MACHINE LEARNING AND NEURAL NETWORK

ALGORITHMS TO DETECT PHISHING URL’s

Abhinav Thapliyal
Department of Computer
Science and Software
Engineering
Sharda University, Greater
Department of Computer
Science and Software
Engineering
Sharda University, Greater
Noida, INDIA
Department of Computer
Science and Software
Engineering
Sharda University, Greater
Noida, INDIA

[email protected] [email protected]
Noida, INDIA
om
[email protected]

Kashish Samarth Agrawal

ABSTARCT – With the advancement in
technology and the evolution of humans,
cybercrimes are increasing immensely.
Phishing is a fraudulent activity and it aims
at stealing a user’s confidential information
such as passwords, bank details, login id’s,
etc using tricky techniques. The attacker
seems to be legitimate in these frauds and it
is very difficult to differentiate between the
real and fake as there is very minute
difference in them. These crimes are
increasing everyday. According to the
records, around 75,689 frauds were
registered in the year 2023. And the main
reason is that the people are not aware of it
and also they do not have any accurate
method to detect it. In this paper, we
propose two machine learning algorithms
which are Random Forest and Decision
Tree and Autoencoder Neural Network.
After training the model with sufficient
dataset, we come to the conclusion that
among the three algorithms that are used,
Autoencoder Neural Network has achieved
a good performance in predicting the fake
URL’s. Therefore, our approach can alert
the online users about the phishing website
whenever they would try to access it
through the URL.
Key – Phishing, Fake URL’s, Autoencoder
Neural Network, Random Forest, Decision
Trees, Machine Learning.
I. INTRODUCTION
Phishing is an online fraud that targets the
online users through E-mails, calls, messages
and tries to get the confidential information of
the user [1]. These scams are increasing with
time as the virtual criminals are inventing new
ways to attempt the crimes everyday. These
scams took peak during the COVID-19 as the
online work increased at that time, number of
scams increased as the users were not aware of
the illegitimate websites which can leave them
in the midst of nothing. It is very difficult to
detect the false URL’s as there is very minute
difference between them. This is the biggest
reason that people get trapped in the online
scams. The dataset regarding these online
scams is less as compared to others as some
URL’s are deactivated after a short period of
time and many new techniques are introduced
now and then [8]. This is a major drawback
and can be overcome by using some special
algorithms such as Neural Networks and
Machine Learning. Phishers have increased the
usage of encryption protocols such as HTTPS.
The usage of HTTPS is an example of using
an internet security feature to trap the online
users.
The stolen money amount and the number of
phishing attacks are increasing constantly.
According to the records, these attacks have
taken a jump since past few years and are
increasing by around 15% gradually every
year [3]. The reason of the increase is that,
firstly the online users are not aware of these
phishing attacks and secondly it is very
powerful because the users cannot differentiate
between the fake and the legitimate URL’s
[12]. The movement towards a digital world
can be another reason as this gives a great
opportunity to the attackers to do scams as
there are many security less websites which
may allow fake announcements [6].
Machine Learning techniques are used in
many modals such as image recognition, price
prediction, biometrics, fraud detection and as
well as to detect the phishing websites. It is a
great approach as we can acquire precise and
more accurate results while using Machine
Learning algorithms [10]. In this paper we are
using Random Forest and Decision Trees to
detect the fake URL’s. By Using Random
Forest there is a high probability to get an
accurate result as many decision trees are
combined to get an average output in this
process which also can increase the detection
rate of a modal.
The industries which are particularly the target
of phishing attackers are Finance, Ecommerce,
Crypto Currencies and Software Services
(SaaS). In 2023, over 23% phishers attacked
the financial institutions and social media with
around 22.6%. Other web based attacks such
as software services and web mail includes
around 22.3% attacks [10]. The using of new
technologies everyday by the attackers is
leading to a constant increase in the percentage
of the attacks. So, to control these attacks and
achieve a good accuracy, we focus on
Autoencoder Neural Network, Random Forest
and Decision Tree combinations in this
research paper.
Fig (a) - Structure of a URL
Ii. LITERATURE
Nabeel Al-Milli[4] proposed a deep learning
convolutional neural network model in their
research paper to detect illegitimate URL’s.
This model aimed to reduce the number of
cyber-attacks that were conducted through
fake websites. Few experiments were carried
out for the evaluation of the performance using
benchmark dataset. After this, the CNN model
was able to perform well on the unseen URLs
and find the illegitimate ones. It gave an
accuracy of 94.31% in training phase and an
overall accuracy performance of 91.3%.
Jeevanandham J[15] used a Dragonfly
Optimization technique for detecting the fake
URL’s. He trained a Recurrent Neural Network
model using this technique for feature
selection. Previously he used a Firewall model
but it could only block and recognize the
predetermined attacks. But a model was
needed which could detect and block the
future attacks also. So, due to this
disadvantage the Dragonfly technique was
introduced by him. In DFO, the results are
compared using the accuracy, precision and F1
score criteria of the model. 100- 500 epochs
were calculated during the training and testing
of the dataset. The accuracy of the first 100
epoch was around 71.3% and of the fifth layer
of epoch was 72.1% accuracy. Detecting the
fake URLs is difficult as the dataset is very
small.
Saikiran Boppana[13] used the machine
learning model to find the infected websites to
prevent the user to be a part of scam or a fraud.
There are various machine learning algorithms
which are Decision tree, Random Forest,
SVM, XG Boost etc,. The machine learning
model will be provided with an input and it
will be trained with the input dataset. After the
preprocessing, an output will be provided by
the model. On the basis of the output, we can
decide whether a given URL is fake or
legitimate. The proposed model by him
successfully classified the phishing URLs with
an accuracy of 855 and 82.4% for Random
forest and Decision Tree respectively.
Gayathri Priya[7] proposed a model which
uses Grey Wolf Optimization (GWO) and
Firefly Algorithm to identify phishing websites
more efficiently. Then the model is introduced
with a Artificial neural network for classifying
or segmenting various parts of the website.
This hybrid technique improved the
classification accuracy to a great extent. It
gave an accuracy of 95.75 with feature
optimization and 88.75% without feature
optimization. Recently, AI based phishing
detection seems to have taken a growth.
Yajian Zhou [2] used the Convolutional Neural
Network to detect malicious URLs. He
proposed a simple URL detection model which
work on the basis of URL content. The URLs
which cannot be classified or segmented are
taken as input to the model and then treated by
the CNN to detect whether the URL is
malicious or legitimate. So, Machine learning
model gave an accuracy of 73% whereas their
model of CNN gave an accuracy of 81% .
Shewtha M [8] proposed a model of Particle
Swarm Optimization (PSO) to detect fake
URLs more precisely by going through
multiple properties of the website. In this
model, a feature weighting technique is used to
rank the various elements of the website
according to their properties and importance in
the recognition of real websites. It gave an
excellent accuracy to the model for detection.
It gave an accuracy of 95% during training and
91% during testing of the model.
Iii. Methodology
In our research, we have collected data from
all around the world. Using the collected data,
we used the technique of Machine learning
and Neural Network to find out whether a
URL is fake or not as per the requirement of
the user. We need 60-70% of data from
training, 10-15% for validation and the rest 10-
20% of the data for testing.
A. DATASET COLLECTION
The data collection refers to the technique or
the process of organizing, recording and
gathering information for reference or
analysis. Its work is to systematically collect
all the data from various sources such as
interviews, observations, sensors, etc. The
effective collection of data is very necessary
for the research purposes, business intelligence
and many different fields where the collection
of data is considered very crucial.
B. DATA PREPROCESSING
Preprocessing of the data is a technique where
we convert raw data in an ordered data. If The
data is processed, it converts it undemanding
to translate the data and makes it is easy to
use. Preprocessing techniques are used
because the data gives accurate and high-
quality results. The necessitate tasks in
preprocessing of data are cleaning, integration,
transformation and reduction. Usually, a real -
world data contains missing values, noises and
sometimes extra information or impractical
format which can not be as it is used by
models. Data preprocessing is a required task
for finding the missing values, cleaning the
data and making it suitable for the training
model. Data can be cleaned by using a
technique called Binning. Binning is a
technique where we sort the data and then
partition the into equal frequency bins.
C. MODEL TRAINING
First the dataset that we pre-processed is
divided into two parts, one is training data and
the other the testing data. 70-80 percent of data
is applied in tutoring and preparation of our
ML and neural models and the remaining is
used for model testing. Model training is a
training dataset with various algorithms and
then testing refers to check the accuracy and
correctness of the model up to its full. If the
model is trained correctly and with a large
quantity of data then the accuracy for
prediction or testing will increase.
D. MODEL TESTING
In machine learning, model training is allude
to as the operation where the performance of a
experienced model is evaluated our testing
dataset that we divided earlier. When our
model is trained by using the dataset, the
neural model provides the best accuracy or the
output for the processed data-set.
Testing explicitly identifies which part of the
code fails and provides a relatively coherent
coverage measure. In Machine learning
testing, the programmer enters input and
observes the behaviour and logic of the
machine. Hence, the purpose of testing
machine learning is to elaborate that the logic
learned by machine remains consistent always.
The logic should not vary even if the program
is called multiple times.
Fig (b) - Flow Diagram for the Training and
Testing of the Model
We have used the following discussed
algorithms in this research.
I. RANDOM FOREST
Random Forest is a machine learning
algorithm. In this, the output of multiple
decision trees are combined to get an average
output value. This is more accurate and has
more precision in comparison to using the
Decision tree alone. The advantages of using
Random Forest are reduced risk of overfitting,
ease of use, flexibility and feature importance
have increased its usability in most of the
present models. It can be used to solve both
the regression as well as classification
problems. It has been applied to many
industries in order to make better business
decisions.
Fig (c) - Random Forest Architecture
II. DECISION TREE
Decision Tree is a technique of supervised
learning which is used for both classification
as well as regression tasks for various models
training process. It is a tree like or a flowchart
structure where each and every node denotes
the feature, branches denote the rules and the
leaf nodes of the tree denotes the result of the
modal. The main goal of the decision tree is to
find the attribute that maximizes the
information gain after the split. It is very
simple to understand and solve decision
related problems and there is less requirement
of data cleaning.
III. AUTOENCODER NEURL NETWORK
An autoencoder neural network is a type of
neural network that can learn image
reconstruction, text and other data in
compressed from. It has three layers that are
Encoder, Latent Space and Decoder as shown
in figure. The function of Encoder layer is to
represent the input data in the compressed
form to the latent space and then the Latent
space represent the compressed data to the
output layer. Finally, the decoder layer encodes
the data into its original dimension.
Autoencoders are used in many cases like
Anomaly detection, Image inpainting and
Information retrieval. It is an efficient form of
algorithm as it does not need any labels for the
representation of the input.
IV. SUPPORT VECTOR MACHINE
It is a supervised learning algorithm that is
used for regression and classification tasks. It
works in the way that it finds the optimal
hyperplane that separates the different classes.
It is done by identifying the support vectors
which are considered as the data points which
are closest to the hyperplane. It is a very
powerful and versatile algorithm. It can handle
the high dimensional data very easily and
effectively. It is especially used for large
datasets and requires a very careful selection
of the parameters.
IV. RESULT
The model will help the users to differentiate
between a fake and a legitimate URL which
reduces the risk of online scams and frauds by
the cyber criminals. Due to the lack in the
detection methods, these scams are increasing
everyday.
Table (a) - Training and Testing Accuracy of
the techniques used
The below graph shows the feature importance
of various elements of a website according to
which one can classify the given URL as fake
or legitimate. Some attributes of a website are
the length of a URL, its depth, Domain age
and end, prefix, suffix, etc.
Fig (d) – Graph of Label In Sense
In this research paper we have mainly used
three techniques that are Decision tree,
Random Forest and Autoencoder Neural
Network. And Random forest gives the best
accuracy among the three of around 0.87
which means that 87% of the time the model
will be able to predict the fake URL.
Fig (e) - Accuracy of Random Forest
v. Conclusion
In summary, this research paper mainly
concentrates on the techniques that can
differentiate between the real and the fake
URL’s. In the research Autoencoder Neural
Network, Random Forest and Decision Tree
algorithms have been used. And after the
comparison with other algorithms we came to
the conclusion that Random Forest gives a
better accuracy than the other two techniques
used. Our research also highlighted the
importance of fairness and ethics in using this
technology. It's crucial to make sure our
predictions are unbiased and transparent. Even
though our work is successful, still there is a
much to explore and make our model more
reliable so that it can detect the fake URL’s
more accurately.
REFERENCES
[1] Sujatha, G., Ayyannan, M., Priya, S. G.,
Arun, V., Arularasan, A. N., & Kumar,
M. J. (2023). Hybrid optimization
algorithm to mitigate phishing URL
attacks in Smart Cities. 2023 3rd
International Conference on Innovative
Practices in Technology and
Management (ICIPTM).
https://doi.org/10.1109/iciptm57143.202
3.10118171
[2] Chen, Y., Zhou, Y., Dong, Q., & Li, Q.
(2020). A malicious URL detection
method based on CNN. 2020 IEEE
Conference on Telecommunications,
Optics and Computer Science (TOCS).
https://doi.org/10.1109/tocs50858.2020.
9339761
[3] S Tambe, Y., & Mohammad, S. (2023).
Phishing URL detection using machine
learning. Journal of Advanced Research
in Production and Industrial
 Engineering, 10(01), 1–5. [9] Huang, Y., Qin, J., & Wen, W. (2019).
https://doi.org/10.24321/2456.429x.202 Phishing URL detection via capsule-
301 based neural network. 2019 IEEE 13th
International Conference on Anti-
[4] Al-Milli, N., & Hammo, B. H. (2020). A Counterfeiting, Security, and
convolutional neural network model to Identification (ASID).
detect illegitimate urls. 2020 11th https://doi.org/10.1109/icasid.2019.8925
International Conference on 000
Information and Communication
Systems (ICICS). [10] Gajera, K., Jangid, M., Mehta, P., &
https://doi.org/10.1109/icics49469.2020. Mittal, J. (2019). A novel approach to
239536 detect phishing attack using artificial
neural networks combined with
[5] D, N., B, G. S., Poongodi, C., K, J., P, N., pharming detection. 2019 3rd
& J, J. (2022). Autoencoder based International Conference on
feature selection for phishing URL Electronics, Communication and
attack detection in IOT using stacked Aerospace Technology (ICECA).
Autoencoder (AFS-SAE). 2022 13th https://doi.org/10.1109/iceca.2019.8822
International Conference on Computing 053
Communication and Networking
Technologies (ICCCNT). [11] Rahmadeyan, A., Mustakim, M., Ahmad,
https://doi.org/10.1109/icccnt54827.202 I., Alexander, A. D., & Rahman, A.
2.9984574 (2023). Phishing website detection with
Ensemble Learning Approach using
[6] Kankrale, Prof. R. (2021). Phishing artificial neural network and AdaBoost.
website detection using Machine 2023 International Conference on
Learning. International Journal for Information Technology Research and
Research in Applied Science and Innovation (ICITRI).
Engineering Technology, 9(VI), 3216– https://doi.org/10.1109/icitri59340.2023
3220. .10249799
https://doi.org/10.22214/ijraset.2021.35
671 [12] McGinley, C., & Monroy, S. A. (2021).
Convolutional neural network
[7] Nabila, O. G., Wicaksono, H. R., Girinoto, optimization for phishing email
A., Yasa, R. N., & Setiawan, H. (2023). classification. 2021 IEEE International
Benchmarking model URL features and Conference on Big Data (Big Data).
image based for phishing URL https://doi.org/10.1109/bigdata52589.20
detection. 2023 International 21.9671531
Conference on Informatics, Multimedia,
Cyber and Informations System [13] S, J., & Eliyas, S. (2023). Detecting
(ICIMCIS). phishing attacks using Convolutional
https://doi.org/10.1109/icimcis60089.20 Neural Network and LSTM. 2023 3rd
23.10349059 International Conference on Advance
Computing and Innovative
[8] Swathi, G., Shwetha, M., Potluri, P., Technologies in Engineering
Murthy Raju, K., Kumar, Y., & (ICACITE).
Rajchandar, K. (2023). Smart cities https://doi.org/10.1109/icacite57410.202
hybridized to prevent phishing URL 3.10183234
attacks. 2023 Second International
Conference on Electronics and [14] Abutaha, M., Ababneh, M., Mahmoud,
Renewable Systems (ICEARS). K., & Baddar, S. A.-H. (2021). URL
https://doi.org/10.1109/icears56392 phishing detection using machine
learning techniques based on urls lexical
analysis. 2021 12th International
 Conference on Information and [18] Zhang, T., Zhang, H., & Gao, F.
Communication Systems (ICICS). (2013). A malicious advertising
https://doi.org/10.1109/icics52457.2021. detection scheme based on the depth
9464539 of URL strategy. 2013 Sixth
International Symposium on
[15] Zhang, L., Zhang, P., Liu, L., & Tan, J. Computational Intelligence and
(2021). Multiphish: Multi-modal Design.
features fusion networks for phishing
https://doi.org/10.1109/iscid.2013.12
detection. ICASSP 2021 - 2021 IEEE
International Conference on Acoustics, 8
Speech and Signal Processing
(ICASSP). [19] A, S. R., R, M., N, R., L, S., & N, A.
https://doi.org/10.1109/icassp39728.202 (2022). Survey on malicious URL
1.9415016 detection techniques. 2022 6th
International Conference on Trends
[16] Hoang, X. D., Minh, D. L., & Ninh, T. in Electronics and Informatics
T. (2023). A CNN-based model for (ICOEI).
detecting malicious urls. 2023 RIVF https://doi.org/10.1109/icoei53556.2
International Conference on 022.9777221
Computing and Communication
Technologies (RIVF). [20] Tan, G., Zhang, P., Liu, Q., Liu, X.,
https://doi.org/10.1109/rivf60135.20 Zhu, C., & Dou, F. (2018). Adaptive
23.10471782 malicious URL detection: Learning
in the presence of concept drifts.
[17] Menon, R. R. K., & Anandhu, V. 2018 17th IEEE International
(2023). Machine learning supported Conference On Trust, Security And
malicious URL detection. 2023 4th Privacy In Computing And
IEEE Global Conference for Communications/ 12th IEEE
Advancement in Technology International Conference On Big
(GCAT). Data Science And Engineering
https://doi.org/10.1109/gcat59970.20 (TrustCom/BigDataSE).
23.10353402 https://doi.org/10.1109/trustcom/big
datase.2018.00107