Towards a multi-layered phishing detection

Kieran Rendall; Antonia Nisioti; Alexios Mylonas

doi:10.3390/s20164540

Towards a multi-layered phishing detection

Kieran Rendall, Antonia Nisioti, Alexios Mylonas

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

42 Downloads (Pure)

Abstract

Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.

Original language	English
Article number	4540
Number of pages	18
Journal	Sensors
Volume	20
Issue number	16
DOIs	https://doi.org/10.3390/s20164540
Publication status	Published - 13 Aug 2020

Keywords

Multi-layer
Phishing
Supervised machine learning

Access to Document

10.3390/s20164540Licence: CC BY

sensors_20_04540
© 2020 The Author(s). This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Final published version, 1.52 MBLicence: CC BY

Cite this

@article{a65e29bf602e45e88e0e6aff588a7a5e,

title = "Towards a multi-layered phishing detection",

abstract = "Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.",

keywords = "Multi-layer, Phishing, Supervised machine learning",

author = "Kieran Rendall and Antonia Nisioti and Alexios Mylonas",

note = "{\textcopyright} 2020 The Author(s). This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.",

year = "2020",

month = aug,

day = "13",

doi = "10.3390/s20164540",

language = "English",

volume = "20",

journal = "Sensors",

issn = "1424-3210",

publisher = "MDPI Multidisciplinary Digital Publishing Institute",

number = "16",

}

TY - JOUR

T1 - Towards a multi-layered phishing detection

AU - Rendall, Kieran

AU - Nisioti, Antonia

AU - Mylonas, Alexios

N1 - © 2020 The Author(s). This is an open access article distributed under the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PY - 2020/8/13

Y1 - 2020/8/13

N2 - Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.

AB - Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.

KW - Multi-layer

KW - Phishing

KW - Supervised machine learning

UR - http://www.scopus.com/inward/record.url?scp=85089408944&partnerID=8YFLogxK

U2 - 10.3390/s20164540

DO - 10.3390/s20164540

M3 - Article

C2 - 32823675

AN - SCOPUS:85089408944

SN - 1424-3210

VL - 20

JO - Sensors

JF - Sensors

IS - 16

M1 - 4540

ER -

Towards a multi-layered phishing detection

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this