Towards a multi-layered phishing detection

Kieran Rendall, Antonia Nisioti, Alexios Mylonas

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)
25 Downloads (Pure)


Phishing is one of the most common threats that users face while browsing the web. In the current threat landscape, a targeted phishing attack (i.e., spear phishing) often constitutes the first action of a threat actor during an intrusion campaign. To tackle this threat, many data-driven approaches have been proposed, which mostly rely on the use of supervised machine learning under a single-layer approach. However, such approaches are resource-demanding and, thus, their deployment in production environments is infeasible. Moreover, most previous works utilise a feature set that can be easily tampered with by adversaries. In this paper, we investigate the use of a multi-layered detection framework in which a potential phishing domain is classified multiple times by models using different feature sets. In our work, an additional classification takes place only when the initial one scores below a predefined confidence level, which is set by the system owner. We demonstrate our approach by implementing a two-layered detection system, which uses supervised machine learning to identify phishing attacks. We evaluate our system with a dataset consisting of active phishing attacks and find that its performance is comparable to the state of the art.
Original languageEnglish
Article number4540
Number of pages18
Issue number16
Publication statusPublished - 13 Aug 2020


  • Multi-layer
  • Phishing
  • Supervised machine learning


Dive into the research topics of 'Towards a multi-layered phishing detection'. Together they form a unique fingerprint.

Cite this