DETECTION OF PHISHING WEBSITE USING MACHINE LEARNING AND FEATURES EXTRACTION

Abstract: Phishing attacks represent a rapidly expanding threat in cyberspace that causes significant financial losses to web users and companies on an annual basis. Any sensitive data acquired from the customers by using different social engineering tactics is considered unauthorized, and any kind of website, pop-ups, instant message, emails, and other communication tools can be employed for recognizing phishing. In this paper, we propose a mechanism that could help recognize phishing or real URLs. The dataset consists of clean, spam, malicious, phishing, and defacement websites. Also, phishing URLs obtained from an open-source website known as "Phish Tank," which provides phishing URLs in different formats such as JSON, CSV, and others, have been included. Six models for recognizing phishing URLs based on the machine learning and deep neural network algorithms have been tested. With a set of about 10,000 random URLs, including up to 23,328 phishing URLs and 4894 valid URLs, divided into training and testing datasets the main aim of our study consists in creating software applications for detecting phishing URLs online. The dataset of Uniform Resource Locator has been tested and trained through feature selections like HTTPS and JavaScript-based features, domain-based features, address bar-based features to distinguish between genuine and phishing URLs. This study has offered an approach towards the classification of URLs into legitimate and phishing URLs.

Keywords: Phishing, Detection, Machine Learning, Neural Network, Authentication, Identification.