Abstract
Phishing is a social engineering attack, where an attacker poses as a legitimate individual or institution and convinces a victim to divulge their details through human interaction. There has been a steep rise in phishing cases across the globe. A report by Cisco [1] shows that phishing was the reason for 90% of data breaches in 2021. Various detection models have been proposed in the past to counter such attacks. Some proposed models work on improving the detection rate of phishing URLs while others focus on reducing their detection time. Authors have used machine learning, deep learning, and various other novel mechanisms in feature selections that result in high algorithm performance. This study is a systematic analysis of recent work utilizing deep learning for phishing detection, highlighting the research methods, algorithms, programming tools, and datasets used in such studies. This study further proposes some guidelines for future research, which include standardizing documentation and performance reporting. These guidelines may help researchers in their quest to replicate others’ work and compare newly proposed methods with previously developed systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
CISCO: cisco threat report 2021. https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list
Johnson, J.: Phishing - statistics & facts. https://www.statista.com/topics/8385/phishing/
labs, F.: Phishing attacks soar 220% during COVID-19 peak as cybercriminal opportunism intensifies. https://www.f5.com/company/news/features/phishing-attacks-soar-220-during-covid-19-peak-as-cybercriminal
phishing.org: what is phishing. https://www.phishing.org/what-is-phishing
Kitchenham, B.: Procedures for performing systematic reviews. Keele, UK, Keele University 33(2004), 1–26 (2004)
PhishTank: PhishTank. https://phishtank.org/
Crawl: common crawl. https://commoncrawl.org/
Alexa: alexa top sites. https://www.alexa.com/topsites
DMOZ: Dmoz phishing dataset. https://dmoz-odp.org/docs/en/rdf.html
Maurer, M.: Phishload. https://www.medien.ifi.lmu.de/team/max.maurer/files/phishload/index.html
UCI: UCI phishing dataset. https://archive.ics.uci.edu/ml/datasets/phishing+websites
Kaggle: kaggle. https://www.kaggle.com/ahmednour/website-phishing-data-set
Marchal, S: PhishStorm. https://research.aalto.fi/en/datasets/phishstorm-phishing-legitimate-url-dataset
Marchal, S., François, J., State, R., Engel, T.: PhishStorm: detecting phishing with streaming analytics. IEEE Trans. Netw. Serv. Manage. 11(4), 458–471 (2014)
OpenPhish: OpenPhish. https://openphish.com/phishing_database.html
OpenPhish: OpenPhish API. https://github.com/openphish/pyopdb
Kaggle: Kaggle survey 2019. https://www.kaggle.com/kaggle-survey-2019
Brownlee, J.: Best programming language. https://machinelearningmastery.com/best-programming-language-for-machine-learning/
Nagaraj, K., Bhattacharjee, B., Sridhar, A., Sharvani, G.: Detection of phishing websites using a novel twofold ensemble model. J. Sys. Inf. Technol. (2018)
Ozcan, A., Catal, C., Donmez, E., Senturk, B.: A hybrid DNN-LSTM model for detecting phishing URLs. Neural Comput. Appl. 1–17 (2021)
Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G., Alghamdi, A.: Hybrid rule-based solution for phishing URL detection using convolutional neural network. Wirel. Commun. Mobile Comput. 2021 (2021)
Korkmaz, M., Kocyigit, E., Sahingoz, O.K., Diri, B.: Phishing web page detection using N-gram features extracted from URLs. In: 2021 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pp. 1–6. IEEE (2021)
Zhang, Q., Bu, Y., Chen, B., Zhang, S., Lu, X.: Research on phishing webpage detection technology based on CNN-BiLSTM algorithm. In: Journal of Physics: Conference Series, vol. 1738, p. 012131. IOP Publishing (2021)
Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., Zhu, T.: Web phishing detection using a deep learning framework. Wirel. Commun. Mobile Comput. 2018 (2018)
Xiao, X., Zhang, D., Hu, G., Jiang, Y., Xia, S.: CNN-MHSA: a convolutional neural network and multi-head self-attention combined approach for detecting phishing websites. Neural Netw. 125, 303–312 (2020)
Liu, D.J., Geng, G.G., Jin, X.B., Wang, W.: An efficient multistage phishing website detection model based on the case feature framework: aiming at the real web environment. Comput. Secur. 110, 102421 (2021)
Wazirali, R., Ahmad, R., Abu-Ein, A.A.K.: Sustaining accurate detection of phishing URLs using SDN and feature selection approaches. Comput. Netw. 201, 108591 (2021)
Saha, I., Sarma, D., Chakma, R.J., Alam, M.N., Sultana, A., Hossain, S.: Phishing attacks detection using deep learning approach. In: 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT), pp. 1180–1185. IEEE (2020)
Kazienko, P., Lughofer, E., Trawinski, B.: Editorial on the special issue “hybrid and ensemble techniques in soft computing: recent advances and emerging trends’’. Soft. Comput. 19(12), 3353–3355 (2015). https://doi.org/10.1007/s00500-015-1916-x
Sameen, M., Han, K., Hwang, S.O.: PhishHaven-an efficient real-time AI phishing URLs detection system. IEEE Access 8, 83425–83443 (2020)
Ogawa, Y., Kimura, T., Cheng, J.: Vulnerability assessment for deep learning based phishing detection system. In: 2021 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pp. 1–2. IEEE (2021)
Hashim, A., Medani, R., Attia, T.A.: Defences against web application attacks and detecting phishing links using machine learning. In: 2020 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE), pp. 1–6. IEEE (2020)
AlEroud, A., Karabatis, G.: Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks. In: Proceedings of the Sixth International Workshop on Security and Privacy Analytics, pp. 53–60 (2020)
Xiao, X., et al.: Phishing websites detection via CNN and multi-head self-attention on imbalanced datasets. Comput. Secur. 108, 102372 (2021)
Zhang, J., Li, X.: Phishing detection method based on borderline-smote deep belief network. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 45–53. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_5
Pham, T.D., Pham, T.T.T., Hoang, S.T., Ta, V.C.: Exploring efficiency of GAN-based generated URLs for phishing URL detection. In: 2021 International Conference on Multimedia Analysis and Pattern Recognition (MAPR), pp. 1–6. IEEE (2021)
Shirazi, H., Bezawada, B., Ray, I., Anderson, C.: Adversarial sampling attacks against phishing detection. In: Foley, S.N. (ed.) DBSec 2019. LNCS, vol. 11559, pp. 83–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22479-0_5
Somesha, M., Pais, A.R., Rao, R.S., Rathour, V.S.: Efficient deep learning techniques for the detection of phishing websites. Sādhanā 45(1), 1–18 (2020). https://doi.org/10.1007/s12046-020-01392-4
Yang, R., Zheng, K., Wu, B., Wu, C., Wang, X.: Phishing website detection based on deep convolutional neural network and random forest ensemble learning. Sensors 21(24), 8281 (2021)
Jain, A.K., Gupta, B.B.: A machine learning based approach for phishing detection using hyperlinks information. J. Ambient. Intell. Humaniz. Comput. 10(5), 2015–2028 (2019). https://doi.org/10.1007/s12652-018-0798-z
Rao, R.S., Vaishnavi, T., Pais, A.R.: PhishDump: a multi-model ensemble based technique for the detection of phishing sites in mobile devices. Pervasive Mob. Comput. 60, 101084 (2019)
Tajaddodianfar, F., Stokes, J.W., Gururajan, A.: Texception: a character/word-level deep learning model for phishing URL detection. In: ICASSP 2020–2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2857–2861. IEEE (2020)
Zhang, L., Zhang, P.: PhishTrim: fast and adaptive phishing detection based on deep representation learning. In: 2020 IEEE International Conference on Web Services (ICWS), pp. 176–180. IEEE (2020)
Yuan, H., Yang, Z., Chen, X., Li, Y., Liu, W.: URL2vec: URL modeling with character embeddings for fast and accurate phishing website detection. In: 2018 IEEE International Conference on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pp. 265–272. IEEE (2018)
Jawade, J.V., Ghosh, S.N.: Phishing website detection using fast. ai library. In: 2021 International Conference on Communication information and Computing Technology (ICCICT), pp. 1–5. IEEE (2021)
Bu, S.J., Cho, S.B.: Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection. In: ICASSP 2021–2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2685–2689. IEEE (2021)
Bozkir, A.S., Aydos, M.: LogoSENSE: a companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Comput. Secur. 95, 101855 (2020)
Feng, T., Yue, C.: Visualizing and interpreting RNN models in URL-based phishing detection. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 13–24 (2020)
Wei, B., et al.: A deep-learning-driven light-weight phishing detection sensor. Sensors 19, 4258 (2019). https://doi.org/10.3390/s19194258.https://www.mdpi.com/1424-8220/19/19/4258
Haynes, K., Shirazi, H., Ray, I.: Lightweight URL-based phishing detection using natural language processing transformers for mobile devices. Procedia Comput. Sci. 191, 127–134 (2021)
Yu, X.: Phishing websites detection based on hybrid model of deep belief network and support vector machine. In: IOP Conference Series: Earth and Environmental Science, vol. 602, p. 012001. IOP Publishing (2020)
Zhang, X., Shi, D., Zhang, H., Liu, W., Li, R.: Efficient detection of phishing attacks with hybrid neural networks. In: 2018 IEEE 18th International Conference on Communication Technology (ICCT), pp. 844–848. IEEE (2018)
Adebowale, M.A., Lwin, K.T., Hossain, M.A.: Intelligent phishing detection scheme using deep learning algorithms. J. Enterp. Inf. Manage. (2020)
Yang, P., Zhao, G., Zeng, P.: Phishing website detection based on multidimensional features driven by deep learning. IEEE access 7, 15196–15209 (2019)
Feng, J., Zou, L., Ye, O., Han, J.: Web2vec: phishing webpage detection method based on multidimensional features driven by deep learning. IEEE Access 8, 221214–221224 (2020)
Sumathi, K., Sujatha, V.: Deep learning based-phishing attack detection. Int. J. Recent Technol. Eng. (IJRTE) 8(3) (2019)
Lakshmi, L., Reddy, M.P., Santhaiah, C., Reddy, U.J.: Smart phishing detection in web pages using supervised deep learning classification and optimization technique ADAM. Wireless Pers. Commun. 118(4), 3549–3564 (2021). https://doi.org/10.1007/s11277-021-08196-7
Soon, G.K., Chiang, L.C., On, C.K., Rusli, N.M., Fun, T.S.: Comparison of ensemble simple feedforward neural network and deep learning neural network on phishing detection. In: Alfred, R., Lim, Y., Haviluddin, H., On, C.K. (eds.) Computational Science and Technology. LNEE, vol. 603, pp. 595–604. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0058-9_57
Su, Y.: Research on website phishing detection based on LSTM RNN. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 284–288. IEEE (2020)
de Souza, C.H.M., Lemos, M.O.O., da Silva, F.S.D., Alves, R.L.S.: On detecting and mitigating phishing attacks through featureless machine learning techniques. Internet Technol. Lett. 3(1), e135 (2020)
Bartoli, A., De Lorenzo, A., Medvet, E., Tarlao, F.: Personalized, browser-based visual phishing detection based on deep learning. In: Zemmari, A., Mosbah, M., Cuppens-Boulahia, N., Cuppens, F. (eds.) CRiSIS 2018. LNCS, vol. 11391, pp. 80–85. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12143-3_7
Al-Alyan, A., Al-Ahmadi, S.: Robust URL phishing detection based on deep learning. KSII Trans. Internet Inf. Syst. (TIIS) 14(7), 2752–2768 (2020)
Singh, S., Singh, M., Pandey, R.: Phishing detection from URLs using deep learning approach. In: 2020 5th International Conference on Computing, Communication and Security (ICCCS), pp. 1–4. IEEE (2020)
Aljofey, A., Jiang, Q., Qu, Q., Huang, M., Niyigena, J.P.: An effective phishing detection model based on character level convolutional neural network from URL. Electronics 9(9), 1514 (2020)
Yerima, S.Y., Alzaylaee, M.K.: High accuracy phishing detection based on convolutional neural networks. In: 2020 3rd International Conference on Computer Applications & Information Security (ICCAIS), pp. 1–6. IEEE (2020)
Dutta, A.K.: Detecting phishing websites using machine learning technique. PLoS ONE 16(10), e0258361 (2021)
Bahnsen, A.C., Bohorquez, E.C., Villegas, S., Vargas, J., González, F.A.: Classifying phishing URLs using recurrent neural networks. In: 2017 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–8. IEEE (2017)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sharma, V., Halevi, T. (2022). A Survey on Phishing Website Detection Using Deep Neural Networks. In: Stephanidis, C., Antona, M., Ntoa, S., Salvendy, G. (eds) HCI International 2022 – Late Breaking Posters. HCII 2022. Communications in Computer and Information Science, vol 1655. Springer, Cham. https://doi.org/10.1007/978-3-031-19682-9_87
Download citation
DOI: https://doi.org/10.1007/978-3-031-19682-9_87
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19681-2
Online ISBN: 978-3-031-19682-9
eBook Packages: Computer ScienceComputer Science (R0)