Abstract
Phishing is a critical issue that faces the digital security. The straightforwardness of the web and Internet uncovered open doors for offenders to transfer malevolent substance at the same time with the upgrade of online business trades, for example, phishing – the demonstration of taking individual data which ascends in number. Internet clients’ costs have been increased to billions of dollars for each year due to phishing. Phishers use parodied email, Uniform Resource Locator (URL) locations of phony sites, and phishing programming to take individual data and monetary record subtleties, for example, usernames and passwords. The boycott system is definitely not a sufficient method to remain safe from the cybercriminals. Hence, phishing site pointers must be considered for this reason, with the presence and utilization of machine learning calculations. The current techniques make utilization of all separated attributes in the phishing URL location, prompting high false positive rate.
In this manner, the proposed work manages strategies for distinguishing phishing web destinations by investigating different attributes of genuine and phishing URLs utilizing profound learning procedures, for example, deep Boltzmann machine (DBM), stacked auto-encoder (SAE), and deep neural network (DNN). DBM and SAE are utilized for pre-preparing the model with a superior portrayal of data for attribute determination, among which SAE has accomplished lower misclassification mistake with nine and includes a diminished list of attributes and DNN is utilized for twofold grouping in distinguishing obscure URL as either a phishing URL or a genuine URL. The proposed framework accomplishes higher location rate of 94% with low false positive rate than other machine learning strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anti-Phishing Working Group (APWG). (2010). Phishing activity trends report second half 2010, http://apwg.org/reports/apwg report h2 2010.pdf. Accessed Dec 2011.
Anti-Phishing Working Group (APWG). (2011a). Phishing activity trends report first half 2011, http://apwg.org/reports/apwg trends reporth12011.pdf. Accessed Dec 2011.
Anti-Phishing Working Group (APWG). (2011b). Phishing activity trends report second half 2011, http://apwg.org/reports/apwg trends reporth22011.pdf. Accessed July 2012.
Bergholz, A., De Beer, J., Glahn, S., Moens, M.-F., Paaß, G., & Strobel, S. (2010). New filtering approaches for phishing email. Journal of Computer Security, 18, 7–35.
Brewster, K., & Bruce, G. (1996). The Web Information Company., www.alexa.com
Cao, Y., Han, W., & Le, Y. (2008). Anti-phishing based on automated individual white-list. In DIM ‘08: Proceedings of the 4th ACM workshop on digital identity management (pp. 51–60). New York: ACM.
Chen, K.-T., Chen, J.-Y., Huang, C.-R., & Chen, C.-S. (2009). Fighting phishing with discriminative keypoint features. Internet Computing, IEEE, 13(3), 56–63.
Chou, N., Ledesma, R., Teraguchi, Y., & Mitchell, J. C. (2004). Client-side defense against web-based identity theft. In NDSS. The Internet Society.
David Ulevitch. (2006). PhishTank. http://www.phishtank.com
Dong, X., Clark, J., & Jacob, J. (2008). Modelling user-phishing interaction in Human System Interactions, Conference on, 2008, May, pp. 627–632.
Downs, J. S., Holbrook, M., & Cranor, L. F. (2007). Behavioral response to phishing risk. In Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit, ser. eCrime ‘07 (pp. 37–44). New York: ACM.
Google. Google safe browsing API, http://code.google.com/apis/safebrowsing/. Accessed Oct 2011.
Hara, M., Yamada, A., & Miyake, Y. (2009). Visual similarity-based phishing detection without victim site information. In IEEE symposium on computational intelligence in cyber security, 2009. CICS ‘09 (pp. 30–36).
Holz, T., Gorecki, C., Rieck, K., & Freiling, F. C. (2008). Measuring and detecting fast-flux service networks. In Proceedings of the network and distributed system security symposium (NDSS).
Huang, H., Tan, J., & Liu, L. (2009). Countermeasure techniques for deceptive phishing attack. In International conference on new trends in information and service science, 2009. NISS ‘09 (pp. 636–641).
Ian Rogers. (2002). Google Page Rank – Whitepaper, http://www.srigroane.net/google-page-rank/, http://www.prchecker.info/check_page_rank.php
James, J., Sandhya, L., & Thomas, C. (2013). Detection of phishing URLs using machine learning techniques. IEEE international conference on control communication and computing (ICCC).
Knickerbocker, P., Yu, D., & Li, J. (2009). Humboldt: A distributed phishing disruption system. In eCrime researchers summit (pp. 1–12).
Krebs, B. (2011). HBGary Federal hacked by Anonymous, http: //krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/, Accessed Dec 2011.
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007). Protecting people from phishing: The design and evaluation of an embedded training email system. In Proceedings of the SIGCHI conference on human factors in computing systems, ser. CHI ‘07 (pp. 905–914). New York: ACM.
Likarish, P., Dunbar, D., & Hansen, T. E. (2008). Phishguard: A browser plug-in for protection from phishing. In 2 international conference on internet multimedia services architecture and applications, 2008. IMSAA 2008 (pp. 1–6).
Moore, T., & Clayton, R. (2007). Examining the impact of website take-down on phishing. In eCrime ‘07: Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit (pp. 1–13). New York: ACM.
Prakash, P., Kumar, M., Kompella, R. R., & Gupta, M. (2010). Phishnet: Predictive blacklisting to detect phishing attacks. In INFOCOM’10: Proceedings of the 29th conference on information communications (pp. 346–350). Piscataway: IEEE Press.
Rich Skrenta, & Bob Truel. (1998). DMOZ Open Directory Project. http://www.dmoz.org
Salakhutdinov, R. R., & Larochelle, H. (2010). Efficient learning of deep Boltzmann machines. In Proceedings of the international conference on artificial intelligence and statistics (Vol. 13).
Schneier, B. (2011). Lockheed Martin hack linked to RSA’s SecurID breach, http://www.schneier.com/blog/archives/2011/05/lockheed martin.html, Accessed Dec 2011.
Selvaganapathy, S. G., Nivaashini, M., & Natarajan, H. P. (2018). Deep belief network based detection and categorization of malicious URLs. Information Security Journal: A Global Perspective, 27(3), 145–161. https://doi.org/10.1080/19393555.2018.1456577.
Sewak, M., Karim, M. R., & Pujari, P. (2018). Practical convolutional neural network models: Implement advanced deep learning models using Python. Packt Publishing Ltd. Birmingham, United Kingdom.
Sheng, S., Wardman, B., Warner, G., Cranor, L. F., Hong, J., & Zhang, C. (2009, July). An empirical analysis of phishing blacklists. In Proceedings of the 6th conference in email and anti-spam, ser. CEAS’09. Mountain view.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 28 international conference on human factors in computing systems, ser. CHI ‘10 (pp. 373–382). New York: ACM.
Statistical & Qualitative Data Analysis Software: (2019) About R and RStudio. https://libguides.library.kent.edu/statconsulting/r
Weider, D., Yu, Nargundkar, S., & Tiruthani, N. (July 2008). A phishing vulnerability analysis of web based systems. In Proceedings of the 13th IEEE symposium on computers and communications (ISCC 2008) (pp. 326–331). Marrakech: IEEE.
Whittaker, C., Ryner, B., & Nazif, M. (2010). Large-scale automatic classification of phishing pages. In NDSS ‘10.
WHOIS look up., www.whois.net, www.whois.com
Yoshua, B., & Pascal, L. (2007). Greedy layer-wise training of deep networks. In Advances in neural networks.
Yue, C., & Wang, H. (2008). Anti-phishing in offense and defense. In Computer security applications conference, ACSAC 2008. Annual, 8–12 2008 (pp. 345–354).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sountharrajan, S., Nivashini, M., Shandilya, S.K., Suganya, E., Bazila Banu, A., Karthiga, M. (2020). Dynamic Recognition of Phishing URLs Using Deep Learning Techniques. In: Shandilya, S., Wagner, N., Nagar, A. (eds) Advances in Cyber Security Analytics and Decision Systems. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-19353-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-19353-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19352-2
Online ISBN: 978-3-030-19353-9
eBook Packages: EngineeringEngineering (R0)