0 Contact Us

Phishing Attack Detection using Gradient Boosting

Aslin Sushmitha R.*

Department of Information Technology, Noorul Islam College of Engineering, Thuckalay, Tamil Nadu, India.

Periodicity:January - June'2024
DOI : https://doi.org/10.26634/jdf.2.1.20840

Abstract

Phishing is a prevalent cyber attack that uses deceptive websites to trick individuals into revealing personal information. These sites mimic legitimate ones to steal data such as usernames, passwords, and financial details. Detecting phishing is crucial, and machine learning algorithms are effective tools for this task. Attackers favor phishing due to its effectiveness in tricking victims with authentic-looking yet malicious links, which can breach security measures. This method employs machine learning to innovate phishing website detection. However, attackers can manipulate features like HTML, DOM, and URLs using web scraping and scripting languages. A new approach using machine learning classifiers tackles these threats by analyzing internet URLs and domain names. A dataset sourced from globally recognized intelligence services and organizations facilitates streamlined feature extraction, reducing processing overhead by prioritizing URL and domain name traits. The Gradient Boosting Classifier is used on an 11,055-instance dataset with thirty-two features to classify phishing URLs, demonstrating superior accuracy compared to methods like Random Forest. Gradient boosting is highly effective across various machine learning tasks, leveraging aggregated weak learners such as decision trees for strong predictive accuracy. Its suitability for handling imbalanced datasets makes it particularly effective for phishing detection, which is crucial for distinguishing between legitimate and malicious URLs. This method enhances accuracy by extracting and comparing distinct characteristics of legitimate and phishing URLs. By focusing on URL and domain name attributes, a more effective approach to identifying phishing attempts in cybersecurity is proposed.

Keywords

Machine Learning, Gradient Boosting Classifier, Phishing Detection, Machine Learning for Cybersecurity, Fraud Detection, Phishing Attack Prevention.

How to Cite this Article?

Sushmitha, R. A. (2024). Phishing Attack Detection using Gradient Boosting. i-manager’s Journal on Digital Forensics & Cyber Security, 2(1), 33-43. https://doi.org/10.26634/jdf.2.1.20840

References

[1]. Capuano, N., Fenza, G., Loia, V., & Stanzione, C. (2022). Explainable artificial intelligence in cybersecurity: A survey. IEEE Access, 10, 93575-93600.

[2]. Castaño, F., Fernañdez, E. F., Alaiz-Rodríguez, R., & Alegre, E. (2023). PhiKitA: Phishing kit attacks dataset for phishing websites identification. IEEE Access, 11, 40779-40789.

[3]. Drew, J., & Moore, T. (2014, May). Automatic identification of replicated criminal websites using combined clustering. In 2014 IEEE Security and Privacy Workshops (pp. 116-123). IEEE.

[4]. El Aassal, A., Baki, S., Das, A., & Verma, R. M. (2020). An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access, 8, 22170-22192.

[5]. Gualberto, E. S., De Sousa, R. T., Vieira, T. P. D. B., Da Costa, J. P. C. L., & Duque, C. G. (2020). The answer is in the text: Multi-stage methods for phishing detection based on feature engineering. IEEE Access, 8, 223529-223547.

[6]. Gupta, M., Akiri, C., Aryal, K., Parker, E., & Praharaj, L. (2023). From chatgpt to threatgpt: Impact of generative AI in cybersecurity and privacy. IEEE Access, 11, 80218-80245.

[7]. Kabla, A. H. H., Anbar, M., Manickam, S., & Karupayah, S. (2022). Eth-PSD: A machine learning-based phishing scam detection approach in ethereum. IEEE Access, 10, 118043-118057.

[8]. Kara, I., Ok, M., & Ozaday, A. (2022). Characteristics of understanding urls and domain names features: The detection of phishing websites with machine learning methods. IEEE Access, 10, 124420-124428.

[9]. Karim, A., Azam, S., Shanmugam, B., Kannoorpatti, K., & Alazab, M. (2019). A comprehensive survey for intelligent spam email detection. IEEE Access, 7, 168261-168295.

[10]. Oest, A., Safaei, Y., Doupé, A., Ahn, G. J., Wardman, B., & Tyers, K. (2019, May). Phishfarm: A scalable framework for measuring the effectiveness of evasion techniques against browser phishing blacklists. In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1344-1361). IEEE.

[11]. Purwanto, R. W., Pal, A., Blair, A., & Jha, S. (2022). PhishSim: Aiding phishing website detection with a feature-free tool. IEEE Transactions on Information Forensics and Security, 17, 1497-1512.

[12]. Razaque, A., Alotaibi, B., Alotaibi, M., Amsaad, F., Manasov, A., Hariri, S., & Alotaibi, A. (2021). Blockchain-enabled deep recurrent neural network model for clickbait detection. IEEE Access, 10, 3144-3163.

[13]. Salloum, S., Gaber, T., Vadera, S., & Shaalan, K. (2022). A systematic literature review on phishing email detection using natural language processing techniques. IEEE Access, 10, 65703-65727.

[14]. Tsinganos, N., Mavridis, I., & Gritzalis, D. (2022). Utilizing convolutional neural networks and word embeddings for early-stage recognition of persuasion in chat-based social engineering attacks. IEEE Access, 10, 108517-108529.

[15]. Wei, Y., & Sekiya, Y. (2022). Sufficiency of ensemble machine learning methods for phishing websites detection. IEEE Access, 10, 124103-124113.

[16]. Zieni, R., Massari, L., & Calzarossa, M. C. (2023). Phishing or not phishing? A survey on the detection of phishing websites. IEEE Access, 11, 18499-18519.

If you have access to this article please login to view the article or kindly login to purchase the article

Username/Email

Password

Forgot password?

Remember me

Don't have an account? Sign Up

Purchase Instant Access

Single Article

	North Americas,UK, Middle East,Europe		India	Rest of world
	USD	EUR	INR	USD-ROW
Pdf	40	40	300
Online	40	40	300
Pdf & Online	40	40	300

ADD TO CART

Options for accessing this content:

If you would like institutional access to this content, please recommend the title to your librarian.
If you already have i-manager's user account: Login above and proceed to purchase the article.
New Users: Please register, then proceed to purchase the article.

Alert

Full Article Now Not Available

Submit New Paper Track Paper Status Buy Journal Track Your Subscription Journal Archive

Authors Institutions/Librarians Agents Conferences

About Us Contact FAQ Terms and Conditions Privacy Policy Refund & cancellation Policy