More Web Proxy on the site http://driver.im/

article

Predicting phishing websites based on self-structuring neural network

Authors:

Rami M. Mohammad,

Lee MccluskeyAuthors Info & Claims

Neural Computing and Applications, Volume 25, Issue 2

Pages 443 - 458

https://doi.org/10.1007/s00521-013-1490-z

Published: 01 August 2014 Publication History

Abstract

Internet has become an essential component of our everyday social and financial activities. Nevertheless, internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customer's confidence in e-commerce and online banking. Phishing is considered as a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain confidential information such as usernames, passwords and social security number. So far, there is no single solution that can capture every phishing attack. In this article, we proposed an intelligent model for predicting phishing attacks based on artificial neural network particularly self-structuring neural networks. Phishing is a continuous problem where features significant in determining the type of web pages are constantly changing. Thus, we need to constantly improve the network structure in order to cope with these changes. Our model solves this problem by automating the process of structuring the network and shows high acceptance for noisy data, fault tolerance and high prediction accuracy. Several experiments were conducted in our research, and the number of epochs differs in each experiment. From the results, we find that all produced structures have high generalization ability.

References

[1]

Liu J, Ye Y (2001) Introduction to E-commerce agents: marketplace solutions, security issues, and supply and demand. In: E-commerce agents, marketplace solutions, security issues, and supply and demand, London, UK

Digital Library

[2]

APWG, Aaron G, Manning R (2013) APWG phishing reports. APWG, 1 February 2013. {Online}. Available: http://www.antiphishing.org/resources/apwg-reports/. Accessed 8 Feb 2013

[3]

Kaspersky Lab (2013) Spam in January 2012: love, politics and sport. {Online}. Available: http://www.kaspersky.com/about/news/spam/2012/Spam_in_January_2012_Love_Politics_and_Sport. Accessed 11 Feb 2013

[4]

Seogod (2011) Black Hat SEO. SEO Tools. {Online}. Available: http://www.seobesttools.com/black-hat-seo/. Accessed 8 Jan 2013

[5]

Dhamija R, Tygar JD, Hearst M (2006) Why phishing works. In: Proceedings of the SIGCHI conference on human factors in computing systems, Cosmopolitan Montréal, Canada

[6]

Cranor LF (2008) A framework for reasoning about the human in the loop. In: UPSEC'08 Proceedings of the 1st conference on usability, psychology, and security, Berkeley, CA, USA

[7]

Miyamoto D, Hazeyama H, Kadobayashi Y (2008) An evaluation of machine learning-based methods for detection of phishing sites. Aust J Intell Inf Process Syst 10(2):54---63

[8]

Xiang G, Hong J, Rose CP, Cranor L (2011) CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans Inf Syst Secur 14(2):1---28

Digital Library

[9]

Witten IH, Frank E (2002) Data mining: practical machine learning tools and techniques with Java implementations. ACM, New York, NY

[10]

Zhang Y, Hong J, Cranor L (2007) CANTINA: a content-based approach to detect phishing web sites. In: Proceedings of the 16th world wide web conference, Banff, Alberta, Canada

[11]

Widrow B, Lehr MA (1990) 30 years of adaptive neural networks: perceptron, Madaline, and backpropagation. In: Proceedings of the IEEE, vol 78, no 9, pp 1415---1442

[12]

Basheer I, Hajmeer M (2000) Artificial neural networks: fundamentals, computing, design, and application. J Microbiol Methods 43(1):3---31

[13]

Aburrous M, Hossain MA, Dahal K, Fadi T (2010) Predicting phishing websites using classification mining techniques. In: Seventh international conference on information technology, Las Vegas, Nevada, USA

[14]

Thabtah F, Peter C, Peng Y (2005) MCAR: multi-class classification based on association rule. In: The 3rd ACS/IEEE international conference on computer systems and applications

[15]

Hu K, Lu Y, Zhou L, Shi C (1998) Integrating classification and association rule mining. In: Proceedings of the fourth international conference on knowledge discovery and data mining (KDD-98, plenary presentation), New York, USA

[16]

Quinlan JR (1996) Improved use of continuous attributes in c4.5. J Artif Intell Res 4:77---90

[17]

Cendrowska J (1987) PRISM: an algorithm for inducing modular rule. Int J Man-Mach Stud 27(4):349---370

[18]

Aburrous M, Hossain MA, Dahal K, Thabtah F (2010) Intelligent phishing detection system for e-banking using fuzzy data mining. Expert Syst Appl Int J 37(12):7913---7921

[19]

Sodiya AS, Onashoga SA, Oladunjoye BA (2007) Threat modeling using fuzzy logic paradigm. In: Issues in Informing Science and Information Technology, vol 4

[20]

Pan Y, Ding X (2006) Anomaly based web phishing page detection. In: ACSAC `06: Proceedings of the 22nd annual computer security applications conference, Washington, DC

[21]

"W3C" {Online}. Available: http://www.w3.org/TR/DOM-Level-2-HTML/. Accessed Dec 2011

[22]

Cortes C, Vapnik V (1995) Support-vector networks. Machine Learning 20(3):273---297

[23]

Manning CD, Raghavan P, Schütze H (2008) Introduction to information retrieval. Cambridge University Press, Cambridge

[24]

Sanglerdsinlapachai N, Rungsawang A (2010) Using domain top-page similarity feature in machine learning-based web. In: Third international conference on knowledge discovery and data mining, Washington, DC

[25]

Sadeh N, Tomasic A, Fette I (2007) Learning to detect phishing emails. In: Proceedings of the 16th international conference on World Wide Web, pp 649---656

[26]

T. A. S. Project, "SpamAssassin" {Online}. Available: http://spamassassin.apache.org/. Accessed Jan 2012

[27]

Wenyin L, Huang G, Xiaoyue L, Min Z, Deng X (2005) Detection of phishing webpages based on visual similarity. In: Proceeding WWW `05 Special interest tracks and posters of the 14th international conference on World Wide Web, New York, NY

[28]

Dhamija R, Tygar JD (2005) The battle against phishing: dynamic security skins. In: Proceedings of the 1st symposium on usable privacy and security, New York, NY

[29]

Horng S-J, Fan P, Khan MK, Run R-S, Lai J-L, Chen R-J, Sutanto A, Mingxing H (2011) An efficient phishing webpage detector. Expert Syst Appl Int J 38(10):12018---12027

Digital Library

[30]

Mohammad RM, Thabtah F, McCluskey L (2012) An assessment of features related to phishing websites using an automated technique. In: The 7th international conference for internet technology and secured transactions (ICITST-2012), London

[31]

"WhoIS" {Online}. Available: http://who.is/. Accessed Dec 2011

[32]

Mohammad RM Phishing websites dataset. December 2012. {Online}. Available: http://phishingdatasets.wikispaces.com/. Accessed Dec 2012

[33]

"Yahoo Directory" {Online}. Available: http://dir.yahoo.com/. Accessed Dec 2011

[34]

"Starting Point Directory" {Online}. Available: http://www.stpt.com/directory/. Accessed Jan 2012

[35]

Liu W, Deng X, Huang G, Fu AY (2006) An antiphishing strategy based on visual similarity assessment. In: IEEE educational activities Department Piscataway, NJ, USA

[36]

"MillerSmiles" {Online}. Available: http://www.millersmiles.co.uk/

[37]

Nabhan TM, Zomaya AY (1994) Toward generating neural network structures for function approximation. Neural Netw 7(1):89---99

Digital Library

[38]

Hutchins RG (1995) Neural network topologies and training algorithms in nonlinear system identification. In: Systems, man and cybernetics. IEEE international conference on intelligent systems for the 21st century, Monterey, CA

[39]

Jacek ZM (1994) Introduction to artificial neural systems. Jaico Publishing House, India

[40]

Kantardzic M (2011) Data mining: concepts, models, methods, and algorithms, 2nd edn. Wiley, USA

Cited By

Varshney GKumawat RVaradharajan VTupakula UGupta C(2024)Anti-phishingExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122199238:PFOnline publication date: 15-Mar-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122199
Lavie OShabtai AKatz G(2024)Cost effective transfer of reinforcement learning policiesExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121380237:PAOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121380
Zhu ECheng KZhang ZWang H(2024)PDHFComputers and Security10.1016/j.cose.2023.103561136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103561
Show More Cited By

Predicting phishing websites based on self-structuring neural network
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
2. Theory of computation
  1. Theory and algorithms for application domains

Recommendations

Defending against phishing attacks: taxonomy of methods, current issues and future directions

Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people's lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly ...
Fighting against phishing attacks: state of the art and future challenges

In the last few years, phishing scams have rapidly grown posing huge threat to global Internet security. Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user's personal or financial ...
A phishing analysis of web based systems
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & Security

Phishing is form of identity theft that uses the social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. It is a kind of attack in which phishers use spoofed emails and fraudulent web ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Neural Computing and Applications

Neural Computing and Applications Volume 25, Issue 2

August 2014

233 pages

ISSN:0941-0643

EISSN:1433-3058

Issue’s Table of Contents

Copyright © Copyright © 2014 The Natural Computing Applications Forum.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 August 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Varshney GKumawat RVaradharajan VTupakula UGupta C(2024)Anti-phishingExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122199238:PFOnline publication date: 15-Mar-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122199
Lavie OShabtai AKatz G(2024)Cost effective transfer of reinforcement learning policiesExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121380237:PAOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121380
Zhu ECheng KZhang ZWang H(2024)PDHFComputers and Security10.1016/j.cose.2023.103561136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103561
Kondaiah CPais ARao R(2024)Enhanced Malicious Traffic Detection in Encrypted Communication Using TLS Features and a Multi-class Classifier EnsembleJournal of Network and Systems Management10.1007/s10922-024-09847-332:4Online publication date: 10-Aug-2024
https://dl.acm.org/doi/10.1007/s10922-024-09847-3
Tashtoush YAlajlouni MAlbalas FDarwish O(2024)Exploring low-level statistical features of n-grams in phishing URLs: a comparative analysis with high-level featuresCluster Computing10.1007/s10586-024-04655-527:10(13717-13736)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1007/s10586-024-04655-5
Ariyadasa SFernando SFernando S(2024)SmartiPhish: a reinforcement learning-based intelligent anti-phishing solution to detect spoofed website attacksInternational Journal of Information Security10.1007/s10207-023-00778-923:2(1055-1076)Online publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1007/s10207-023-00778-9
Chitare NCoventry LNicholson J(2023)“It may take ages”: Understanding Human-Centred Lateral Phishing Attack Detection in OrganisationsProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617116(344-355)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617116
Alsenani TAyon SYousuf SAnik FChowdhury M(2023)Intelligent feature selection model based on particle swarm optimization to detect phishing websitesMultimedia Tools and Applications10.1007/s11042-023-15399-682:29(44943-44975)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11042-023-15399-6
Pandey PMishra N(2023)Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learningInternational Journal of Information Security10.1007/s10207-023-00672-422:4(881-891)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1007/s10207-023-00672-4
McConnell BDel Monaco DZabihimayvan MAbdollahzadeh FHamada S(2023)Phishing Attack Detection: An Improved Performance Through Ensemble LearningArtificial Intelligence and Soft Computing10.1007/978-3-031-42508-0_14(145-157)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-42508-0_14
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents