<p>Phishing attacks are one of the security challenges of the Internet. Fake websites use phishing attacks on the Internet. Phishers use social engineering techniques to trick users into accessing fake web pages. The fake pages are very similar to the legal pages, making it easy for users to be deceived and leading to the theft of their information, such as usernames and passwords. Phishing primarily targets financial websites and payment gateways, resulting in significant losses. In most research, machine learning and deep learning methods are combined with feature selection methods to detect phishing attacks. In most studies, features related to phishing are selected by a method. The combination of feature selection methods for detecting phishing helps select optimal features and reduces error by leveraging learning methods. Imbalance in the training dataset, uncertainty in feature selection and extraction of appropriate features, and under-optimization of machine learning and deep learning model parameters are among the significant challenges in phishing detection. To overcome these challenges, a five-stage approach is presented in the manuscript. In the first phase, game theory and the GAN network are used to balance the dataset. In the second phase, a CNN-based method is presented to extract URL features. In the feature selection phase, an improved version based on jellyfish search optimizer (JSO) and information gain (IG) algorithms is presented. In the fourth phase, an LSTM, RF, and SVM-embedded learning approach is used to classify samples. Finally, to reduce the output error, the hyperparameters of the embedded learning model are optimized with the JSO algorithm. Experiments show that the proposed method achieves 99.36%, 99.31%, and 99.32% accuracy, sensitivity, and precision in detecting phishing attacks, respectively. The proposed method (IJE) is more accurate at detecting phishing attacks than LSTM, Bi-LSTM, and RF methods. On the dataset created from Kaggle, Alexa, and PhishStorm sources, the proposed method achieves 99.53% accuracy and outperforms the RNN-GRU, LSTM-CNN, and VAE-DNN methods in detecting phishing. On the Malicious Phish dataset, the proposed method achieved 99.38% accuracy and outperformed GA+CNN+LSTM, PSO+CNN+LSTM, and HHO+CNN+LSTM methods in phishing detection.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Identification of fake pages and phishing attacks on the Internet with deep learning based on the jellyfish search optimizer (JSO) algorithm

  • Nahid Ebrahimizade,
  • Nasrin Aghaee-Maybodi

摘要

Phishing attacks are one of the security challenges of the Internet. Fake websites use phishing attacks on the Internet. Phishers use social engineering techniques to trick users into accessing fake web pages. The fake pages are very similar to the legal pages, making it easy for users to be deceived and leading to the theft of their information, such as usernames and passwords. Phishing primarily targets financial websites and payment gateways, resulting in significant losses. In most research, machine learning and deep learning methods are combined with feature selection methods to detect phishing attacks. In most studies, features related to phishing are selected by a method. The combination of feature selection methods for detecting phishing helps select optimal features and reduces error by leveraging learning methods. Imbalance in the training dataset, uncertainty in feature selection and extraction of appropriate features, and under-optimization of machine learning and deep learning model parameters are among the significant challenges in phishing detection. To overcome these challenges, a five-stage approach is presented in the manuscript. In the first phase, game theory and the GAN network are used to balance the dataset. In the second phase, a CNN-based method is presented to extract URL features. In the feature selection phase, an improved version based on jellyfish search optimizer (JSO) and information gain (IG) algorithms is presented. In the fourth phase, an LSTM, RF, and SVM-embedded learning approach is used to classify samples. Finally, to reduce the output error, the hyperparameters of the embedded learning model are optimized with the JSO algorithm. Experiments show that the proposed method achieves 99.36%, 99.31%, and 99.32% accuracy, sensitivity, and precision in detecting phishing attacks, respectively. The proposed method (IJE) is more accurate at detecting phishing attacks than LSTM, Bi-LSTM, and RF methods. On the dataset created from Kaggle, Alexa, and PhishStorm sources, the proposed method achieves 99.53% accuracy and outperforms the RNN-GRU, LSTM-CNN, and VAE-DNN methods in detecting phishing. On the Malicious Phish dataset, the proposed method achieved 99.38% accuracy and outperformed GA+CNN+LSTM, PSO+CNN+LSTM, and HHO+CNN+LSTM methods in phishing detection.