Modelo de machine learning en la detección de sitios web phishing

• Juan Villegas Cubas ^[1] ; Gisela Maquen Niño ^[1]
  1. [1] Universidad Nacional Pedro Ruiz Gallo, Av. Juan XXIII 391, Lambayeque, 14013, Peru
• Localización: RISTI: Revista Ibérica de Sistemas e Tecnologias de Informação, ISSN-e 1646-9895, Nº. Extra 52, 2022, págs. 161-173
• Idioma: inglés
• Enlaces
  • Texto completo (pdf)
• Resumen
  • español

    En la actualidad se evidencia el crecimiento de ataques phishing, este trabajo tiene objetivo desarrollar un modelo de detección de sitios web phishing, basada en machine learning y teniendo en cuenta las características de la URL, el código fuente y la inteligencia de las amenazas de los sitios web. Se utiliza un conjunto de datos de 30 características de 11055 sitios web, se entrenan modelos de Random Forest, Extra Tree y Decision Tree, siendo Random Forest el modelo elegido, se evaluó el rendimiento con datos de 2211 sitios web y obtiene un accuracy de 97.56%, que es superior en comparación con los resultados de otros modelos en trabajos previos.

  • English

    Currently the growth of phishing attacks is evident, this work aims to develop a model for detecting phishing websites, based on machine learning and taking into account the characteristics of the URL, the source code and the intelligence of the threats of the websites. A data set of 30 characteristics of 11055 websites is used, Random Forest, Extra Tree and Decision Tree models are trained, Random Forest being the chosen model, performance was evaluated with data from 2211 websites and an accuracy of 97.56% is obtained, which is higher compared to the results of other models in previous works.

• Referencias bibliográficas
  • Abutair, H. Y., Belghith, A., & Al-Ahmadi, S. A. (2018). CBR-PDS: a case-based reasoning phishing detection system. Journal of Ambient...
  • Ali, W., & Ahmed, A. A. (2019). Hybrid intelligent phishing website prediction using deep neural networks with genetic algorithm-based...
  • Aljofey, A., Jiang, Q., Qu, Q., Huang, M., & Niyigena, J.-P. (2020). An Effective Phishing Detection Model Based on Character Level Convolutional...
  • Anupam, S., & Kar, A. K. (2020). Phishing website detection using support vector machines and nature-inspired optimization algorithms....
  • APWG. (2021). Phishing Activity Trends Report, 4th Quarter 2020. Anti-Phishing Working Group, Inc.
  • Borja-Robalino, R., Monleón-Getino, A., & Rodellar, J. (2020). Estandarización de métricas de rendimiento para clasificadores Machine...
  • Cascavilla, G., Tamburri, D. A., & Heuvel, W.-J. D. (2021). Cybercrime threat intelligence: A systematic multi-vocal literature review....
  • Chavan, S., Inamdar, A., Dorle, A., Kulkarni, S., & Wu, X.-W. (2020). Phishing Detection: Malicious and Benign Websites Classification...
  • Christou, O., Pitropakis, N., Papadopoulos, P., McKeown, S., & Buchanan, W. J. (2020). Phishing URL Detection Through Top-Level Domain...
  • Divindat. (2021). División de Investigación de Delitos de Alta Tecnología de la Policía. Lima: El Peruano.
  • Gartner. (2013). Threat intelligence: What is it, and how can it protect you from today advanced cyber-attacks. Stamford: Gartner, Inc.
  • Gori, M. (2018). Machine Learning: A Constraint-Based Approach. Morgan Kaufman, https://doi.org/10.1016/C2015-0-00237-4.
  • Harinahalli, L., & BoreGowda, G. (2020). Phishing website detection based on effective machine learning approach. Journal of Cyber Security...
  • Jain, A. K., & Gupta, B. B. (2018). PHISH-SAFE: URL Features-Based Phishing Detection System Using Machine Learning. Advances in Intelligent...
  • Kaspersky. (15 de Febrero de 2021). Securelist. Obtenido de El spam y el phishing en 2020: https://securelist.lat/spam-and-phishing-in-2020/92784/
  • Kulkarni, A. D., & Brown, L. L. (2019). Phishing Websites Detection using Machine Learning. Computer Science Faculty Publications and...
  • Kumar, R., Gunasekaran, Nivetha, R., Sangeetha, P. K., Shanthini, G., & Vignesh, A. S. (2019). Url Phishing data analysis and detecting...
  • Lakshmi, L., Reddy, M., Santhaiah, C., & Reddy, U. J. (2021). Smart Phishing Detection in Web Pages using Supervised Deep Learning Classification...
  • Marsh & Microsoft. (2020). Estado del Riesgo Cibernético en Latinoamérica en tiempos de COVID-19. Nueva York: Marsh LLC.
  • Mohammad, R. M., Thabtah, F., & McCluskey, L. (2014). Predicting phishing websites based on self-structuring neural network. Neural Comput...
  • Mohammad, R. M., Thabtah, F., & McCluskey, L. (2015). Phishing Websites Features. Huddersfield: School of Computing and Engineering, University...
  • Mohammed, M., Khan, M. B., & Mohammed, E. B. (2017). Machine Learning: Algorithms and Applications. London: Taylor & Francis Group.
  • Mueller, A. C., & Guido, S. (2016). Introduction to Machine Learning with Python. Sebastopol: O’Reilly Media, Inc.
  • Niakanlahiji, A., Chu, B.-T., & Al-Shaer, E. (2018). PhishMon: A Machine Learning Framework for Detecting Phishing Webpages. IEEE International...
  • NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. Gaithersburg, Maryland: National Institute of Standards and Technology.
  • Opara, C., Wei, B., & Chen, Y. (2020). HTMLPhish: Enabling Phishing Web Page Detection by Applying Deep Learning Techniques on HTML Analysis....
  • Patil, V., Thakkar, P., Shah, C., Bhat, T., & Godse, S. P. (2018). Detection and Prevention of Phishing Websites Using Machine Learning...
  • Rami, M. M., Fadi, T., & Lee, M. (2014). Predicting phishing websites based on self-structuring neural network. Neural Computing and Applications,...
  • Sandoval, L. J. (2018). Algoritmos de Aprendizaje Automático para análisis y predicción de datos. Revista Tecnologica, Pag 36-40.
  • Sarkar, D., Bali, R., & Sharma, T. (2018). Practical Machine Learning with python. New York: Spring Street. doi: https://doi.org/10.1007/978-1-4842-3207-1.
  • Sarker, I. H. (2021). Machine Learning: Algorithms, Real‑World Applications and Research Directions. Computer Science, doi: https://doi.org/10.1007/s42979-021-00592-x.
  • Singh, R., & Sharma, T. (2019). Present Status of Distributed Denial of service (DDoS) Attacks in Internet World. International Journal...
  • Subasi, A. (2020). Practical Machine Learning for data analysis using Python. London: Elsevier Inc.
  • Trend Micro. (2021). How to Reduce the Risk of Phishing and Ransomware. Osterman Research, 1-29.
  • Ubing, A. A., Binti Jasmi, S. K., Azween, A., Jhanjhi, N. Z., & Supramaniam, M. (2019). Phishing Website Detection: An Improved Accuracy...
  • Vakili, M., Ghamsari, M., & Rezaei, M. (2020). Performance Analysis and Comparison of Machine and Deep Learning Algorithms for IoT Data...
  • Wang, W., Zhang, F., Luo, X., & Zhang, S. (2019). PDRCNN: Precise Phishing Detection with Recurrent Convolutional Neural Networks. Security...
  • Wei, B., Hamad, R., Yang, L., He, X., Wang, H., Gao, B., & Woo, W. (2019). A Deep-Learning-Driven Light-Weight Phishing Detection Sensor....
  • Yang, L., Zhang, J., Wang, X., Li, Z., Li, Z., & He, Y. (2021). An improved ELM-based and data preprocessing integrated approach for phishing...
  • Yi, P., Guan, Y., Zou, F., Yao, Y., Wei Wang, & Zhu, T. (2018). Web Phishing Detection Using a Deep Learning Framework. Wireless Communications...
  • Zabihimayvan, M., & Doran, D. (2019). Fuzzy Rough Set Feature Selection to Enhance Phishing Attack Detection. IEEE International Conference...
  • Zamir, A., Khan, H. U., Iqbal, T., Yousaf, N., Aslam, F., Anjum, A., & Hamdani, M. (2020). Phishing website detection using diverse machine...