Authors :
Akinwole Agnes Kikelomo; Ogundele Israel Oludayo
Volume/Issue :
Volume 9 - 2024, Issue 5 - May
Google Scholar :
https://tinyurl.com/56efz7p8
Scribd :
https://tinyurl.com/ccduyyjt
DOI :
https://doi.org/10.38124/ijisrt/IJISRT24MAY353
Abstract :
Phishing represents a significant and
escalating threat within the cyber domain, inflicting
substantial financial losses on internet users annually.
This illicit practice leverages both social engineering
tactics and technological means to unlawfully obtain
sensitive information from individuals online. Despite
numerous studies and publications exploring various
methodologies to combat phishing, the number of victims
continues to surge due to the inefficiencies of current
security measures. The inherently anonymous and
unregulated nature of the internet further compounds its
susceptibility to phishing attacks. While it's commonly
believed that successful phishing endeavours involve the
creation of replica messages or websites to deceive users,
this notion has not undergone systematic examination to
identify potential vulnerabilities. This paper endeavours
to fill this gap by conducting a comprehensive evaluation
of phishing, synthesizing diverse research perspectives
and methodologies. It introduces an innovative
classification method utilizing Support Vector Machine
(SVM), achieving an impressive accuracy rate of 96.4%
in detecting phishing attempts. By implementing this
model to distinguish between phishing and legitimate
URLs, the proposed solution offers a valuable tool for
individuals and organizations to promptly identify and
mitigate phishing threats. The findings of this study hold
significant implications for bolstering internet security
measures and enhancing user awareness in navigating
potentially malicious online content.
Keywords :
Phishing, Software Detection, Cybersecurity, Support Vector Machine, URL.
References :
- S. Shea, A. S. Gillis, and C. Clark, “What is Cybersecurity?,” Search Secur., 2021.
- K. M. Bakarich and D. Baranek, “Something phish-y is going on here: A teaching case on business email compromise,” Curr. Issues Audit., vol. 14, no. 1, pp. A1–A9, 2020.
- Razorthorn phishing report https://www.razorthorn.co.uk/wp-content/uploads/2017/01/Phishi ng-S
- K. M. Bakarich and D. Baranek, “Something phish-y is going on here: A teaching case on business email compromise,” Curr. Issues Audit., vol. 14, no. 1, pp. A1–A9, 2020.
- D. Gupta and R. Rani, “Improving malware detection using big data and ensemble learning,” Comput. Electr. Eng., vol. 86, p. 106729, 2020.
- Microsoft Security Intelligence Report (2019) vol 24 https://www.microsoft.com/security
- G.-G. Geng, Z.-W. Yan, Y. Zeng, and X.-B. Jin, “RRPhish: Anti-phishing via mining brand resources request,” in 2018 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2018, pp. 1–2.
- Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing attacks: A recent comprehensive study and a new anatomy,” Front. Comput. Sci., vol. 3, p. 563060, 2021.
- J. VanderPlas, Python data science handbook: Essential tools for working with data. “ O’Reilly Media, Inc.,” 2016.
- N. Bambrick, “Support vector machines: A simple explanation,” línea]. Dispon. en https//www. kdnuggets. com/2016/07/support-vector-machines-simple-explanation. html, 2018.
- R. Pupale, “Support vector machines (svm)—an overview,” A post Towar. data Sci. available https//towardsdatascience.com/https-medium-compupalerushikesh-svm-f4b42800e989, 2018.
- K. L. Chiew, K. S. C. Yong, and C. L. Tan, “A survey of phishing attacks: Their types, vectors and technical approaches,” Expert Syst. Appl., vol. 106, pp. 1–20, 2018.
- I. Qabajeh, F. Thabtah, and F. Chiclana, “A recent review of conventional vs. automated cybersecurity anti-phishing techniques,” Comput. Sci. Rev., vol. 29, pp. 44–55, 2018.
- M. Volkamer, K. Renaud, B. Reinheimer, and A. Kunz, “User experiences of torpedo: Tooltip-powered phishing email detection,” Comput. Secur., vol. 71, pp. 100–113, 2017.
- A. Basit, M. Zafar, X. Liu, A. R. Javed, Z. Jalil, and K. Kifayat, “A comprehensive survey of AI-enabled phishing attacks detection techniques,” Telecommun. Syst., vol. 76, pp. 139–154, 2021.
- D. M. Y. Beh and R. Bahuang, “Detecting Phishing Uniform Resource Locator (URL) using Machine Learning,” J. Comput. Technol. Creat. Content, vol. 7, no. 2, pp. 35–41, 2022.
- M. N. Alam, D. Sarma, F. F. Lima, I. Saha, and S. Hossain, “Phishing attacks detection using machine learning approach,” in 2020 third international conference on smart systems and inventive technology (ICSSIT), IEEE, 2020, pp. 1173–1179.
- P. Dewan, A. Kashyap, and P. Kumaraguru, “Analyzing social and stylometric features to identify spear phishing emails,” in 2014 apwg symposium on electronic crime research (ecrime), IEEE, 2014, pp. 1–13.
- R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581–590, 2006.
- C. Ludl, S. McAllister, E. Kirda, and C. Kruegel, “On the effectiveness of techniques to detect phishing sites,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 20–39, Springer, 2007.
- A. P. Rosiello, E. Kirda, F. Ferrandi, et al., “A layout-similarity-based approach for detecting phishing pages,” in 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops-SecureComm 2007, pp. 454–463, IEEE, 2007.
- S. Afroz and R. Greenstadt, “Phishzoo: Detecting phishing websites by looking at them,” in 2011 IEEE fifth international conference on semantic computing, pp. 368–375, IEEE, 2011.
- K.-T. Chen, J.-Y. Chen, C.-R. Huang, and C.-S. Chen, “Fighting phishing with discriminative keypoint features,” IEEE Internet Computing, vol. 13, no. 3, pp. 56–63, 2009.
- S. Rao, A. K. Verma, and T. Bhatia, “A review on social spam detection: Challenges, open issues, and future directions,” Expert Syst. Appl., vol. 186, p. 115742, 2021.
- D. D. Rufo, T. G. Debelee, A. Ibenthal, and W. G. Negera, “Diagnosis of diabetes mellitus using gradient boosting machine (LightGBM),” Diagnostics, vol. 11, no. 9, p. 1714, 2021.
- A. K. Dutta, “Detecting phishing websites using machine learning technique,” PLoS One, vol. 16, no. 10, p. e0258361, 2021.
- H. Nozari and M. E. Sadeghi, “Artificial intelligence and Machine Learning for Real-world problems (A survey),” Int. J. Innov. Eng., vol. 1, no. 3, pp. 38–47, 2021.
- P. C. Sen, M. Hajra, and M. Ghosh, “Supervised classification algorithms in machine learning: A survey and review,” in Emerging Technology in Modelling and Graphics: Proceedings of IEM Graph 2018, Springer, 2020, pp. 99–111.
- S. Naeem, A. Ali, S. Anam, and M. M. Ahmed, “An unsupervised machine learning algorithms: Comprehensive review,” Int. J. Comput. Digit. Syst., 2023.
- S. M. Miraftabzadeh, C. G. Colombo, M. Longo, and F. Foiadelli, “K-means and alternative clustering methods in modern power systems,” IEEE Access, 2023.
- O. E. Olawade, S. A. Onashoga, and O. Arogundade, “Comparative analysis of machine learning techniques in health system,” in 2020 international conference in mathematics, computer engineering and computer science (ICMCECS), IEEE, 2020, pp. 1–6.
- J. Cervantes, F. Garcia-Lamont, L. Rodríguez-Mazahua, and A. Lopez, “A comprehensive survey on support vector machine classification: Applications, challenges and trends,” Neurocomputing, vol. 408, pp. 189–215, 2020.
- V. Shahrivari, M. M. Darabi, and M. Izadi, “Phishing detection using machine learning techniques,” arXiv Prepr. arXiv2009.11116, 2020.
- M. Almseidin, A. A. Zuraiq, M. Al-Kasassbeh, & N. Alnidami, Phishing detection based on machine learning and feature selection methods, International Association of Online Engineering, Retrieved July 9, 2023, (2019).
- A. Suryan, C. Kumar, M. Mehta, R. Juneja, and A. Sinha, “Learning model for phishing website detection,” EAI Endorsed Trans. Scalable Inf. Syst., vol. 7, no. 27, pp. e6–e6, 2020.
- S. Naaz, “Detection of phishing in internet of things using machine learning approach,” Int. J. Digit. Crime Forensics, vol. 13, no. 2, pp. 1–15, 2021.
- E. Gandotra and D. Gupta, “An efficient approach for phishing detection using machine learning,” Multimed. Secur. Algorithm Dev. Anal. Appl., pp. 239–253, 2021.
- N. M. Shekokar, C. Shah, M. Mahajan, and S. Rachh, “An ideal approach for detection and prevention of phishing attacks,” Procedia Comput. Sci., vol. 49, pp. 82–91, 2015.
Phishing represents a significant and
escalating threat within the cyber domain, inflicting
substantial financial losses on internet users annually.
This illicit practice leverages both social engineering
tactics and technological means to unlawfully obtain
sensitive information from individuals online. Despite
numerous studies and publications exploring various
methodologies to combat phishing, the number of victims
continues to surge due to the inefficiencies of current
security measures. The inherently anonymous and
unregulated nature of the internet further compounds its
susceptibility to phishing attacks. While it's commonly
believed that successful phishing endeavours involve the
creation of replica messages or websites to deceive users,
this notion has not undergone systematic examination to
identify potential vulnerabilities. This paper endeavours
to fill this gap by conducting a comprehensive evaluation
of phishing, synthesizing diverse research perspectives
and methodologies. It introduces an innovative
classification method utilizing Support Vector Machine
(SVM), achieving an impressive accuracy rate of 96.4%
in detecting phishing attempts. By implementing this
model to distinguish between phishing and legitimate
URLs, the proposed solution offers a valuable tool for
individuals and organizations to promptly identify and
mitigate phishing threats. The findings of this study hold
significant implications for bolstering internet security
measures and enhancing user awareness in navigating
potentially malicious online content.
Keywords :
Phishing, Software Detection, Cybersecurity, Support Vector Machine, URL.