Phishing website detection using support vector machines and nature-inspired optimization algorithms
- PDF / 922,486 Bytes
- 16 Pages / 595.276 x 790.866 pts Page_size
- 57 Downloads / 192 Views
Phishing website detection using support vector machines and nature-inspired optimization algorithms Sagnik Anupam1
· Arpan Kumar Kar2
Accepted: 5 November 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Phishing websites are amongst the biggest threats Internet users face today, and existing methods like blacklisting, using SSL certificates, etc. often fail to keep up with the increasing number of threats. This paper aims to utilise different properties of a website URL, and use a machine learning model to classify websites as phishing and non-phishing. These properties include the IP address length, the authenticity of the HTTPs request being sent by the website, usage of pop-up windows to enter data, Server Form Handler status, etc. A Support Vector Machine binary classifier trained on an existing dataset has been used to predict if a website was a legitimate website or not, by finding an optimum hyperplane to separate the two categories. This optimum hyperplane is found with the help of four optimization algorithms, the Bat Algorithm, the Firefly Algorithm, the Grey Wolf Optimiser algorithm and the Whale Optimization Algorithm, which are inspired by various natural phenomena. Amongst the four nature-inspired optimization algorithms, it has been determined that the Grey Wolf Optimiser algorithm’s performance is significantly better than that of the Firefly Algorithm, but there is no significant difference while comparing the performance of any other pair of algorithms. However, all four nature-inspired optimization algorithms perform significantly better than the grid-search optimized Random Forest classifier model described in earlier research. Keywords Phishing · Machine learning · Swarm intelligence · Classification · Cybersecurity
1 Introduction Phishing is one of the most challenging security problems faced by the world today, in part due to the large number of online transactions that take place daily. It refers to the practice of trying to obtain sensitive information, like usernames, passwords and credit card details for malicious reasons by mimicking a trustworthy entity, like a well-known and trusted website. It can be carried out by email spoofing, or instant messaging, and generally appears to be from social networking websites, auction sites as well as online payment processing websites. Phishing websites deceive users, and exploit weaknesses of web security technologies. The September 2017 Webroot Data [1] estimates that approxi-
B
Sagnik Anupam [email protected] Arpan Kumar Kar [email protected]
1
DPS RK Puram, New Delhi 110022, India
2
Department of Management Studies, Indian Institute of Technology, New Delhi 110016, India
mately 1.385 million such phishing websites are created on a monthly basis. Phishing is a difficult problem for social networking websites to tackle, because it relies on tricking users into revealing confidential data, as opposed to finding exploits to gain access to their accounts. Phishing scams often try to convince vi
Data Loading...
