Abstract
Phishing is a social engineering attack, where an attacker poses as a legitimate individual or institution and convinces a victim to divulge their details through human interaction. There has been a steep rise in phishing cases across the globe. A report by Cisco [1] shows that phishing was the reason for 90% of data breaches in 2021. Various detection models have been proposed in the past to counter such attacks. Some proposed models work on improving the detection rate of phishing URLs while others focus on reducing their detection time. Authors have used machine learning, deep learning, and various other novel mechanisms in feature selections that result in high algorithm performance. This study is a systematic analysis of recent work utilizing deep learning for phishing detection, highlighting the research methods, algorithms, programming tools, and datasets used in such studies. This study further proposes some guidelines for future research, which include standardizing documentation and performance reporting. These guidelines may help researchers in their quest to replicate others’ work and compare newly proposed methods with previously developed systems.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Phishing attacks continue to be very common with 465 brands targeted in Mar 2021 (Statista [2]). According to [3], phishing incidents rose 220% during the pandemic compared to the otherwise yearly average, with 52% of these attacks targeting brand names. 72% of the attacks during the pandemic used a valid HTTPS certificate while almost all of them used TLS encryption. Phishing website detection can help in finding such attempts and keep everyone safe in today’s digital world. A lot of work has been done in the past and this paper analyzes articles related to phishing website detection using deep learning. The motivation of this article is to address the lack of standardization and difficulty in comparing various methodologies in this field. It aims to familiarise its reader with the methodologies, algorithms, and tools used in such studies. It also provides statistical figures to summarize the results and adds suggestions that might encourage easy replication and comparison across similar studies.
Research Question: This paper looks at the following research questions:
What is the current state of the research in phishing website detection using Deep Learning and how can proposed methodologies be made easier to replicate and comparable with other studies?
2 Theoretical Background
Phishing is a cybercrime where an attacker poses as a legitimate institution to lure the target into providing their sensitive data (Phishing.org [4]). Apart from email and website phishing attempts, there are other variants of such types of attacks that use voice calling and text messages. Additional attacks include website forgery, malware, and domain spoofing through which a victim can be trapped in phishing. Typically, Phishing is used against a large number of random targets, while in spear phishing, a targeted version of phishing, the attacks are targeted towards certain individuals who may possess valuable information.
To counter such attacks, various detection models have been proposed. Some of those concentrate on improving the detection rate of phishing URLs while others focus on reducing the detection time. To achieve this, authors use machine learning models like Naive Bayes, Logistic Regression, Random Forest, Decision Trees, Support Vector Machine (SVM), k-Nearest Neighbour, and deep learning models. Deep learning models include Convolutional Neural Network (CNN), Long Short Term Memory (LSTM), Recurrent Neural Network (RNN), and various other novel mechanisms.
Section 3 in this paper discusses the search strategies, inclusion, and exclusion criteria used in this systematic review. Section 4 covers the various algorithms used, paper goals, contents of the datasets, programming tools, and metrics used in these studies. Section 5 concludes the article with proposed suggestions for standardization techniques for future phishing detection research.
3 Methodology
This search was performed on City University of New York’s (CUNY) online library OneSearch. We kept the search criteria broad by searching articles related to phishing and manually narrowed it down to website phishing. This is to ensure that papers that do not have the exact keywords can still be included in the study. Systematic review methodology by Kitchenham [5] is utilized in this study.
3.1 Search Strategy
-
Keyword Search: The following search strings were used to find relevant papers: “Phishing” AND “Detection”
-
Period: Articles published between 2017 and 2021
-
Paper Type: Articles published in conferences or journals
-
Search Database: City University of New York’s online library CUNY OneSearch
-
Inclusion Criteria:
-
Articles written in English.
-
Article scheduled to be published with a pre-print available
-
Articles including keywords in title, full-text or their metadata.
-
Articles implementing or proposing a solution relevant to phishing detection
-
-
Exclusion Criteria:
-
Book Chapters, Newsletter Articles, Books, and Dissertation.
-
Systematic reviews and literature survey.
-
Articles with pure ML-based implementations.
-
The search resulted in ninety-two papers out of which twenty-six papers were discarded after applying the exclusion criteria leaving a total of sixty-six papers. Articles that utilized pure Machine learning-based implementation such as kNN, SVM, Random Forest, and Logistic Regression were excluded from this study, except for hybrid and ensemble models where some ML algorithms are combined with deep learning-based algorithms.
4 Discussion/Findings Overview
Once the papers were collected and filtered using the method specified in the previous section, the articles were examined and categorized according to different criteria, including:
-
Datasets: Datasets are used in the training and testing of the model. In phishing detection, the data needs to be continuously updated so researchers list out the methodologies used to fetch data from popular data sources. The Datasets include different features such as URLs, length of URL, domain based-features including the age of domain, DNS record, and HTML based features: number of out links, anchor tags, etc. Table 1 lists the datasets and data sources that are shared and used in multiple studies.
-
Programming tools: Listing out the programming tools helps researchers in reproducing the work and comparing their proposed work against the same environmental specifications. The result in Sect. 4.2 confirms the recent trend in the use of python over other programming languages.
-
Algorithms used: Various. deep learning based algorithms are used in model training. Some researchers fused multiple algorithms in ensemble and hybrid approaches to improve detection accuracy of the model.
-
Research Methods: The different design goals of the covered work are described, which include removing dependencies or minimizing the needed input data as well as improvement of detection rates and reducing training and testing runtime.
4.1 Datasets
While some studies use proprietary datasets, multiple studies include publicly accessible ones, listed in Table 1.
Datasets Features: Different types of data are used in various research, including:
-
URL: Uniform Resource Locator(URL) and its related information like its length, and use of special characters with or without trimming were used in most of the studies. While most studies use URL repositories, some combine it with additional data listed below
-
Metadata information: Metadata website information includes age of domain, popularity of websites, DNS rank, etc.
-
Webpage content: It includes HTML tags based on information like the number of links in the source code.
-
Images/screenshots: Some datasets have images and screenshots of the website or logo of targeted brands. These images were used along with URL based information to improve the accuracy of the model.
4.2 Programming Tools
Few articles described the programming tools and specifications used in their experiments. Among them almost 35% of the articles used python and approximately 10 % of them used WEKA, Java, and MATLAB-based implementation. The use of these latter languages is decreasing as compared to python. A survey conducted by Kaggle [17] indicated there is a large number of submissions in python and a significantly lower rate of submissions in other languages such as MATLAB and Java. This trend has been observed starting 2013 [18]
4.3 Algorithms
This section lists major deep learning algorithms used in training the classification models. The literature shows three main approaches used by researchers: deep learning models with a single algorithm, hybrid approaches, and ensemble approaches. The latter two approaches are analyzed in more detail in Sect. 4.4
Deep Learning Models: Primary deep learning models used were Deep Neural Networks with hidden layers, CNN, LSTM, and RNN. The models and their accuracy using these algorithms are shown in Table 3.
Ensemble Models: Multiple diverse models are generated and a final prediction is made after aggregating their predictions. Although this model consists of several base models, the model still acts and works like a single model. The ensemble model aims to reduce the generalization error of prediction. Nagaraj et al. [19] used random forest and neural network to get an accuracy of 93.41 on their ensemble model. Another model with LSTM and SVM saw an accuracy in the range of 95.40%–98.50%
Hybrid Models: The model is made by fusing multiple models into a single model. The algorithms used in such models and accuracy ranges are presented in Table 2.
4.4 Research Methods
This section categorizes the research methods used in the surveyed studies. We broadly classify the domain where these improvements were visible into three categories.
-
Novelty in Feature Selection techniques: [20,21,22,23] used various feature extraction methods. [24, 25] introduced novel features and [26] evaluated its model on different feature spaces. [27, 28] used novel feature selection technique like Recursive Feature Elimination(RFE) in their work.
-
Use of Fusion/multilevel architecture: Study by Kazienko et al. [29] shows the use of fusion and multilevel techniques like ensemble model and hybrid model improves the performance of the ML model. While ensemble models can take more time to train the model, a study by Sameen et al. [30] speeds this up through the use of a multi-threaded approach. Different fusion/multilevel architecture models are presented in Table 2.
-
Generation of Adversarial URLs: Evaluating security aspects of a model is useful for evaluating the ability to prevent adversarial attacks. [31] assesses vulnerability of a system while [32] talks about defense against attacks. Adversarial phishing URL were generated by [33,34,35,36,37].
-
Eliminating need of dependencies: Performance of a model can be affected by the interruption of third-party services, language dependencies, etc. Study by Somesha et al. [38], Yang et al. [39], Waziral et al. [27], and Jain et al. [40] eliminated need for third-party services in their work. Webpage content-based features, language dependencies and use manually crafted features were eliminated in [39, 41, 42] respectively.
-
Additional methods: Work by [22, 43,44,45] were directed towards increasing speed of detection. [46, 47] addressed zero-day phishing vulnerabilities, [48] visualized internal working of a DNN while [41, 49, 50] created phishing detection aimed at low-power mobile devices.
4.5 Recommendations
-
Use of shared datasets: Shared datasets can help in replication and comparison among different models. It would be useful for researchers to test their data on shared datasets in addition to any proprietary dataset when possible, to help improve the side-by-side evaluation of different algorithms. Sometimes the datasets are not shared due to privacy or ethical issues. The researchers can share their approach to fetching data from a data source for easier replication.
-
Sharing code/algorithm: This will encourage reproducibility of the work and provide a way for researchers to further adapt or expand the current work.
-
Testing on updated datasets continuously. As new phishing websites are continuously introduced, this will provide a way to gauge the performance of successful phishing detection algorithms on newly introduced phishing URL
-
Standardize testing environment documentation: Experimentation is the description of the environment in which the experiment was performed. Creating a standard method of documentation, which will include details regarding the system parameters used and run-time, can help researchers assess the usability of different methods in different attack scenarios as well as recreate the test environment in future studies.
5 Conclusion
Phishing can be done through different techniques. This work focuses on the detection of phishing websites using deep learning neural networks. This study found that there is a growing body of research in this field, utilizing different techniques, datasets, and attack scenarios. This work points to share as well as datasets that continue to update and can be used in future research. It also compares the goals and design details of different studies and the resulting reported performance. This paper suggests methods for standardization of algorithms and testing reports, which can help improve the design of future studies.
References
CISCO: cisco threat report 2021. https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list
Johnson, J.: Phishing - statistics & facts. https://www.statista.com/topics/8385/phishing/
labs, F.: Phishing attacks soar 220% during COVID-19 peak as cybercriminal opportunism intensifies. https://www.f5.com/company/news/features/phishing-attacks-soar-220-during-covid-19-peak-as-cybercriminal
phishing.org: what is phishing. https://www.phishing.org/what-is-phishing
Kitchenham, B.: Procedures for performing systematic reviews. Keele, UK, Keele University 33(2004), 1–26 (2004)
PhishTank: PhishTank. https://phishtank.org/
Crawl: common crawl. https://commoncrawl.org/
Alexa: alexa top sites. https://www.alexa.com/topsites
DMOZ: Dmoz phishing dataset. https://dmoz-odp.org/docs/en/rdf.html
Maurer, M.: Phishload. https://www.medien.ifi.lmu.de/team/max.maurer/files/phishload/index.html
UCI: UCI phishing dataset. https://archive.ics.uci.edu/ml/datasets/phishing+websites
Kaggle: kaggle. https://www.kaggle.com/ahmednour/website-phishing-data-set
Marchal, S: PhishStorm. https://research.aalto.fi/en/datasets/phishstorm-phishing-legitimate-url-dataset
Marchal, S., François, J., State, R., Engel, T.: PhishStorm: detecting phishing with streaming analytics. IEEE Trans. Netw. Serv. Manage. 11(4), 458–471 (2014)
OpenPhish: OpenPhish. https://openphish.com/phishing_database.html
OpenPhish: OpenPhish API. https://github.com/openphish/pyopdb
Kaggle: Kaggle survey 2019. https://www.kaggle.com/kaggle-survey-2019
Brownlee, J.: Best programming language. https://machinelearningmastery.com/best-programming-language-for-machine-learning/
Nagaraj, K., Bhattacharjee, B., Sridhar, A., Sharvani, G.: Detection of phishing websites using a novel twofold ensemble model. J. Sys. Inf. Technol. (2018)
Ozcan, A., Catal, C., Donmez, E., Senturk, B.: A hybrid DNN-LSTM model for detecting phishing URLs. Neural Comput. Appl. 1–17 (2021)
Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G., Alghamdi, A.: Hybrid rule-based solution for phishing URL detection using convolutional neural network. Wirel. Commun. Mobile Comput. 2021 (2021)
Korkmaz, M., Kocyigit, E., Sahingoz, O.K., Diri, B.: Phishing web page detection using N-gram features extracted from URLs. In: 2021 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pp. 1–6. IEEE (2021)
Zhang, Q., Bu, Y., Chen, B., Zhang, S., Lu, X.: Research on phishing webpage detection technology based on CNN-BiLSTM algorithm. In: Journal of Physics: Conference Series, vol. 1738, p. 012131. IOP Publishing (2021)
Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., Zhu, T.: Web phishing detection using a deep learning framework. Wirel. Commun. Mobile Comput. 2018 (2018)
Xiao, X., Zhang, D., Hu, G., Jiang, Y., Xia, S.: CNN-MHSA: a convolutional neural network and multi-head self-attention combined approach for detecting phishing websites. Neural Netw. 125, 303–312 (2020)
Liu, D.J., Geng, G.G., Jin, X.B., Wang, W.: An efficient multistage phishing website detection model based on the case feature framework: aiming at the real web environment. Comput. Secur. 110, 102421 (2021)
Wazirali, R., Ahmad, R., Abu-Ein, A.A.K.: Sustaining accurate detection of phishing URLs using SDN and feature selection approaches. Comput. Netw. 201, 108591 (2021)
Saha, I., Sarma, D., Chakma, R.J., Alam, M.N., Sultana, A., Hossain, S.: Phishing attacks detection using deep learning approach. In: 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT), pp. 1180–1185. IEEE (2020)
Kazienko, P., Lughofer, E., Trawinski, B.: Editorial on the special issue “hybrid and ensemble techniques in soft computing: recent advances and emerging trends’’. Soft. Comput. 19(12), 3353–3355 (2015). https://doi.org/10.1007/s00500-015-1916-x
Sameen, M., Han, K., Hwang, S.O.: PhishHaven-an efficient real-time AI phishing URLs detection system. IEEE Access 8, 83425–83443 (2020)
Ogawa, Y., Kimura, T., Cheng, J.: Vulnerability assessment for deep learning based phishing detection system. In: 2021 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pp. 1–2. IEEE (2021)
Hashim, A., Medani, R., Attia, T.A.: Defences against web application attacks and detecting phishing links using machine learning. In: 2020 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), pp. 1–6. IEEE (2020)
AlEroud, A., Karabatis, G.: Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks. In: Proceedings of the Sixth International Workshop on Security and Privacy Analytics, pp. 53–60 (2020)
Xiao, X., et al.: Phishing websites detection via CNN and multi-head self-attention on imbalanced datasets. Comput. Secur. 108, 102372 (2021)
Zhang, J., Li, X.: Phishing detection method based on borderline-smote deep belief network. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 45–53. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_5
Pham, T.D., Pham, T.T.T., Hoang, S.T., Ta, V.C.: Exploring efficiency of GAN-based generated URLs for phishing URL detection. In: 2021 International Conference on Multimedia Analysis and Pattern Recognition (MAPR), pp. 1–6. IEEE (2021)
Shirazi, H., Bezawada, B., Ray, I., Anderson, C.: Adversarial sampling attacks against phishing detection. In: Foley, S.N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 83–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_5
Somesha, M., Pais, A.R., Rao, R.S., Rathour, V.S.: Efficient deep learning techniques for the detection of phishing websites. Sādhanā 45(1), 1–18 (2020). https://doi.org/10.1007/s12046-020-01392-4
Yang, R., Zheng, K., Wu, B., Wu, C., Wang, X.: Phishing website detection based on deep convolutional neural network and random forest ensemble learning. Sensors 21(24), 8281 (2021)
Jain, A.K., Gupta, B.B.: A machine learning based approach for phishing detection using hyperlinks information. J. Ambient. Intell. Humaniz. Comput. 10(5), 2015–2028 (2019). https://doi.org/10.1007/s12652-018-0798-z
Rao, R.S., Vaishnavi, T., Pais, A.R.: PhishDump: a multi-model ensemble based technique for the detection of phishing sites in mobile devices. Pervasive Mob. Comput. 60, 101084 (2019)
Tajaddodianfar, F., Stokes, J.W., Gururajan, A.: Texception: a character/word-level deep learning model for phishing URL detection. In: ICASSP 2020–2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2857–2861. IEEE (2020)
Zhang, L., Zhang, P.: PhishTrim: fast and adaptive phishing detection based on deep representation learning. In: 2020 IEEE International Conference on Web Services (ICWS), pp. 176–180. IEEE (2020)
Yuan, H., Yang, Z., Chen, X., Li, Y., Liu, W.: URL2vec: URL modeling with character embeddings for fast and accurate phishing website detection. In: 2018 IEEE International Conference on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pp. 265–272. IEEE (2018)
Jawade, J.V., Ghosh, S.N.: Phishing website detection using fast. ai library. In: 2021 International Conference on Communication information and Computing Technology (ICCICT), pp. 1–5. IEEE (2021)
Bu, S.J., Cho, S.B.: Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection. In: ICASSP 2021–2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2685–2689. IEEE (2021)
Bozkir, A.S., Aydos, M.: LogoSENSE: a companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Comput. Secur. 95, 101855 (2020)
Feng, T., Yue, C.: Visualizing and interpreting RNN models in URL-based phishing detection. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 13–24 (2020)
Wei, B., et al.: A deep-learning-driven light-weight phishing detection sensor. Sensors 19, 4258 (2019). https://doi.org/10.3390/s19194258.https://www.mdpi.com/1424-8220/19/19/4258
Haynes, K., Shirazi, H., Ray, I.: Lightweight URL-based phishing detection using natural language processing transformers for mobile devices. Procedia Comput. Sci. 191, 127–134 (2021)
Yu, X.: Phishing websites detection based on hybrid model of deep belief network and support vector machine. In: IOP Conference Series: Earth and Environmental Science, vol. 602, p. 012001. IOP Publishing (2020)
Zhang, X., Shi, D., Zhang, H., Liu, W., Li, R.: Efficient detection of phishing attacks with hybrid neural networks. In: 2018 IEEE 18th International Conference on Communication Technology (ICCT), pp. 844–848. IEEE (2018)
Adebowale, M.A., Lwin, K.T., Hossain, M.A.: Intelligent phishing detection scheme using deep learning algorithms. J. Enterp. Inf. Manage. (2020)
Yang, P., Zhao, G., Zeng, P.: Phishing website detection based on multidimensional features driven by deep learning. IEEE access 7, 15196–15209 (2019)
Feng, J., Zou, L., Ye, O., Han, J.: Web2vec: phishing webpage detection method based on multidimensional features driven by deep learning. IEEE Access 8, 221214–221224 (2020)
Sumathi, K., Sujatha, V.: Deep learning based-phishing attack detection. Int. J. Recent Technol. Eng. (IJRTE) 8(3) (2019)
Lakshmi, L., Reddy, M.P., Santhaiah, C., Reddy, U.J.: Smart phishing detection in web pages using supervised deep learning classification and optimization technique ADAM. Wireless Pers. Commun. 118(4), 3549–3564 (2021). https://doi.org/10.1007/s11277-021-08196-7
Soon, G.K., Chiang, L.C., On, C.K., Rusli, N.M., Fun, T.S.: Comparison of ensemble simple feedforward neural network and deep learning neural network on phishing detection. In: Alfred, R., Lim, Y., Haviluddin, H., On, C.K. (eds.) Computational Science and Technology. LNEE, vol. 603, pp. 595–604. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0058-9_57
Su, Y.: Research on website phishing detection based on LSTM RNN. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 284–288. IEEE (2020)
de Souza, C.H.M., Lemos, M.O.O., da Silva, F.S.D., Alves, R.L.S.: On detecting and mitigating phishing attacks through featureless machine learning techniques. Internet Technol. Lett. 3(1), e135 (2020)
Bartoli, A., De Lorenzo, A., Medvet, E., Tarlao, F.: Personalized, browser-based visual phishing detection based on deep learning. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds.) CRiSIS 2018. LNCS, vol. 11391, pp. 80–85. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12143-3_7
Al-Alyan, A., Al-Ahmadi, S.: Robust URL phishing detection based on deep learning. KSII Trans. Internet Inf. Syst. (TIIS) 14(7), 2752–2768 (2020)
Singh, S., Singh, M., Pandey, R.: Phishing detection from URLs using deep learning approach. In: 2020 5th International Conference on Computing, Communication and Security (ICCCS), pp. 1–4. IEEE (2020)
Aljofey, A., Jiang, Q., Qu, Q., Huang, M., Niyigena, J.P.: An effective phishing detection model based on character level convolutional neural network from URL. Electronics 9(9), 1514 (2020)
Yerima, S.Y., Alzaylaee, M.K.: High accuracy phishing detection based on convolutional neural networks. In: 2020 3rd International Conference on Computer Applications & Information Security (ICCAIS), pp. 1–6. IEEE (2020)
Dutta, A.K.: Detecting phishing websites using machine learning technique. PLoS ONE 16(10), e0258361 (2021)
Bahnsen, A.C., Bohorquez, E.C., Villegas, S., Vargas, J., González, F.A.: Classifying phishing URLs using recurrent neural networks. In: 2017 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–8. IEEE (2017)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sharma, V., Halevi, T. (2022). A Survey on Phishing Website Detection Using Deep Neural Networks. In: Stephanidis, C., Antona, M., Ntoa, S., Salvendy, G. (eds) HCI International 2022 – Late Breaking Posters. HCII 2022. Communications in Computer and Information Science, vol 1655. Springer, Cham. https://doi.org/10.1007/978-3-031-19682-9_87
Download citation
DOI: https://doi.org/10.1007/978-3-031-19682-9_87
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19681-2
Online ISBN: 978-3-031-19682-9
eBook Packages: Computer ScienceComputer Science (R0)