Abstract
In recent years, security incidents of website occur increasingly frequently, and this motivates us to study websites’ security. Although there are many phishing detection approaches to detect phishing websites, the detection accuracy has not been desirable. In this paper, we propose a novel phishing detection model based on a novel neural network classification method. This detection model can achieve high accu-racy and has good generalization ability by design risk minimization principle. Furthermore, the training process of the novel detection model is simple and stable by Monte Carlo algorithm. Based on testing of a set of phishing and benign websites, we have noted that this novel phishing detection model achieves the best Accuracy, True-positive rate (TPR), False-positive rate (FPR), Precision, Recall, F-measure and Matthews Correlation Coefficient (MCC) comparable to other models as Naive Bayes (NB), Logistic Regression(LR), K-Nearest Neighbor (KNN), Decision Tree (DT), Linear Support Vector Machine (LSVM), Radial-Basis Support Vector Machine (RSVM) and Linear Discriminant Analysis (LDA). Furthermore, based upon experiments, we find that the proposed detection model can achieve a high Accuracy of 97.71% and a low FPR of 1.7%. It indicates that the proposed detection model is promising and can be effectively applied to phishing detection.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdelhamid N, Ayesh A, Thabtah F (2014) Phishing detection based associative classification data mining. Expert Syst Appl 41(13):5948–5959
APWG (2017) Global phishing survey: domain name use and trends in 2016. https://apwg.org/apwg-news-center/. Accessed 12 Dec 2017
Baslyman M, Chiasson S (2016) “smells phishy”? An educational game about online phishing scams. In: Apwg Symposium on Electronic Crime Research, pp 1–11
Cao Y, Han W, Le Y (2008) Anti-phishing based on automated individual white-list. In: The Workshop on Digital Identity Management, pp 51–60
Chang EH, Kang LC, Sze SN, Wei KT (2013) Phishing detection via identification of website identity. In: International Conference on It Convergence and Security, pp 1–4
Chen H, Zhao H, Shen J, Zhou R, Zhou Q (2015) Supervised machine learning model for high dimensional gene data in colon cancer detection. In: IEEE International Congress on Big Data, pp 134–141
Dhamija R, Tygar JD (2005) The battle against phishing: dynamic security skins. Symposium on Usable Privacy and Security, SOUPS 2005. Pittsburgh, Pennsylvania, USA, pp 77–88
Dunlop M, Groat S, Shelly D (2010) Goldphish: Using images for content-based phishing analysis. In: International Conference on Internet Monitoring and Protection, pp 123–128
El-Alfy ESM (2017) Detection of phishing websites based on probabilistic neural networks and k-medoids clustering. Comput J 60(12):1745–1759
Gastellier-Prevost S, Granadillo GG, Laurent M (2011) Decisive heuristics to differentiate legitimate from phishing sites. In: Network and Information Systems Security, pp 1–9
Hadi W, Aburub F, Alhawari S (2016) A new fast associative classification algorithm for detecting phishing websites. Elsevier Science Publishers B. V
Hagan, Martin T, Demuth, Howard B, Beale, Mark (1996) Neural network design (4):357
Hanbay D, Kaytan M (2017) Effective classification of phishing web pages based on new rules by using extreme learning machines. Anatolian J Comput Sci 2:15–36
Huh JH, Kim H (2011) Phishing detection with popular search engines: simple and effective. In: Foundations and Practice of Security—Canada–France Mitacs Workshop, Fps 2011, Paris, France, May 12–13, 2011, Revised Selected Papers, pp 194–207
Jain AK, Gupta BB (2017) Phishing detection: Analysis of visual similarity based approaches 2017(4):1–20
Jain AK, Gupta BB (2017b) Two-level authentication approach to protect from phishing attacks in real time. J Ambient Intell Hum Comput 1–14
Kang LC, Chang EH, Sze SN, Wei KT (2015) Utilisation of website logo for phishing detection. Comput Secur 54:16–26
Kumaraguru P, Cranshaw J, Acquisti A, Cranor L, Hong J, Blair MA, Pham T (2009) School of phish: a real-world evaluation of anti-phishing training. In: Symposium on Usable Privacy and Security, pp 1–12
Lam IF, Xiao WC, Wang SC, Chen KT (2009) Counteracting phishing page polymorphism: An image layout analysis approach. In: Advances in Information Security and Assurance, Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25–27, 2009. Proceedings, pp 270–279
Lee JL, hyun Kim D, Chang-Hoon, Lee (2015) Heuristic-based approach for phishing site detection using url features
Lee LH, Lee KC, Chen HH, Tseng YH (2014) Poster: Proactive blacklist update for anti-phishing. In: ACM Sigsac Conference on Computer and Communications Security, pp 1448–1450
Liu W, Huang G, Liu X, Min Z, Deng X (2005) Detection of phishing webpages based on visual similarity. In: Special Interest Tracks and Posters of the International Conference on World Wide Web, pp 1060–1061
Liu W, Fang N, Quan X, Qiu B, Liu G (2010) Discovering phishing target based on semantic link network. Future Gener Comput Syst 26(3):381–388
Lungu I, Tabusca A (2010) Optimizing anti-phishing solutions based on user awareness, education and the use of the latest web security solutions. Inf Econ J 14(2):27–36
Ma J, Saul LK, Savage S, Voelker GM (2009a) Beyond blacklists: learning to detect malicious web sites from suspicious urls. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Paris, France, June 28–July, pp 1245–1254
Ma J, Saul LK, Savage S, Voelker GM (2009b) Identifying suspicious urls: an application of large-scale online learning. In: International Conference on Machine Learning, pp 681–688
Mao J, Li P, Li K, Wei T, Liang Z (2013) Baitalarm: Detecting phishing sites using similarity in fundamental visual features. In: International Conference on Intelligent NETWORKING and Collaborative Systems, pp 790–795
Medvet E, Kirda E, Kruegel C (2008) Visual-similarity-based phishing detection. In: International Conference on Security and Privacy in Communication Netowrks, pp 1–6
Miyamoto D, Hazeyama H, Kadobayashi Y (2009) An evaluation of machine learning-based methods for detection of phishing sites. In: Advances in Neuro-Information Processing, International Conference, ICONIP 2008, Auckland, New Zealand, November 25-28, 2008, Revised Selected Papers, pp 539–546
Mohammad RM, Thabtah F, Mccluskey L (2013) An assessment of features related to phishing websites using an automated technique. In: Internet Technology And Secured Transactions, 2012 International Conference for, pp 492–497
Mohammad RM, Thabtah F, Mccluskey L (2014) Predicting phishing websites based on self-structuring neural network. Neural Comput Appl 25(2):443–458
NSFOCUS (2017) The second part of “phishing forum”: Phishing risk (the losses brought with phishing attack). http://blog.nsfocus.net/phishing-attack-risk/. Accessed 12 Dec 2017
Pan Y, Ding X (2006) Anomaly based web phishing page detection. In: Computer Security Applications Conference, 2006. ACSAC ’06., pp 381–392
Prakash P, Kumar M, Kompella RR, Gupta M (2010) Phishnet: Predictive blacklisting to detect phishing attacks. In: IEEE INFOCOM, pp 1–5
R Mohammad TM FA Thabtah (2017) UCI machine learning repository. http://archive.ics.uci.edu/ml. Accessed 12 Dec 2017
Ramesh G, Krishnamurthi I, Kumar KSS (2014) An efficacious method for detecting phishing webpages through target domain identification. Decis Support Syst 61(5):12–22
Ryck PD, Nikiforakis N, Desmet L, Joosen W (2013) Tabshots: client-side detection of tabnabbing attacks. In: ACM Sigsac Symposium on Information, Computer and Communications Security, pp 447–456
Seifert C, Welch I, Komisarczuk P (2008) Identification of malicious web pages with static heuristics. In: Telecommunication Networks and Applications Conference, 2008. ATNAC 2008. Australasian, pp 91–96
Social WA (2017) Digital in 2017: Global overview. https://wearesocial.com/special-reports/digital-in-2017-global-overview. Accessed 12 Dec 2017
Tan CL, Kang LC, Wong KS, Sze SN (2016) Phishwho: Phishing webpage detection via identity keywords extraction and target domain name finder. Decis Support Syst 88:18–27
Thabtah F, Mohammad RM, Mccluskey L (2016) A dynamic self-structuring neural network model to combat phishing. In: International Joint Conference on Neural Networks, pp 4221–4226
Tseng SS, Chen KY, Lee TJ, Weng JF (2011) Automatic content generation for anti-phishing education game. In: International Conference on Electrical and Control Engineering, pp 6390–6394
Varshney G, Misra M, Atrey PK (2016) A phish detector using lightweight search features. Comput Secur 62:213–228
Xiang G, Hong JI (2009) A hybrid phish detection approach by identity discovery and keywords retrieval. In: International Conference on World Wide Web, WWW 2009. Spain, April, Madrid, pp 571–580
Xiang G, Hong J, Rose CP, Cranor L (2011) Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Trans Inf Syst Secur 14(2):1–28
Yong B, Xu Z, Shen J, Chen H, Tian Y, Zhou Q (2017) Neural network model with monte carlo algorithm for electricity demand forecasting in queensland. In: Australasian Computer Science Week Multiconference, p 47
Zhang N, Yuan Y (2013) Phishing detection using neural network
Zhang Y, Hong JI, Cranor LF (2007) Cantina: a content-based approach to detecting phishing web sites. International Conference on World Wide Web, WWW 2007. Banff, Alberta, Canada, May, pp 639–648
Zhao H (2016) General vector machine
Zhou Q, Chen H, Zhao H, Zhang G, Yong J, Shen J (2016) A local field correlated and monte carlo based shallow neural network model for nonlinear time series prediction 3(8):151634
Acknowledgements
This work was supported by National Natural Science Foundation of China under Grant nos. 6140-2210 and 60973137, State Grid Corporation Science and Technology Project under Grant No. SGGSKY00FJJS1700-302, Program for New Century Excellent Talents in University under Grant no. NCET-12-0250, Major National Project of High Resolution Earth Observation System under Grant no. 30-Y20A34-9010-15/17, Strategic Priority Research Program of the Chinese Academy of Sciences with Grant no. XDA03030100, Google Research Awards and Goo-gle Faculty Award.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Feng, F., Zhou, Q., Shen, Z. et al. The application of a novel neural network in the detection of phishing websites. J Ambient Intell Human Comput 15, 1865–1879 (2024). https://doi.org/10.1007/s12652-018-0786-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-0786-3