2019 4th International Conference on Electrical, Electronics, Communication, Computer Technologies and Optimization Techniques (ICEECCOT)

Detection of Phishing Website Using Machine

Learning Approach
Mahajan Mayuri Vilas Kakade Prachi Ghansham
Deparmrnt of ComputerEngineering, Department of Computer Engineering,
Shri Chhatrapati Shivaji Maharaj College of Engineering, Shri Chhatrapati Shivaji Maharaj College of Engineering,
Ahmednagar, Maharashtara Ahmednagar, Maharashtra
Savitribai Phule Pune University,Pune Savitribai Phule Pune University,Pune
[email protected] [email protected]

Sawant Purva Jaypralash Pawar Shila

Department of computer Engineering, Department of Computer Engineering,
Shri Chatrapati Shivaji Maharaj College ofEngineering, Shri Chhatrapati Shivaji Maharaj College of Engineering,
Ahmednagar, Maharashtra Ahmednagar, Maharashtra
Savitribai Phule Pune University,Pune Savitribai Phule Pune University,Pune
[email protected] [email protected]

Abstract – Phishing is one kind of cyber-attack and at once, it
is a most dangerous and common attack to acquire personal
information, account details, credit card details, organizational
details or password of a user to conduct transactions. Phishing
websites seem to like the appropriate ones and it is difficult to
differentiate among those websites. The motive from that study is
to perform ELM derived from different 30 main components
which are categorized using the ML approach. Most of the
phishing URLs use HTTPS to avoid getting detected. There are
three ways for the detection of website phishing. The primitive
approach evaluates different items of URL, the second approach
analyzing the authority of a website and calculating whether the
website is introduced or not and it also analyzing who is
supervising it, the third approach checking the genuineness of the
website.
The victim registers the details unknowingly which mainly
consist of password or username, credit card numbers they are
likely to accept[3].
Figure 1 looks similar to a Gmail sign-in page, yet the
URLs somewhat changed. But the victim is not filling the
Gmail sign-in page whose GUI form is the same as that of the
original Google account which gives the attacker full benefits
of victims' personal information. The kind of fraud and theft
could take place by just gaining the details of users. Gmail
account controls all other accounts. So, this could be a huge
fraud. Other targets are Bank logins, Facebook and Paytm,
Microsoft Outlook, etc[3].

Keywords– Phishing, Extreme Learning Machine, Features

Classification, URL, Information Security.

I. INTRODUCTION
Phishing is a malicious attack in online theft to steal the
user's private information. That is a kind of scam in which
unauthorized user tries to gain user private data and thus user
falls into such traps[1]. The motive of our paper is to propose
a structure that is safe for identifying phishing websites in less
time with high accuracy. Currently, people accomplish most
online business, transferring money, bill payments i.e. all the
things are carried out using websites or applications[1].
Therefore, finding website phishing is an enormously
important thing in our day to day life. Identifying phishing
Fig 1. Gmail Phishing Scam URL
websites is a tough task[1]. After a detailed survey on this
problem, we found the list-based anti- phishing The paper is categorized into Part-I as Introduction, Part–
approaches(blacklist or whitelist) which store URLs in the II as a Literature Survey based on phishing websites. Part-III
database. This approach compares the URL entered by users in describes the Related Work. Part-IV describes the Proposed
browsers with URLs that are put in the database. Using these Work and Conclusion in Part V.
approaches the newly build phishing URLs fail to detect which
are not being included in the database[2]. A phishing attack II. LITERATURE SURVEY
occurs when an unauthorized person tries to send an email or Phishing is a security attack that is the most common and
the URL to get sensitive information of users for misuse[3]. dangerous attack to gain account details, personal information,

978-1-7281-3261-7/19/$31.00 ©2019 IEEE 384

Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.
credit card details or the password of a user to conduct a dependability of suspected pages. A finite state machine is
transaction. developed to evaluate webpage performance by tracing
webpage GUI the submission with the resultant reaction in the
Srushti Patil and Sudhir Dhage et al. [1] use different
study done by them.
methods like Anti Phishing solutions. Anti-Phishing solutions
include various approaches. Heuristic Approach is used for MCAR is a method which is phishing detection presented
classifying the URLs. Features are extract and they are classify by Ajlouni et al. [30] through assuming the components from
by using ML methods. Various approaches are collaborated to Aburrous et al. In classifying the webpages the achieved
check whether the website is illegal or legitimate. accuracy is 98.5%, although they do not provide any data
regarding exact number of rules to be extracted with the help
Huaping Yuan, Xu Chen and Yukun Li et al. [2] uses
of MCAR algorithm.
different algorithms for detecting the phishing websites.
Various ML algorithms on phishing detection including k-
Nearest Neighbor(KNN), Logistic Regression(LR), Random
TABLE I. COMPARATIVE STUDIES BETWEEN VARIOUS METHODS
Forest(RF), Decision Tree(DT), Gradient Boosting Decision
Tree(GBDT), XGBoost(XGBST), and Deep Forest(DF).The
authors introduce the statistical features and lexical features of
URLs and links.
Vaibhav Patil, Pritesh Thakkar and Chirag Shah et al. [3]
proposes a combined solution that uses three algorithms –
whitelist and blacklist, heuristics and visual similarity. This
approaches provides three-level security blocks and hence this
system is more effective and accurate.
Anu Vazhayil, Vinaya Kumar R and Soman KP et al. [7]
focuses on a combination of CNN with the Long Short Term
Memory(LSTM) and Convolutional Neural Network(CNN) to
derive the accuracy in classifying the phishing URLs. LSTM
extracts sequential information and CNN helps to extract
special information among the characters. CNN used to learn
the special co-relationship among the characters.
Martyn Weedon and Dimitris Tsaptsinos et al. [8] focuses
on the Random Forest(RF) algorithm to classify URLs are
either malicious or gentle. The distribution of URL will be a
lexical base, which means features directly will be drawn out
from the URL itself.
Yasin Sonmez, Turker Tuncer and Huseyin Gokal et al.[25]
proposed different methods like ELM, NB, and SVM for
detecting the phishing websites. With the help of 6 different
classification functions in ELM, the authors achieved the
highest accuracy.
Aburrous et al. [27] proposed a smart structure for phishing
webpage finding in e-banking. They anticipated a model
depend on fuzzy logic united with data mining approach to
study the techniques by telling the illegal websites aspects by
classifying the phishing types. With 10-fold cross-validation,
they gained 86.38% categorization accuracy which is
extremely lower.
Arade et al. [28] implemented a innovative kind of
intelligent aspects depending on string matching to evaluate
the addresses in the database of the implemented system and
webpage address. The problem in this study is with the chance
of taking place false positive incidence i.e. legal webpages can
be assumed as legal webpages.
A model is proposed for detecting phishing webpages
which is implemented by Shahriar & Zulkernine [29] with the

385

Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.
 III. PHISHING DETECTION USING URL
Today web has become very popular platform where
different activities are carried out by people or user like online
transactions, entering id and password while login process etc.
But while doing these activities people suffers from various
security attacks. To avoid these types of security attacks
different machine learning algorithms are used.
A. Phishing
Phishing is a process of Internet fraud. Phishing is a type of
technology that makes use of a combination of technology
and social engineering to gather personal or private
information such as online shopping like selling or purchasing
products, sending mail, chat with friends, etc.
Figure 3 Shows phishing attacks which are done with the
following four ways:
• An illegal website that appears exactly like the original
website which is created by the phisher.
• Phisher tries to perceive the victims to visit phishers
websites, phisher send the link of the fake website to an
authorized user in the name of legal organizations and
companies.
• By clicking on the link, the victim visits the fake
website and use personal information there.
• Phishers then use the private information which is
entered by the victim and carry out their illegal actions
like money transferring from the victims account.
Fig 2. Process of phishing
B. Blacklist And Whitelist Approach
By using Whitelist and Blacklist approach it is easy to
check whether the currently visited website is either illegal or
authorized. Blacklist involves several websites that are
Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.
categorized as spam. Organizations like Google maintains
such blacklist[1]. Whitelist approach is used to different
phishing sites by comparing the current URL with a prebuilt
list of URLs. The crucial drawback of this approach is that it
cannot distinguish the recently created phishing websites from
legal websites.
C. Machine Learning Approach
In this approach, features are extracted and they are
classified using ML techniques[1]. Machine learning focuses
on developing computational algorithms and motivates rules
and patterns according to produce general models. The ML is
called supervised learning if no labels are given within the
training phase[26]. There are few prominent machine learning
approaches like Random Forest(RF), Support Vector
Machine(SVM), Back-Propagation Neural Network(BPNN), k-
Nearest Neighbour(kNN) and Naive Bayes Classifier(NB).
D. Heuristic Based Approach
A heuristic is one kind of problem-solving technique that
uses an alternative way to develop better solutions given in a
restricted time, deadline or frame. It uses a heuristic to
classify URLs. A heuristic is a type of feature that is
considered to check the websites[1]. In this method, few
features of websites are collected and evaluate them to select
the most influential features of the website, they play an
essential role in detecting the website phishing. The heuristic
approach uses standardized features of legitimate and
phishing sites depends on URL, Search Engine, Lookup,
HTML DOM and website traffic[9]. The heuristic structure of
the website matches the predefined rules then websites are
categorized as phishing websites[9].
E. Hybrid Approach
In a Hybrid Approach, different techniques are composed
together to detect whether a website is real or fake. E.g.
blacklisting and heuristics of URL can be combined to form a
good-enough system[1]. The Hybrid Model uses 30 features
to solve phishing websites' problems. A single model is not
enough to detect the websites. Therefore, it improves the
efficiency, correctness, and execution rate. To form a more
robust classifier, one or more models are combined. Firstly,
the performance of the individual classifier is checked and
then the high accuracy and less rate of the best classifier is
evaluated. After that, the best classifier model is combined
with other classifiers and finally, the better hybrid
classification model is achieved.
F. Anti-Phishing Approach
This approach is a knowledge base service that helps to
prevent illegitimate access to secure and sensitive
information. Anti-phishing services protect a different type
of data in other ways beyond the variety of stages. Anti-
phishing software comprises computer programs that try to
determine phishing content.
386
 IV. PROPOSED WORK
The proposed algorithm depends on the ML process and
automated real-time phishing detection. By using these
features phishing URLs are extracted. For a machine learning
classification, the extracted features are used to detect
phishing websites in real-time. After so much analysis and
the survey was done which is due to comparing various
classification algorithms[6]. The Waikato Environment for
Knowledge Analysis(WEKA) is helping to determine the
performance and correctness of every algorithm. To improve
efficiency by using ELM as per the classification algorithm
and RStudio tool helps us for better analysis[6]. The
summary of the proposed method is exposed in Figure 4.
Fig 3. Structure of the proposed work
A. Extreme Learning Machine
It is a feed-forward Artificial Neural Network(ANN) and
it also has a single hidden layer. ANN is an important tool
used in Machine Learning. Neural Network contains input
and output layers and it is also hidden layers. Extreme
Learning Machine algorithm reduces the time-consuming
training speed and over-fitting issues. It depends on its
learning process and empirical threat minimization theory.
The ELM avoids local minimization and multiple
iterations. In the ELM process is different from ANN because
it renews its parameters and input weights are accidentally
chosen while output weight is calculated analytically.
According to generate the cells in the hidden layer of ELM.
Fig 4. An ANN model with a single hidden layer[25]
Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.
B. S Support Vector Machine
Support Vector Machine follows supervised learning.
SVM is helped to avoid the use of an Internet from a victim of
phisher do not loss personal and financial information.
Identify the right hyper-plane (situation-1)
Here, we take three hyper-planes (A, B and C) and all are
divide classes well. Now, how we can identify the right hyper-
plane?
(dB)
Mag
nitu
de
Fig 5. Comparative Study Between SVM and Supervised Learning
After that, we need to remember a thumb rule to identify the
right hyper-plane: "select the hyper-plane which divides two
classes better". In this situation, hyper-plane B has excellently
performed this task.
Identify the right hyper-plane (situation-2)
Here, we take three hyper-planes (A, B and C) and all are
divide classes well. Now, how we can identify the right hyper-
plane?
Fig 6. Comparative Study Between SVM and Supervised Learning
Here, maximizing the distance during the nearest data point
and hyper-plane which helps to decide the right hyper- plane.
The distance between A and B is called the margin.
387

Fig 7. Comparative Study Between SVM and Supervised Learning
The margin for hyper-plane C is compared with both A and
B. Therefore, the hyper-plane with a higher margin is
robustness.
C. Features of Website
Table 2 represents the feature category, its attributes, and
its values. Some attributes have 1 value or 2 values or 3
values which represent its strength ranging from low, medium
and high. The dataset plays an important role to extract the
phishing features for each URL under four categories:
Addressed based features, Abnormal features, HTML,
JavaScript features and Domain features[24]. These features
have 30 phishing websites characteristics which are helping to
differentiate from a legitimate website. Each type has its
phishing characteristics i.e. attributes and values are defined.
In this dataset, input attributes can take 3 different values
which are 1, 0, and -1. Output attributes can take 2 different
values which are 1, and -1.
TABLE II. ATTRIBUTES AND VALUES FOR PHISHING FEATURES
Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.
V. CONCLUSION
We have studied the different phishing attacks on URLs.
By using Extreme Learning Machine, phishing websites are
found. When the individual visit any website the features are
extracted via its URL. The result which is obtained by
extracting the features will act as test data. The objective of
this technique is to detect fake or illegal websites and notify
the user in advance to prevent users from getting their private
information to be misused.
REFERENCES
[1] Srushti Patil, and Sudhir Dhage, “A Methodical Overview On Phishing
Detection Along With An Organized Way To Construct an Anti-
Phishing Framework”, 2019 5th International Conference On Advanced
Computing & Communication System(ICACCS), pp. 1-6.
[2] Huaping Yuan, Xu Chen, Yukun Li, Zhenguo Yang and Wenyin Liu,
“Detecting Phishing Websites and Targets Based On URLs and
Webpage Links”, 2018 24th International Conference on Pattern
Recognition(ICPR) Beijing, China, August 20-24, 2018.
[3] Vaibhav Patil, Pritesh Thakkar, Cjirag Shah, Tushar Bhat, Prof. S.
P.Godse, “Detection and Prevention of Phishing Websites using
Machine Learning Approach”, 3rd ed., vol. 2. Oxford: Clarendon, 1892,
pp.68–73.
[4] Mustafa AYDIN and Nazifa BAYKAL, “Feature Extraction and
Classification Phishing Websites Based on URL”, 2015.
[5] C. Emilin Shyni, Anesh D Sundar and G. S. Edwin Ebby. “Phishing
Detection In Websites Using Parse Tree Validation”, 2018 Recent
Advances On Engineering , Technology and Computational
Sciences(RAETCS).
[6] Shraddha Parekh, Dhwanil Parikh, Srushti Kotak and Prof. Smita
Sankhi, “A New Method For Detection of Phishing Websites: URL
Detection”, Proceedings of the 2nd International Conference on Inventice
Communicastion and Computational Technologies(ICICCT 2018) IEEE
Explorer Complaint-Part Number: CFP18BAC-ART:ISBN: 978-1-
5386-1974-2
[7] Anu Vazhayil, Vinaya Kumar R and Soman KP, “Comparative Srudy Of
The Detcetion Of Malicious URLs Using Shallow and Deep Netoworks
“, 9th ICCCNT2018 July 10-12,2018,IISC,Bangluru,India.
[8] Martyn Weedon, Dimitris Tsaptsinos and James Denholm-Price,
“Random Forest Explorations for URL Classification”, 2017
[9] Mehek Thakar, Mihir Parikh and Preetika Shetty. “Detecting Phishing
Websites Using Data Mininh”, Proceeding of the Second International
Conference On Electronics, Communication and AEROSPACE
Technology(ICECA 2018).
[10] Chuan Pham, Luong A.T. Nguyen, Nguyenh. Tran, Eui-nam Huh and
Choong Seon Hong, “Phishing-Aware: A Neuro-Fuzzy Approach for
Anti-Phishing on Fog Networks”, DOI 10.1109/TNSM. 2018. 2831197,
IEEE Transactions on Netowork and Service Management.
[11] Mohhamed Alqahtani.” Phishing Websites Classification Using
Association Classification(ATWCAC)”, 2019 International Conference
On Computer and Information Sciences(ICCIS).
[12] Varsharani Ramdas Hawanna, V. Y. Kulakarni and R.A. Rane, “A
Novel Algorithm to Detect Phishing URL’s”, 978-1-5090-2080-
5/16/2016 IEEE.
[13] Xueni Li, Guanggang Geng, Zhiwei Yan, Yong Chen and Xiaodong
Leee, “Phishing Detection Based on Newly Registered Domains”, 2016
IEEE International Conference On Big Data(Big Data).
[14] Ebubekir Buber, Onder Demir and Ozgur Koray Sahingoz, “Feature
Selections For The Machine Learning Based Detection of Phishing
Websites”, 978-1-5386-1880-6/17/2017 IEEE.
[15] Amani Alswailem, Bashayr Alabdullah and Norah Alrumayh ,
“Detecting Phishing Websites Using Machine Learning”, 978-1- 7281-
0108-8/19/$31.00 2019 IEEE.
388
[16] Gayatri. S, “Phishing Website Classifier Using Polynomial Neural
Networks in Genetic Algorithm”, 2017 4th International Conference On
Signal Processing, Comminunications and Networking (ICSCN- 2017),
March 16-18, 2017, Chennai, India.
[17] Jun Hu, Xiangzhu Zhang, Yuchun Ji, Hanbing Yan, Li Ding, Jia Li and
Huiming Meng, “Detecting Phishing Websites Based On The Study Of
The Financial Industry Web Server Logs”, 2016 3rd International
Conference On Information Science And Control Enineering.
[18] Ms. Lisa Machado and Prof. Jayant Gadge, “Phishing Sites Detection
Based On C4.5 Decision Tree Algorithm”, 978-1-5386-4008-
1/17/$31.00 2017 IEEE.
[19] Rizki Wahyudi, Hendia Marcos and Uswatun Hasanah, “Algorithm
Evaluation For Classification “Phishing Websites” Using Several
Classification Algorithms”, 2018 3rd International Congerence On
Information Technology, Information System and Electrical
Engineering(ICITISEE), Yogyakarta, Indonesia.
[20] Erzhou Zhu, Dong Liu and Cheng Ye, “Effective Phishing Website
Detection Based On Improved BP Neural Network and Dual Feature
Evaluation”, 2018 IEEE Intl Conf On Parellel and Distributed
Processing with Applications, Ubiquitous Computing &
Comminications, Big Data & Cloud Computing , Social Computing and
Networking, Sustainable Computing & Communications.
[21] APBULGHANI ALY AHMED, NURUL AMIRAH ABDULLAH ,
“Real Time Detection Of Phishing Websites”, 978-1-5090-0996-
1/16$31.00 2016 IEEE.
[22] Murat Karabatak and Twana Mustafa, “Performance Comparison Of
Classifiers On Reduced Phishing Website Dataset", 2018 6t
International Symposium On Digital Forensic And Security (ISDFS).
[23] Mohammad Mehdi Yadollahi, Farzaneh Shoeleh and Elham Serkani,
“An Adaptive Machine Learning Based Approach For Phishing
Detection Using Hybrid Features”, 2019 5th International Conference On
Web Research(ICWR).
[24] Dyana Rashid Ibrahim and Ali Husen Hadi, “Phishing Websites
Prediction Using Classification Techniques”, 2017 International
Conference On New Trends In Computing Sciences(ICTCS).
[25] Yasin Sonmez, Turker Tuncer and Huseyin Gokal, “Phishing Website
Features Classification Based On Extreme Learning Machine”, 978-1-
5386-3449-3/18/$31.00 2018 IEEE.
[26] Waleed Ali,” Phishing Website Detction Based On Supevised Machine
Learning With Wrapper Features Selection”, International Journal Of
Advanced Computer Science And Applications, 2017.
[27] M. Aburrous, M. A. Hossain, K. Dahal, and F. Thabtah, “Intelligent
phishing detection system for e-banking using fuzzy data mining”,
Expert Syst. Appl., vol.37, no. 12,pp.7913-7921, 2010.
[28] M. S. Arade, P. Bhaskar, and R. Kamat, “Antiphishing model with URL
and image based web page matching”, Int. J. Comput. Sci. Technol.
IJCST, vol. 2,no. 2, pp. 282-286, 2011.
[29] H. Shahriar and M. Zulkernine, “Trustworthiness testing of phishing
websites:A behaviour model-based approach”, Spec. Sect. SS Trust.
Softw. Behav. SS Econ. Comput. Serv., vol. 28, no. 8, pp. 1258-1271,
Oct. 2012.
[30] M. I. A. Ajlouni, W. Hadi, and J. Alwedyan, “Detecting phishing
websites using associative classification”, Image(IN), vol.5, no. 23,
2013.

389

Authorized licensed use limited to: University of Durham. Downloaded on June 22,2020 at 01:00:18 UTC from IEEE Xplore. Restrictions apply.