Authors : Akinwole Agnes Kikelomo; Ogundele Israel Oludayo

Volume/Issue : Volume 9 - 2024, Issue 5 - May

Google Scholar : https://tinyurl.com/56efz7p8

Scribd : https://tinyurl.com/ccduyyjt

DOI : https://doi.org/10.38124/ijisrt/IJISRT24MAY353

Abstract : Phishing represents a significant and escalating threat within the cyber domain, inflicting substantial financial losses on internet users annually. This illicit practice leverages both social engineering tactics and technological means to unlawfully obtain sensitive information from individuals online. Despite numerous studies and publications exploring various methodologies to combat phishing, the number of victims continues to surge due to the inefficiencies of current security measures. The inherently anonymous and unregulated nature of the internet further compounds its susceptibility to phishing attacks. While it's commonly believed that successful phishing endeavours involve the creation of replica messages or websites to deceive users, this notion has not undergone systematic examination to identify potential vulnerabilities. This paper endeavours to fill this gap by conducting a comprehensive evaluation of phishing, synthesizing diverse research perspectives and methodologies. It introduces an innovative classification method utilizing Support Vector Machine (SVM), achieving an impressive accuracy rate of 96.4% in detecting phishing attempts. By implementing this model to distinguish between phishing and legitimate URLs, the proposed solution offers a valuable tool for individuals and organizations to promptly identify and mitigate phishing threats. The findings of this study hold significant implications for bolstering internet security measures and enhancing user awareness in navigating potentially malicious online content.

Keywords : Phishing, Software Detection, Cybersecurity, Support Vector Machine, URL.

References :

1. S. Shea, A. S. Gillis, and C. Clark, “What is Cybersecurity?,” Search Secur., 2021.
2. K. M. Bakarich and D. Baranek, “Something phish-y is going on here: A teaching case on business email compromise,” Curr. Issues Audit., vol. 14, no. 1, pp. A1–A9, 2020.
3. Razorthorn phishing report https://www.razorthorn.co.uk/wp-content/uploads/2017/01/Phishi ng-S
4. K. M. Bakarich and D. Baranek, “Something phish-y is going on here: A teaching case on business email compromise,” Curr. Issues Audit., vol. 14, no. 1, pp. A1–A9, 2020.
5. D. Gupta and R. Rani, “Improving malware detection using big data and ensemble learning,” Comput. Electr. Eng., vol. 86, p. 106729, 2020.
6. Microsoft Security Intelligence Report (2019) vol 24 https://www.microsoft.com/security
7. G.-G. Geng, Z.-W. Yan, Y. Zeng, and X.-B. Jin, “RRPhish: Anti-phishing via mining brand resources request,” in 2018 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2018, pp. 1–2.
8. Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing attacks: A recent comprehensive study and a new anatomy,” Front. Comput. Sci., vol. 3, p. 563060, 2021.
9. J. VanderPlas, Python data science handbook: Essential tools for working with data. “ O’Reilly Media, Inc.,” 2016.
10. N. Bambrick, “Support vector machines: A simple explanation,” línea]. Dispon. en https//www. kdnuggets. com/2016/07/support-vector-machines-simple-explanation. html, 2018.
11. R. Pupale, “Support vector machines (svm)—an overview,” A post Towar. data Sci. available https//towardsdatascience.com/https-medium-compupalerushikesh-svm-f4b42800e989, 2018.
12. K. L. Chiew, K. S. C. Yong, and C. L. Tan, “A survey of phishing attacks: Their types, vectors and technical approaches,” Expert Syst. Appl., vol. 106, pp. 1–20, 2018.
13. I. Qabajeh, F. Thabtah, and F. Chiclana, “A recent review of conventional vs. automated cybersecurity anti-phishing techniques,” Comput. Sci. Rev., vol. 29, pp. 44–55, 2018.
14. M. Volkamer, K. Renaud, B. Reinheimer, and A. Kunz, “User experiences of torpedo: Tooltip-powered phishing email detection,” Comput. Secur., vol. 71, pp. 100–113, 2017.
15. A. Basit, M. Zafar, X. Liu, A. R. Javed, Z. Jalil, and K. Kifayat, “A comprehensive survey of AI-enabled phishing attacks detection techniques,” Telecommun. Syst., vol. 76, pp. 139–154, 2021.
16. D. M. Y. Beh and R. Bahuang, “Detecting Phishing Uniform Resource Locator (URL) using Machine Learning,” J. Comput. Technol. Creat. Content, vol. 7, no. 2, pp. 35–41, 2022.
17. M. N. Alam, D. Sarma, F. F. Lima, I. Saha, and S. Hossain, “Phishing attacks detection using machine learning approach,” in 2020 third international conference on smart systems and inventive technology (ICSSIT), IEEE, 2020, pp. 1173–1179.
18. P. Dewan, A. Kashyap, and P. Kumaraguru, “Analyzing social and stylometric features to identify spear phishing emails,” in 2014 apwg symposium on electronic crime research (ecrime), IEEE, 2014, pp. 1–13.
19. R. Dhamija, J. D. Tygar, and M. Hearst, “Why phishing works,” in Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581–590, 2006.
20. C. Ludl, S. McAllister, E. Kirda, and C. Kruegel, “On the effectiveness of techniques to detect phishing sites,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 20–39, Springer, 2007.
21. A. P. Rosiello, E. Kirda, F. Ferrandi, et al., “A layout-similarity-based approach for detecting phishing pages,” in 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops-SecureComm 2007, pp. 454–463, IEEE, 2007.
22. S. Afroz and R. Greenstadt, “Phishzoo: Detecting phishing websites by looking at them,” in 2011 IEEE fifth international conference on semantic computing, pp. 368–375, IEEE, 2011.
23. K.-T. Chen, J.-Y. Chen, C.-R. Huang, and C.-S. Chen, “Fighting phishing with discriminative keypoint features,” IEEE Internet Computing, vol. 13, no. 3, pp. 56–63, 2009.
24. S. Rao, A. K. Verma, and T. Bhatia, “A review on social spam detection: Challenges, open issues, and future directions,” Expert Syst. Appl., vol. 186, p. 115742, 2021.
25. D. D. Rufo, T. G. Debelee, A. Ibenthal, and W. G. Negera, “Diagnosis of diabetes mellitus using gradient boosting machine (LightGBM),” Diagnostics, vol. 11, no. 9, p. 1714, 2021.
26. A. K. Dutta, “Detecting phishing websites using machine learning technique,” PLoS One, vol. 16, no. 10, p. e0258361, 2021.
27. H. Nozari and M. E. Sadeghi, “Artificial intelligence and Machine Learning for Real-world problems (A survey),” Int. J. Innov. Eng., vol. 1, no. 3, pp. 38–47, 2021.
28. P. C. Sen, M. Hajra, and M. Ghosh, “Supervised classification algorithms in machine learning: A survey and review,” in Emerging Technology in Modelling and Graphics: Proceedings of IEM Graph 2018, Springer, 2020, pp. 99–111.
29. S. Naeem, A. Ali, S. Anam, and M. M. Ahmed, “An unsupervised machine learning algorithms: Comprehensive review,” Int. J. Comput. Digit. Syst., 2023.
30. S. M. Miraftabzadeh, C. G. Colombo, M. Longo, and F. Foiadelli, “K-means and alternative clustering methods in modern power systems,” IEEE Access, 2023.
31. O. E. Olawade, S. A. Onashoga, and O. Arogundade, “Comparative analysis of machine learning techniques in health system,” in 2020 international conference in mathematics, computer engineering and computer science (ICMCECS), IEEE, 2020, pp. 1–6.
32. J. Cervantes, F. Garcia-Lamont, L. Rodríguez-Mazahua, and A. Lopez, “A comprehensive survey on support vector machine classification: Applications, challenges and trends,” Neurocomputing, vol. 408, pp. 189–215, 2020.
33. V. Shahrivari, M. M. Darabi, and M. Izadi, “Phishing detection using machine learning techniques,” arXiv Prepr. arXiv2009.11116, 2020.
34. M. Almseidin, A. A. Zuraiq, M. Al-Kasassbeh, & N. Alnidami, Phishing detection based on machine learning and feature selection methods, International Association of Online Engineering, Retrieved July 9, 2023, (2019).
35. A. Suryan, C. Kumar, M. Mehta, R. Juneja, and A. Sinha, “Learning model for phishing website detection,” EAI Endorsed Trans. Scalable Inf. Syst., vol. 7, no. 27, pp. e6–e6, 2020.
36. S. Naaz, “Detection of phishing in internet of things using machine learning approach,” Int. J. Digit. Crime Forensics, vol. 13, no. 2, pp. 1–15, 2021.
37. E. Gandotra and D. Gupta, “An efficient approach for phishing detection using machine learning,” Multimed. Secur. Algorithm Dev. Anal. Appl., pp. 239–253, 2021.
38. N. M. Shekokar, C. Shah, M. Mahajan, and S. Rachh, “An ideal approach for detection and prevention of phishing attacks,” Procedia Comput. Sci., vol. 49, pp. 82–91, 2015.