Skip to main content
SpringerLink
Log in

NTPhish: A CNN-RNN Hybrid Deep Learning Model to Detect Phishing Websites

  • Conference paper
  • First Online:
Cryptology and Network Security with Machine Learning (ICCNSML 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 918))

  • 73 Accesses

Abstract

It is certainly peculiar that even after securing one's infrastructure with state of the art technologies, companies still get compromised. The question thus arises ‘How is an attacker able to circumvent such sophisticated defenses?’. The answer to this is relatively simple. Attackers exploit the most vulnerable component in the chain, also known as humans. They do so by targeting people with fake emails and websites. Attackers often spoof legitimate services and modify them to perform nefarious activities. This act of portraying a malicious resource as a legitimate resource is known as phishing. The main motive behind phishing is to trick the victim into revealing personal information or more often phishing acts as a precursor to malware infections. Advancement in technology has made it easier for attackers to spoof a legitimate resource with almost zero flaws. It makes it extremely difficult for the victims to evade such attacks. However with the aid of artificial intelligence detecting such websites becomes extremely easy and accurate. In this research we propose a hybrid deep learning model to detect phishing websites. The hybrid model is a combination of CNN and RNN algorithms and gives a high degree of accuracy in phishing website detection. For training and validation the datasets have been used. The results of our experiments show that the proposed model performs better than traditional deep learning models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Khonji M, Iraqi Y, Jones A (2013) Phishing detection: a literature survey. IEEE Commun Surv Tutor 15(4):2091–2121

    Article  Google Scholar 

  2. Choudhary A, Choudhary G, Pareek K, Kunndra C, Luthra J, Dragoni N (2022) Emerging cyber security challenges after COVID pandemic: a survey. J Internet Serv Inf Secur 12(2):21–50

    Google Scholar 

  3. Al-Qahtani AF, Cresci S (2022) The COVID-19 scamdemic: a survey of phishing attacks and their countermeasures during COVID-19. IET Inf Secur 16(5):324–345

    Article  Google Scholar 

  4. Pranggono B, Arabo A (2021) COVID-19 pandemic cybersecurity issues. Internet Technol Lett 4(2):e247

    Article  Google Scholar 

  5. NJCCIC (2023) Maui wildfire charity scams. Available at https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/maui-wildfire-charity-scams. Accessed 29 Aug 2023

  6. CISA (2023) Cisa warns of Hurricane/typhoon-related scams: CISA, cybersecurity and infrastructure security agency CISA. Available at https://www.cisa.gov/news-events/alerts/2023/05/25/cisa-warns-hurricanetyphoon-related-scams. Accessed 29 Aug 2023

  7. Kathrine GJW, Praise PM, Rose AA, Kalaivani EC (2019) Variants of phishing attacks and their detection techniques. In: 2019 3rd international conference on trends in electronics and informatics (ICOEI). IEEE, pp 255–259

    Google Scholar 

  8. IBM Security (2023) Cost of a data breach report 2023, cost of a data breach report 2022. Available at https://www.ibm.com/downloads/cas/E3G5JMBP. Accessed 30 Aug 2023

  9. Mukherjee B (2023) 28,000 complaints, 1,300 firs, RS 100 crore swindled, victims in all states: just a thread in ‘New jamtara’ fraud web: Gurgaon News—Times of India, The Times of India. Available at https://timesofindia.indiatimes.com/city/gurgaon/28000-complaints-1300-firs-rs-100-crore-swindled-victims-in-all-states-just-a-thread-in-new-jamtara-fraud-web/articleshow/100145054.cms. Accessed 30 Aug 2023

  10. Odeh A, Keshta I, Abdelfattah E (2021) Machine learning techniques for detection of website phishing: a review for promises and challenges. In: 2021 IEEE 11th annual computing and communication workshop and conference (CCWC). IEEE, pp 0813–0818

    Google Scholar 

  11. Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E (2013) A survey of phishing email filtering techniques. IEEE Commun Surv Tutor 15(4):2070–2090

    Article  Google Scholar 

  12. Yeboah-Boateng EO, Amanor PM (2014) Phishing, SMiShing & vishing: an assessment of threats against mobile devices. J Emerg Trends Comput Inf Sci 5(4):297–307

    Google Scholar 

  13. Mishra S, Soni D (2020) Smishing detector: a security model to detect smishing through SMS content analysis and URL behavior analysis. Futur Gener Comput Syst 108:803–815

    Article  Google Scholar 

  14. Balim C, Gunal ES (2019) Automatic detection of smishing attacks by machine learning methods. In: 2019 1st international informatics and software engineering conference (UBMYK). IEEE, pp 1–3

    Google Scholar 

  15. Parker HJ, Flowerday SV (2020) Contributing factors to increased susceptibility to social media phishing attacks. South Afr J Inf Manage 22(1):1–10

    Google Scholar 

  16. Butler R (2007) A framework of anti-phishing measures aimed at protecting the online consumer’s identity. Electron Libr 25(5):517–533

    Article  Google Scholar 

  17. Mohammad RM, Thabtah F, McCluskey L (2014) Predicting phishing websites based on self-structuring neural network. Neural Comput Appl 25:443–458

    Article  Google Scholar 

  18. Wright J (2023) Open-source phishing framework, gophish. Available at https://getgophish.com/. Accessed 30 Aug 2023

  19. Gophish (2023) Gophish/gophish: open-source phishing toolkit, GitHub. Available at https://github.com/gophish/gophish. Accessed 30 Aug 2023

  20. Brewer R (2014) Advanced persistent threats: minimising the damage. Netw Secur 2014(4):5–9

    Article  Google Scholar 

  21. Shahrivari V, Darabi MM, Izadi M (2020) Phishing detection using machine learning techniques. arXiv preprint arXiv:2009.11116

  22. Wang S, Khan S, Xu C, Nazir S, Hafeez A (2020) Deep learning-based efficient model development for phishing detection using random forest and BLSTM classifiers. Complexity 2020:1–7

    Google Scholar 

  23. Adebowale MA, Lwin KT, Hossain MA (2023) Intelligent phishing detection scheme using deep learning algorithms. J Enterp Inf Manag 36(3):747–766

    Article  Google Scholar 

  24. Gandotra E, Gupta D (2021) An efficient approach for phishing detection using machine learning. Multimedia security: algorithm development, analysis and applications, pp 239–253

    Google Scholar 

  25. Wei B, Hamad RA, Yang L, He X, Wang H, Gao B, Woo WL (2019) A deep-learning-driven light-weight phishing detection sensor. Sensors 19(19):4258

    Article  Google Scholar 

  26. Lakshmi L, Reddy MP, Santhaiah C, Reddy UJ (2021) Smart phishing detection in web pages using supervised deep learning classification and optimization technique adam. Wireless Pers Commun 118(4):3549–3564

    Article  Google Scholar 

  27. Mohammad R, McCluskey L (2015) Phishing websites. UCI machine learning repository. https://doi.org/10.24432/C51W2X

  28. Vrbančič G, Fister I Jr, Podgorelec V (2020) Datasets for phishing websites detection. Data Brief 33:106438

    Article  Google Scholar 

  29. Bhatt D, Patel C, Talsania H, Patel J, Vaghela R, Pandya S, Modi K, Ghayvat H (2021) CNN variants for computer vision: history, architecture, application, challenges and future scope. Electronics 10(20):2470

    Article  Google Scholar 

  30. Kim J, Sangjun O, Kim Y, Lee M (2016) Convolutional neural network with biologically inspired retinal structure. Procedia Comput Sci 88:145–154

    Article  Google Scholar 

  31. Sharma A, Vans E, Shigemizu D, Boroevich KA, Tsunoda T (2019) DeepInsight: a methodology to transform a non-image data to an image for convolution neural network architecture. Sci Rep 9(1):11399

    Article  Google Scholar 

  32. Zhang J, Man KF (1998) Time series prediction using RNN in multi-dimension embedding phase space. In: SMC'98 conference proceedings. 1998 IEEE international conference on systems, man, and cybernetics (cat. no. 98CH36218), vol 2. IEEE, pp 1868–1873

    Google Scholar 

  33. Manaswi NK, Manaswi NK (2018) RNN and LSTM. Deep learning with applications using python: chatbots and face, object, and speech recognition with TensorFlow and Keras, pp 115–126

    Google Scholar 

  34. Hochreiter S (1998) The vanishing gradient problem during learning recurrent neural nets and problem solutions. Int J Uncertain Fuzziness Knowl-Based Syst 6(02):107–116

    Article  Google Scholar 

  35. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780

    Article  Google Scholar 

  36. Dey R, Salem FM (2017) Gate-variants of gated recurrent unit (GRU) neural networks. In: 2017 IEEE 60th international midwest symposium on circuits and systems (MWSCAS). IEEE, pp 1597–1600

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sardar Patel University of Police Security and Criminal Justice, Jodhpur, India

    Chetanya Kunndra, Arjun Choudhary & Prashant Mathur

  2. Indian Institute of Technology, Jodhpur, India

    Jaspreet Kaur

  3. Delhi Technological University, Delhi, India

    Aryan Jogia

  4. Pranveer Singh Institute of Technology, Kanpur, India

    Varun Shukla

Authors
  1. Chetanya Kunndra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arjun Choudhary
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jaspreet Kaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aryan Jogia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Prashant Mathur
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Varun Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chetanya Kunndra .

Editor information

Editors and Affiliations

  1. Department of Mathematics, Pranveer Singh Institute of Technology, Kanpur, India

    Atul Chaturvedi

  2. Department of Mathematics, Indian Institute of Technology Jammu, Jammu, India

    Sartaj Ul Hasan

  3. Applied Statistics Unit, Indian Statistical Institute, Kolkata, India

    Bimal Kumar Roy

  4. Department of Mathematics, Bar-Ilan University, Ramat-Gan, Israel

    Boaz Tsaban

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kunndra, C., Choudhary, A., Kaur, J., Jogia, A., Mathur, P., Shukla, V. (2024). NTPhish: A CNN-RNN Hybrid Deep Learning Model to Detect Phishing Websites. In: Chaturvedi, A., Hasan, S.U., Roy, B.K., Tsaban, B. (eds) Cryptology and Network Security with Machine Learning. ICCNSML 2023. Lecture Notes in Networks and Systems, vol 918. Springer, Singapore. https://doi.org/10.1007/978-981-97-0641-9_40

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0641-9_40

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0640-2

  • Online ISBN: 978-981-97-0641-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation