Abstract
It is certainly peculiar that even after securing one's infrastructure with state of the art technologies, companies still get compromised. The question thus arises ‘How is an attacker able to circumvent such sophisticated defenses?’. The answer to this is relatively simple. Attackers exploit the most vulnerable component in the chain, also known as humans. They do so by targeting people with fake emails and websites. Attackers often spoof legitimate services and modify them to perform nefarious activities. This act of portraying a malicious resource as a legitimate resource is known as phishing. The main motive behind phishing is to trick the victim into revealing personal information or more often phishing acts as a precursor to malware infections. Advancement in technology has made it easier for attackers to spoof a legitimate resource with almost zero flaws. It makes it extremely difficult for the victims to evade such attacks. However with the aid of artificial intelligence detecting such websites becomes extremely easy and accurate. In this research we propose a hybrid deep learning model to detect phishing websites. The hybrid model is a combination of CNN and RNN algorithms and gives a high degree of accuracy in phishing website detection. For training and validation the datasets have been used. The results of our experiments show that the proposed model performs better than traditional deep learning models.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Khonji M, Iraqi Y, Jones A (2013) Phishing detection: a literature survey. IEEE Commun Surv Tutor 15(4):2091–2121
Choudhary A, Choudhary G, Pareek K, Kunndra C, Luthra J, Dragoni N (2022) Emerging cyber security challenges after COVID pandemic: a survey. J Internet Serv Inf Secur 12(2):21–50
Al-Qahtani AF, Cresci S (2022) The COVID-19 scamdemic: a survey of phishing attacks and their countermeasures during COVID-19. IET Inf Secur 16(5):324–345
Pranggono B, Arabo A (2021) COVID-19 pandemic cybersecurity issues. Internet Technol Lett 4(2):e247
NJCCIC (2023) Maui wildfire charity scams. Available at https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/maui-wildfire-charity-scams. Accessed 29 Aug 2023
CISA (2023) Cisa warns of Hurricane/typhoon-related scams: CISA, cybersecurity and infrastructure security agency CISA. Available at https://www.cisa.gov/news-events/alerts/2023/05/25/cisa-warns-hurricanetyphoon-related-scams. Accessed 29 Aug 2023
Kathrine GJW, Praise PM, Rose AA, Kalaivani EC (2019) Variants of phishing attacks and their detection techniques. In: 2019 3rd international conference on trends in electronics and informatics (ICOEI). IEEE, pp 255–259
IBM Security (2023) Cost of a data breach report 2023, cost of a data breach report 2022. Available at https://www.ibm.com/downloads/cas/E3G5JMBP. Accessed 30 Aug 2023
Mukherjee B (2023) 28,000 complaints, 1,300 firs, RS 100 crore swindled, victims in all states: just a thread in ‘New jamtara’ fraud web: Gurgaon News—Times of India, The Times of India. Available at https://timesofindia.indiatimes.com/city/gurgaon/28000-complaints-1300-firs-rs-100-crore-swindled-victims-in-all-states-just-a-thread-in-new-jamtara-fraud-web/articleshow/100145054.cms. Accessed 30 Aug 2023
Odeh A, Keshta I, Abdelfattah E (2021) Machine learning techniques for detection of website phishing: a review for promises and challenges. In: 2021 IEEE 11th annual computing and communication workshop and conference (CCWC). IEEE, pp 0813–0818
Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E (2013) A survey of phishing email filtering techniques. IEEE Commun Surv Tutor 15(4):2070–2090
Yeboah-Boateng EO, Amanor PM (2014) Phishing, SMiShing & vishing: an assessment of threats against mobile devices. J Emerg Trends Comput Inf Sci 5(4):297–307
Mishra S, Soni D (2020) Smishing detector: a security model to detect smishing through SMS content analysis and URL behavior analysis. Futur Gener Comput Syst 108:803–815
Balim C, Gunal ES (2019) Automatic detection of smishing attacks by machine learning methods. In: 2019 1st international informatics and software engineering conference (UBMYK). IEEE, pp 1–3
Parker HJ, Flowerday SV (2020) Contributing factors to increased susceptibility to social media phishing attacks. South Afr J Inf Manage 22(1):1–10
Butler R (2007) A framework of anti-phishing measures aimed at protecting the online consumer’s identity. Electron Libr 25(5):517–533
Mohammad RM, Thabtah F, McCluskey L (2014) Predicting phishing websites based on self-structuring neural network. Neural Comput Appl 25:443–458
Wright J (2023) Open-source phishing framework, gophish. Available at https://getgophish.com/. Accessed 30 Aug 2023
Gophish (2023) Gophish/gophish: open-source phishing toolkit, GitHub. Available at https://github.com/gophish/gophish. Accessed 30 Aug 2023
Brewer R (2014) Advanced persistent threats: minimising the damage. Netw Secur 2014(4):5–9
Shahrivari V, Darabi MM, Izadi M (2020) Phishing detection using machine learning techniques. arXiv preprint arXiv:2009.11116
Wang S, Khan S, Xu C, Nazir S, Hafeez A (2020) Deep learning-based efficient model development for phishing detection using random forest and BLSTM classifiers. Complexity 2020:1–7
Adebowale MA, Lwin KT, Hossain MA (2023) Intelligent phishing detection scheme using deep learning algorithms. J Enterp Inf Manag 36(3):747–766
Gandotra E, Gupta D (2021) An efficient approach for phishing detection using machine learning. Multimedia security: algorithm development, analysis and applications, pp 239–253
Wei B, Hamad RA, Yang L, He X, Wang H, Gao B, Woo WL (2019) A deep-learning-driven light-weight phishing detection sensor. Sensors 19(19):4258
Lakshmi L, Reddy MP, Santhaiah C, Reddy UJ (2021) Smart phishing detection in web pages using supervised deep learning classification and optimization technique adam. Wireless Pers Commun 118(4):3549–3564
Mohammad R, McCluskey L (2015) Phishing websites. UCI machine learning repository. https://doi.org/10.24432/C51W2X
Vrbančič G, Fister I Jr, Podgorelec V (2020) Datasets for phishing websites detection. Data Brief 33:106438
Bhatt D, Patel C, Talsania H, Patel J, Vaghela R, Pandya S, Modi K, Ghayvat H (2021) CNN variants for computer vision: history, architecture, application, challenges and future scope. Electronics 10(20):2470
Kim J, Sangjun O, Kim Y, Lee M (2016) Convolutional neural network with biologically inspired retinal structure. Procedia Comput Sci 88:145–154
Sharma A, Vans E, Shigemizu D, Boroevich KA, Tsunoda T (2019) DeepInsight: a methodology to transform a non-image data to an image for convolution neural network architecture. Sci Rep 9(1):11399
Zhang J, Man KF (1998) Time series prediction using RNN in multi-dimension embedding phase space. In: SMC'98 conference proceedings. 1998 IEEE international conference on systems, man, and cybernetics (cat. no. 98CH36218), vol 2. IEEE, pp 1868–1873
Manaswi NK, Manaswi NK (2018) RNN and LSTM. Deep learning with applications using python: chatbots and face, object, and speech recognition with TensorFlow and Keras, pp 115–126
Hochreiter S (1998) The vanishing gradient problem during learning recurrent neural nets and problem solutions. Int J Uncertain Fuzziness Knowl-Based Syst 6(02):107–116
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Dey R, Salem FM (2017) Gate-variants of gated recurrent unit (GRU) neural networks. In: 2017 IEEE 60th international midwest symposium on circuits and systems (MWSCAS). IEEE, pp 1597–1600
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kunndra, C., Choudhary, A., Kaur, J., Jogia, A., Mathur, P., Shukla, V. (2024). NTPhish: A CNN-RNN Hybrid Deep Learning Model to Detect Phishing Websites. In: Chaturvedi, A., Hasan, S.U., Roy, B.K., Tsaban, B. (eds) Cryptology and Network Security with Machine Learning. ICCNSML 2023. Lecture Notes in Networks and Systems, vol 918. Springer, Singapore. https://doi.org/10.1007/978-981-97-0641-9_40
Download citation
DOI: https://doi.org/10.1007/978-981-97-0641-9_40
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0640-2
Online ISBN: 978-981-97-0641-9
eBook Packages: EngineeringEngineering (R0)