Wide Web. Consequently, proactive techniques to fight phishing attacks have become extremely necessary. In this paper, we propose HTMLPhish, a deep learning based datadriven end-to-end automatic phishing web page classification approach. Specifically, HTMLPhish receives the content of the HTML document of a web page and employs Convolutional Neural Networks (CNNs) to learn the semantic dependencies in the textual contents of the HTML. The CNNs learn appropriate feature representations from the HTML document embeddings without extensive manual feature engineering. Furthermore, our proposed approach of the concatenation of the word and character embeddings allows our model to manage new features and ensure easy extrapolation to test data. We conduct comprehensive experiments on a dataset of more than 50,000 HTML documents that provides a distribution of phishing to benign web pages obtainable in the real-world that yields over 93% Accuracy and True Positive Rate. Also, HTMLPhish is a completely language-independent and client-side strategy which can, therefore, conduct web page phishing detection regardless of the textual language
Design of Automated Website Phishing Detection using Sequential Mechanism of RCL Algorithm
The phishing outbreaks in internet has become a major problem in web safety in recent years. The phishers will be stealing crucial economic data regarding the web user to perform economic break-in. In order to predict phishing websites, many blacklist-based phishing website recognition methods are used in this study. Traditional methods of detecting phishing websites rely on static features and rule-based schemes, which can be evaded by attackers. Recently, Deep Learning (DL) and Machine Learning (ML) models are employed for automated website phishing detection. With this motivation, this study develops an automated website phishing detection using the sequential mechanism of RCL algorithm. The proposed model employs Long-Short-Term Memory (LSTM), Convolutional Neural Network (CNN), and Random Forest (RF) models for the detection of attacks in the URLs and webpages by the similarity measurement of the decoy contents. The proposed model involves three major components namely, RF for URL phishing detection, CNN based phishing webpage detection, and LSTM based website classification (i.e., legitimate and phishing). The experimental result analysis of the RCL technique is tested on the benchmark dataset of Alexa and PhishTank. A comprehensive comparison study highlighted that the RCL algorithm accomplishes enhanced phishing detection performance over other existing techniques in terms of distinct evaluation metrics
- …