Towards a multi-layered phishing detection

Kieran Rendall, Antonia Nisioti, Alexios Mylonas

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)
13 Downloads (Pure)


Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.
Original languageEnglish
Article number4540
Number of pages18
JournalSensors (Switzerland)
Issue number16
Publication statusPublished - 13 Aug 2020


  • Multi-layer
  • Phishing
  • Supervised machine learning


Dive into the research topics of 'Towards a multi-layered phishing detection'. Together they form a unique fingerprint.

Cite this