Phishing attacks continue to pose a significant threat to internet users, targeting individuals across various online platforms. In response to this pervasive issue, we present a novel approach aimed ...at bolstering internet security through the development of a browser extension. Leveraging machine learning algorithms, our extension provides real-time analysis of URLs to determine their susceptibility to phishing attacks. By empowering users with the ability to identify potentially harmful websites, our solution aims to mitigate the risks associated with falling victim to phishing scams. Furthermore, our extension offers a proactive feature allowing users to contribute to a vulnerable site list, enhancing collective defence against emerging threats. Through the implementation of our browser extension, we strive to provide a robust layer of protection for users, thereby fostering a safer online environment.
Phishing attacks are cyber attacks that deceive victims into revealing sensitive information or downloading malware. They serve as a gateway to various malware attacks, including ransomware attacks. ...These attacks cause millions of dollars in losses for individuals and organizations annually. The frequency of phishing attacks continues to rise, with attackers constantly developing new techniques to bypass detection systems. One example is hidden malicious links within seemingly legitimate web pages, making them difficult for humans to detect, such as browser-in-the-browser attacks (BiTB). Therefore, relying solely on fixed detection systems can make one vulnerable to phishing attacks. Therefore, the critical need for a system that can continuously improve over time arises. This paper proposes enhancing a detection system by incorporating human feedback. To achieve this, we have designed a human-in-the-loop deep learning active system that uses human feedback to enhance the model's performance. We use PhishTransformer as our initial model. We then gathered new data for testing and accessed it through our browser extension. Subsequently, we collect new data for each version of the model. The initial model is retrained three times with the new data, saving the model after each iteration. We then retest the model using the test data and train the next version. The evaluation of each model version is based on the following metrics: accuracy, loss, precision, recall, and F1 score. Our model shows an improvement of around 5% of all metrics from the base model into the Version 3 model.
Phishing is one of the most popular cyberspace attacks. Phishing detection has been integrated into mainstream browsers to provide online protection. The phishing detector of Google Chrome reports ...millions of phishing attacks per week. However, it has been proven to be vulnerable to evasion attacks. Currently, Google has upgraded Chrome/Chromium's phishing detector, introducing a CNN-based image classifier. The robustness of the new-generation detector is unclear. If it can be bypassed, its billions of users will be exposed to sophisticated attackers. This paper presents a critical evaluation of Google's phishing detector by targeted evasion testing, and investigates corresponding defensive techniques. First, we propose a three-stage evasion method against the phishing image classifier. The experiments show that it can be completely bypassed with adversarial phishing pages generated using the proposed method. Meanwhile, the phishing pages still preserve their visual utility. Second, we introduce two defense techniques to enhance the phishing detection model. The results show that even using lightweight defense methods can significantly improve the model robustness. Our research reveals that Google's new-generation phishing classifier is very vulnerable to targeted evasion attacks. A sophisticated phishers can know how to fool the classifier. Billions of Chrome users are being exposed to potential phishing attacks. To improve its robustness, necessary security enhancements should be introduced.
Phishing is a huge problem in the online world, costing businesses and individuals money. Fraudulently replicating an existing online page to trick users into providing their personal, financial, or ...other transactional information is known as phishing. This type of assault is carried out by creating a copy of the original web page. In this point, hackers are highly proficient at exploiting their expertise and breaking into the systems of others in order to steal their data. Phishing is a type of cybercrime that involves posing as a legitimate business in order to get access to a victim's personal information, such as bank account numbers, credit card numbers, and other sensitive information. Phishing is primarily an internet robbery technique. In order to fool consumers into thinking they are on a legitimate website, a Phishing site looks exactly like the equivalent legal site. It is possible to utilise visual similarity oriented phishing detection approaches to make decisions based on factors such as text content, HTML elements and Cascading Style Sheets (CSS). By comparing the suspected website with its corresponding legal counterpart, this method determines whether or not it is a case of Phishing when there is a high degree of resemblance in features. Deceptive phishing & malware-based phishing are two distinct types of phishing. Various anti-phishing strategies have been devised to keep users secure from attackers. A visual similarity-based method to combat phishing attempts is presented in this work in order to provide readers a better knowledge of the problem, currently selected space, and potential future research directions.
Phishing has become a prominent method of data theft among hackers, and it continues to develop. In recent years, many strategies have been developed to identify phishing website attempts using ...machine learning particularly. However, the algorithms and classification criteria that have been used are highly different from the real issues and need to be compared. This paper provides a detailed comparison and evaluation of the performance of several machine learning algorithms across multiple datasets. Two phishing website datasets were used for the experiments: the Phishing Websites Dataset from UCI (2016) and the Phishing Websites Dataset from Mendeley (2018). Because these datasets include different types of class labels, the comparison algorithms can be applied in a variety of situations. The tests showed that Random Forest was better than other classification methods, with an accuracy of 88.92% for the UCI dataset and 97.50% for the Mendeley dataset.
Doing business in a network environment, despite its high efficiency, due to the fact that it is a "remote" activity, is very inspiring for various types of dishonest actions and fraud. Phishing is a ...form of fraud in which an attacker tries to find out sensitive information such as user login information or account information. The phishing attacks that are happening today are sophisticated and increasingly difficult to spot. To find out which URL is legitimate and which is not, we used a neural network as a binary classifier of machine learning. To measure the performance of the model, we used binary classification accuracy.
The constantly evolving phishing attacks have forced scientists to counter such an attack. Most phishing attacks come with dangerous links or URLs that can potentially lead to data or information ...leaking to third parties. Machine Learning has been proven great in many cases of both known and unknown types of analysis. Its ability to both give reasoning and "self-taught" in addition with easier duplication makes it great to counter phishing attacks. This paper compares different machine learning algorithms to detect whether a URL is a legitimate URL or a phishing URL with a certain feature using a Web page phishing detection dataset. The machine learning algorithms that were compared are Naive Bayes, K-Nearest Neighbor, Random Forest, Decision Tree, Support Vector Machine, and Logistic Regression. The models were trained using a phishing dataset that has been passed through a preprocessing and encoding layer. The model resulting accuracy, along with other evaluation metrics are recorded and compared to each other. The results are pretty close with the highest accuracy claimed by the Random Forest algorithm which is 98,04% out of 11429 URLs.
Machine Learning Approach Based Phishing Email Text Analysis (ML-PE-TA) Ahammad, Shaik Mulinti Mustaq; Raviteja, Tangudu; Koushik, Jami ...
2022 Third International Conference on Intelligent Computing Instrumentation and Control Technologies (ICICICT),
2022-Aug.-11
Conference Proceeding
Phishing based incidents are the procedure of posting illegal or dishonest communications that seems to be originated from a trustworthy sending node. It is commonly reflected in the case of email ...transmission. The aim is to rob one's important personal information which includes credit/ debit card details, login information, account related data etc. In one way or another, Phishing emails are can trick users into revealing crucial technical or personal information. Users needs to be very careful and cautious when working with the emails they receive in their Inbox. In addition to verifying sender information, users must be wise enough in analyzing the body of the email to remain protected against such frauds. To account for this reason, this study have proposed a simple yet effective approach, ML-PE-TA,for analyzing the email text body with Machine learning algorithms. Using the proposed approach, this paper could achieve an accuracy of 96 percentage with a minimum count of vital features only for Phishing Email Text Analysis. At the same time, by the application of dimensionality reduction techniques, the proposed approach is able to reduce the dimensionality of the data considerably, which is better than state-of-the-art existing phishing email detection techniques which have much greater number of features and lesser accuracy rate.
People are being compelled to adopt a "work from home" strategy because of the COVID-19 outbreak. In today's world, the Internet has evolved into a powerful tool for social connection. People's ...reliance on digital platforms creates opportunities for deception. Phishing websites are one of the types of internet security issues that target human vulnerabilities rather than software flaws. It is defined as the act of impersonating someone else to steal sensitive information such as usernames and passwords from online users. In this research, we provide an intelligent system for identifying phishing websites that work as an extension to an internet browser and automatically warn the user when a phishing website is detected.
Phishing is the enchanting utilization of automated trades to cheat and exploit clients. Phishing attacks exertion to get intriguing, private information, for instance, usernames, passwords, charge ...card information, and affiliation confirmations, absolutely. By acting like a real individual or foundation through telephone or email, electronic aggressors utilize social expecting to push occurrences toward performing unequivocal activities like tapping on a perilous collusion or affiliation or wilfully uncovering private data. Nowadays, aggressors use different correspondence mediums to talk with the adversities, for instance, email, message (SMS), telephone, and others. No matter what the quick movement of Internet show based illuminating affiliations, SMS genuinely remains an obvious correspondence relationship in our lives as of in the relatively recent past. For example, a few affiliations consider that messages are more convincing than messages. This is thinking about the way that 82% of SMSs are explored inside 5 min., yet clients simply open one of each four messages they get. The significance of generally suggests irritating or unconstrained messages got by phone clients through Short Messaging Service (SMS). The SMS phishing is another strategy where the phisher works the SMS as a medium to visit with individuals being suggested and this system is seen as smishing (SMS+phishing). In any case, SMS is one of the potential instruments to really chat with others through phones without the web. As Transfer Learning from colossal degree set up models ends up being more inevitable in Natural Language Processing (NLP), working these huge models in on-the-edge as well as under obliged computational arrangement or confirmation monetary plans stays testing. Phones are famous with engineers since they're expected fast responses pondering insignificant huge information. For seeing phishing attacks in low computational contraptions we can use a quantized model. This work focuses on seeing SMS phishing attacks continuously with the help of BERT in edges. Not the slightest bit like reliable language depiction models, BERT expected to pre-train basic bidirectional depictions from unlabeled text by customarily shaping on both left and right setting in all layers.