Hybrid Approach for Phishing Website Detection Using Classification Algorithms

  • Mukta Mithra Raj Birla Institute of Technology and Science Pilani, United Arab Emirates
  • J. Angel Arul Jothi Birla Institute of Technology and Science Pilani, United Arab Emirates
Keywords: URL Features, Data Mining, Machine Learning, Hybrid Classification Algorithms, Phishing Website Detection

Abstract

The internet has significantly altered how we work and interact with one another.Statistics show 63.1 % of the present world population are internet users. This clearly indicates how heavily man is dependent on digital media. Digital media users are on the rise and so is the incidence of  cyber crimes. People who lack experience and knowledge are more vulnerable and susceptible to phishing scams.The victims experience severe consequences as their personal credentials are at stake. Phishers use publicly available sources to acquire details about the victim's professional and personal history.Countermeasures must be implemented with the highest priority. Detection of malicious websites can significantly reduce the risk of phishing attempts.In this research, a highly accurate website phishing detection method based on URL features is proposed. We investigated eight existing machine learning classification techniques for this, including extreme gradient boosting (XGBoost), random forest (RF), adaptive boosting (AdaBoost), decision trees (DT), K-nearest neighbors (KNN), support vector machines (SVM), logistic regression and naïve bayes (NB) to detect malicious websites.The results show that XGboost had the best accuracy  with a score of 96.71%, followed by random forest and AdaBoost.We further experimented with various hybrid combinations of the top three classifiers and observed that XGboost-Random Forest hybrid algorithms produced the best results.The hybrid model classified the websites as legitimate or phishing with an accuracy of 97.07%.

Downloads

Download data is not yet available.

References

J. Fruhlinger, “What is phishing? Examples, types, and techniques.” https://www.csoonline.com/article/2117843/what-is-phishing-examples-types-and-techniques.html, 2022.

IBM, “Cost of a data breach report 2021.” https://www.dataendure.com/wp-content/uploads/2021_Cost_of_a_Data_Breach_-2.pdf, 2021.

J. Gu and H. Xu, “An ensemble method for phishing websites detection based on XGBoost,” in 2022 14th international conference on computer research and development (ICCRD), 2022, pp. 214–219.

A. Maini, N. Kakwani, B. Ranjitha, M. Shreya, and R. Bharathi, “Improving the performance of semantic-based phishing detection system through ensemble learning method,” in 2021 IEEE mysore sub section international conference (MysuruCon), 2021, pp. 463–469.

A. Pandey, N. Gill, K. Sai Prasad Nadendla, and I. S. Thaseen, “Identification of phishing attack in websites using random forest-svm hybrid model,” in International conference on intelligent systems design and applications, 2018, pp. 120–128.

A. Ramana, K. L. Rao, and R. S. Rao, “Stop-phish: An intelligent phishing detection method using feature selection ensemble,” Social Network Analysis and Mining, vol. 11, no. 1, pp. 1–9, 2021.

H. Abusaimeh and Y. Alshareef, “Detecting the phishing website with the highest accuracy,” TEM Journal, vol. 10, pp. 947–953, 2021.

N. Tabassum, F. F. Neha, M. S. Hossain, and H. S. Narman, “A hybrid machine learning based phishing website detection technique through dimensionality reduction,” in 2021 IEEE international black sea conference on communications and networking (BlackSeaCom), 2021, pp. 1–6.

A. Lakshmanarao, P. S. P. Rao, and M. B. Krishna, “Phishing website detection using novel machine learning fusion approach,” in 2021 international conference on artificial intelligence and smart systems (ICAIS), 2021, pp. 1164–1169.

A. Subasi and E. Kremic, “Comparison of adaboost with multiboosting for phishing website detection,” Procedia Computer Science, vol. 168, pp. 272–278, 2020.

A. Zamir et al., “Phishing web site detection using diverse machine learning algorithms,” The Electronic Library, vol. 38, no. 1, pp. 65–80, 2020.

L. R. Kalabarige, R. S. Rao, A. Abraham, and L. A. Gabralla, “Multilayer stacked ensemble learning model to detect phishing websites,” IEEE Access, vol. 10, pp. 79543–79552, 2022.

A. Makkar, N. Kumar, L. Sama, S. Mishra, and Y. Samdani, “An intelligent phishing detection scheme using machine learning,” in Proceedings of the sixth international conference on mathematics and computing, 2021, pp. 151–165.

R. Yang, K. Zheng, B. Wu, C. Wu, and X. Wang, “Phishing website detection based on deep convolutional neural network and random forest ensemble learning,” Sensors, vol. 21, no. 24, p. 8281, 2021.

M. Al-Sarem et al., “An optimized stacking ensemble model for phishing websites detection,” Electronics, vol. 10, no. 11, p. 1285, 2021.

P. L. Indrasiri, M. N. Halgamuge, and A. Mohammad, “Robust ensemble machine learning model for filtering phishing URLs: Expandable random gradient stacked voting classifier (ERG-SVC),” IEEE Access, vol. 9, pp. 150142–150161, 2021.

M. Alsaedi, F. A. Ghaleb, F. Saeed, J. Ahmad, and M. Alasli, “Cyber threat intelligence-based malicious URL detection model using ensemble learning,” Sensors, vol. 22, no. 9, p. 3373, 2022.

M. Korkmaz, O. K. Sahingoz, and B. Diri, “Detection of phishing websites by using machine learning-based URL analysis,” in 2020 11th international conference on computing, communication and networking technologies (ICCCNT), 2020, pp. 1–7.

A. B. Shaik and S. Srinivasan, “A brief survey on random forest ensembles in classification model,” in International conference on innovative computing and communications, 2019, pp. 253–260.

R. R. Popat and J. Chaudhary, “A survey on credit card fraud detection using machine learning,” in 2018 2nd international conference on trends in electronics and informatics (ICOEI), 2018, pp. 1120–1125.

E. Bujokas, “Feature importance in decision trees.” https://towardsdatascience.com/feature-importance-in-decision-trees-e9450120b445, 2022.

Published
2022-12-20
How to Cite
[1]
M. M. Raj and J. A. Arul Jothi, “Hybrid Approach for Phishing Website Detection Using Classification Algorithms”, paradigmplus, vol. 3, no. 3, pp. 16-29, Dec. 2022.
Section
Articles