Detecção de ataques de phishing em tempo real utilizando algoritmos de aprendizado de máquina
Abstract
Phishing is a type of social engineering cyber-attack that aims to steal user’s personal information. Due to the COVID-19 pandemic and increase of remote work, the number of cyber-attacks has increased, especially phishing. Although many anti-phishing solutions exist, such as blacklists and heuristics, attacks are constantly adapting. This work proposes a machine learning based model for real time detection of phishing attacks that is focused on performance. Six algorithms were tested and out of witch, SVM obtained the best result with an accuracy of 99,19%.
References
Berrar, D. et al. (2019). Cross-validation.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: a literature survey. IEEE Communications Surveys & Tutorials, 15(4):2091–2121.
Nagunwa, T., Kearney, P., and Fouad, S. (2022). A machine learning approach for detecting fast flux phishing hostnames. Journal of Information Security and Applications, 65:103125.
Nielsen, J. (1994). Usability engineering. Morgan Kaufmann.
Ozimek, A. (2020). The future of remote work. Available at SSRN 3638597.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Pranggono, B. and Arabo, A. (2021). Covid-19 pandemic cybersecurity issues. Internet Technology Letters, 4(2):e247.
Rao, R. S. and Pais, A. R. (2019). Detection of phishing websites using an efficient feature-based machine learning framework. Neural Computing and Applications, 31:3851–3873.
Sahingoz, O. K., Buber, E., Demir, O., and Diri, B. (2019). Machine learning based phishing detection from urls. Expert Systems with Applications, 117:345–357.
Shahrivari, V., Darabi, M. M., and Izadi, M. (2020). Phishing detection using machine learning techniques. arXiv preprint arXiv:2009.11116.
Stalmans, E. and Irwin, B. (2011). A framework for dns based detection and mitigation of malware infections on a network. In 2011 Information Security for South Africa, pages 1–8. IEEE.
Zhang, Y., Hong, J. I., and Cranor, L. F. (2007). Cantina: a content-based approach to detecting phishing web sites. In Proceedings of the 16th international conference on World Wide Web, pages 639–648.
Khonji, M., Iraqi, Y., and Jones, A. (2013). Phishing detection: a literature survey. IEEE Communications Surveys & Tutorials, 15(4):2091–2121.
Nagunwa, T., Kearney, P., and Fouad, S. (2022). A machine learning approach for detecting fast flux phishing hostnames. Journal of Information Security and Applications, 65:103125.
Nielsen, J. (1994). Usability engineering. Morgan Kaufmann.
Ozimek, A. (2020). The future of remote work. Available at SSRN 3638597.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Pranggono, B. and Arabo, A. (2021). Covid-19 pandemic cybersecurity issues. Internet Technology Letters, 4(2):e247.
Rao, R. S. and Pais, A. R. (2019). Detection of phishing websites using an efficient feature-based machine learning framework. Neural Computing and Applications, 31:3851–3873.
Sahingoz, O. K., Buber, E., Demir, O., and Diri, B. (2019). Machine learning based phishing detection from urls. Expert Systems with Applications, 117:345–357.
Shahrivari, V., Darabi, M. M., and Izadi, M. (2020). Phishing detection using machine learning techniques. arXiv preprint arXiv:2009.11116.
Stalmans, E. and Irwin, B. (2011). A framework for dns based detection and mitigation of malware infections on a network. In 2011 Information Security for South Africa, pages 1–8. IEEE.
Zhang, Y., Hong, J. I., and Cranor, L. F. (2007). Cantina: a content-based approach to detecting phishing web sites. In Proceedings of the 16th international conference on World Wide Web, pages 639–648.
Published
2023-09-18
How to Cite
SOUZA, João A.; MASCARENHAS, Dalbert M..
Detecção de ataques de phishing em tempo real utilizando algoritmos de aprendizado de máquina. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 165-176.
DOI: https://doi.org/10.5753/sbseg_estendido.2023.234608.
