Abstract
Phishing is an illegal cybercrime, wherein a target gets victimized for sacrificing their personal and corporate information. It is one of the most straightforward forms of cyber-attack for hackers, as well as one of the simplest for victims to fall for. It can also provide hackers with the required information that are needed to access their targets’ personal and corporate accounts. For the past decade, machine-learning techniques have become consistent standards for classifying phishing and legitimate URLs. But deep learning algorithms have the advantage of automatic extraction of complex features and characterization of handling massive data. Considering the above-listed advantages, this work provides state-of-the-art accuracy in the detection of malicious URLs using recurrent neural networks (RNN). Unlike previous studies, which looked at online content, URLs, and traffic numbers, this work aims to focus only on the text in the URL which makes it quicker, and thereby zero-day assaults could be caught at the earliest. The RNN has been optimized so that it might be utilized on tiny devices like Mobiles, and Raspberry Pi without sacrificing the inference time.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
The datasets used or analyzed during the current study are available online for free from their corresponding authors.
Code Availability
Not applicable.
References
Adebowale MA, Lwin KT, Sanchez E, Alamgir Hossain M (2019) Intelligent web-phishing detection and protection scheme using integrated features of images, frames and text. Expert Syst Appl 115:300–313
Afroz S, Greenstadt R (2011) Phishzoo: detecting phishing websites by looking at them. In: 2011 IEEE fifth international conference on semantic computing, pp 368–375. IEEE
Aleroud A, Zhou L (2017) Phishing environments, techniques, and countermeasures: a survey. Comput Secur 68:160–196
Ali W (2017) Phishing website detection based on supervised machine learning with wrapper features selection. Int J Adv Comput Sci Appl 8(9)
Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E (2013) A survey of phishing email filtering techniques. IEEE Commun Surv Tutor 15(4):2070–2090
Anti-Phishing Working Group et al. (2020) Phishing activity trends report 3rd quarter 2020. Apwg, no. November, pp 1–12
Barraclough PA, Fehringer G, Woodward J (2021) Intelligent cyber-phishing detection for online. Comput Secur 104:102123
Bell S, Komisarczuk P (2020) An analysis of phishing blacklists: Google safe browsing, openphish, and phishtank. In: Proceedings of the Australasian computer science week multiconference, pp 1–11
Chaudhary S (2016) The use of usable security and security education to fight phishing attacks
Chiew KL, Tan CL, Wong KS, Yong KSC, Tiong WK (2019) A new hybrid ensemble feature selection framework for machine learning-based phishing detection system. Inf Sci 484:153–166
Commoncrawl. https://commoncrawl.org/ (2022). [Online]
De La Torre G, Parra PR, Choo K-KR, Beebe N (2020) Detecting internet of things attacks using distributed deep learning. J Netw Comput Appl 163:102662
Dey R, Salem FM (2017) Gate-variants of gated recurrent unit (gru) neural networks. In: 2017 IEEE 60th international midwest symposium on circuits and systems (MWSCAS), pp 1597–1600. IEEE
El-Rashidy MA (2021) A smart model for web phishing detection based on new proposed feature selection technique. Menoufia J Electron Eng Res 30(1):97–104
Gandotra E, Gupta D (2021) Improving spoofed website detection using machine learning. Cybern Syst 52(2):169–190
Graves A, Graves A (2012) Supervised sequence labelling. Springer
Gupta BB, Yadav K, Razzak I, Psannis K, Castiglione A, Chang X (2021) A novel approach for phishing urls detection using lexical based machine learning in a real-time environment. Comput Commun 175:47–57
Jansen J, Leukfeldt R (2015) How people help fraudsters steal their money: an analysis of 600 online banking fraud cases. In: 2015 workshop on socio-technical aspects in security and trust, pp 24–31. IEEE
Johnson M (2008) A new approach to internet banking. Technical report, University of Cambridge, Computer Laboratory
Lastdrager EEH (2014) Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Sci 3(1):1–10
Mohammad RM, Thabtah F, McCluskey L (2014) Predicting phishing websites based on self-structuring neural network. Neural Comput Appl 25:443–458
Odeh A, Keshta I, Abdelfattah E (2021) Phiboost-a novel phishing detection model using adaptive boosting approach. Jordan J Comput Inf Technol (JJCIT) 7(01)
Openphish. https://openphish.com/ (2022). [Online]
PhishTank. https://phishtank.org/ (2022). [Online]
Ramzan Z, Wüest C (2007) Phishing attacks: analyzing trends in 2006. In CEAS, Citeseer
Rao RS, Pais AR (2020) Two level filtering mechanism to detect phishing sites using lightweight visual similarity approach. J Ambient Intell Human Comput 11(9):3853–3872
Rao RS, Vaishnavi T, Pais AR (2020) Catchphish: detection of phishing websites by inspecting urls. J Ambient Intell Human Comput 11:813–825
Rao RS, Pais AR, Anand P (2021) A heuristic technique to detect phishing websites using twsvm classifier. Neural Comput Appl 33:5733–5752
Revoredo CM, da Silva E, Feitosa L, Garcia VC (2020) Heuristic-based strategy for phishing prediction: a survey of url-based approach. Comput Secur 88:101613
Sak H, Senior AW, Beaufays F (2014) Long short-term memory recurrent neural network architectures for large scale acoustic modeling
Tan CL, Chiew KL, Yong KSC, Abdullah J, Sebastian Y et al (2020) A graph-theoretic approach for the detection of phishing webpages. Comput Secur 95:101793
Trivedi H, Broadhurst R (2020) Malware in spam email: risks and trends in the Australian spam intelligence database. Trends Issues Crime Crim Justice [Electron Resour] 603:1–18
Ubing AA, Jasmi SKB, Abdullah A, Jhanjhi NZ, Supramaniam M (2019) Phishing website detection: an improved accuracy through feature selection and ensemble learning. Int J Adv Comput Sci Appl 10(1)
Verma R, Das A (2017) What’s in a url: fast feature extraction and malicious url detection. In: Proceedings of the 3rd ACM on international workshop on security and privacy analytics, pp 55–63
Wang W, Zhang F, Luo X, Zhang S (2019) Pdrcnn: precise phishing detection with recurrent convolutional neural networks. Secur Commun Netw 1–15:2019
Wei B, Hamad RA, Yang L, He X, Wang H, Gao B, Woo WL (2019) A deep-learning-driven light-weight phishing detection sensor. Sensors 19(19):4258
Yang L, Zhang J, Wang X, Li Z, Li Z, He Y (2021) An improved elm-based and data preprocessing integrated approach for phishing detection considering comprehensive features. Expert Syst Appl 165:113863
Yi P, Guan Y, Zou F, Yao Y, Wang W, Zhu T (2018) Web phishing detection using a deep learning framework. Wirel Commun Mobile Comput 2018
Zabihimayvan M, Doran D (2019) Fuzzy rough set feature selection to enhance phishing attack detection. In: 2019 IEEE international conference on fuzzy systems (FUZZ-IEEE), pp 1–6. IEEE
Zamir A, Khan HU, Iqbal T, Yousaf N, Aslam F, Anjum A, Hamdani M (2020) Phishing web site detection using diverse machine learning algorithms. Electron Libr 38(1):65–80
Zhu E, Yinyin J, Chen Z, Liu F, Fang X (2020) Dtof-ann: an artificial neural network phishing detection model based on decision tree and optimal features. Appl Soft Comput 95:106505
Funding
There is no funding source for this work.
Author information
Authors and Affiliations
Contributions
Both authors have equally contributed to this work.
Corresponding author
Ethics declarations
Conflict of interest
There is no conflict of interest between the authors of this work.
Ethics approval
Not applicable.
Consent to participate
Not applicable.
Consent for publication
Yes.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Dhanavanthini, P., Chakkravarthy, S.S. Phish-armour: phishing detection using deep recurrent neural networks. Soft Comput (2023). https://doi.org/10.1007/s00500-023-07962-y
Accepted:
Published:
DOI: https://doi.org/10.1007/s00500-023-07962-y