A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites

Thomas Nagunwa; Syed Naqvi; Shereen Fouad; Hanifa Shah

doi:10.1007/978-3-030-20005-3_4

A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites

Thomas Nagunwa^*, Syed Naqvi, Shereen Fouad, Hanifa Shah

^*Corresponding author for this work

College of Engineering and Physical Sciences

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

Existing machine learning based approaches for detecting zero hour phishing websites have moderate accuracy and false alarm rates and rely heavily on limited types of features. Phishers are constantly learning their features and use sophisticated tools to adopt the features in phishing websites to evade detections. Therefore, there is a need for continuous discovery of new, robust and more diverse types of prediction features to improve resilience against detection evasions. This paper proposes a framework for predicting zero hour phishing websites by introducing new hybrid features with high prediction performances. Prediction performance of the features was investigated using eight machine learning algorithms in which Random Forest algorithm performed the best with accuracy and false negative rates of 98.45% and 0.73% respectively. It was found that domain registration information and webpage reputation types of features were strong predictors when compared to other feature types. On individual features, webpage reputation features were highly ranked in terms of feature importance weights. The prediction runtime per webpage measured at 7.63Â s suggest that our approach has a potential for real time applications. Our framework is able to detect phishing websites hosted in either compromised or dedicated phishing domains.

Original language	English
Title of host publication	International Joint Conference
Subtitle of host publication	12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings
Editors	Francisco Martínez Álvarez, Alicia Troncoso Lora, Héctor Quintián, José António Sáez Muñoz, Emilio Corchado
Publisher	Springer
Pages	36-46
Number of pages	11
ISBN (Print)	9783030200046
DOIs	https://doi.org/10.1007/978-3-030-20005-3_4
Publication status	Published - 28 Apr 2019
Event	International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2019 and 10th International Conference on European Transnational Education, ICEUTE 2019 - Seville, Spain Duration: 13 May 2019 → 15 May 2019

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	951
ISSN (Print)	2194-5357
ISSN (Electronic)	2194-5365

Conference

Conference	International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2019 and 10th International Conference on European Transnational Education, ICEUTE 2019
Country/Territory	Spain
City	Seville
Period	13/05/19 → 15/05/19

Bibliographical note

Funding Information:
The research leading to the results presented in the paper was partially funded by the UK Commonwealth Scholarship Commission (CSC).

Keywords

Machine learning
Phishing
Phishing webpage detection
Webpage features
Zero hour phishing website

Access to Document

10.1007/978-3-030-20005-3_4

http://www.open-access.bcu.ac.uk/7254/

Cite this

Nagunwa, T., Naqvi, S., Fouad, S., & Shah, H. (2019). A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites. In F. Martínez Álvarez, A. Troncoso Lora, H. Quintián, J. A. Sáez Muñoz, & E. Corchado (Eds.), International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings (pp. 36-46). (Advances in Intelligent Systems and Computing; Vol. 951). Springer. https://doi.org/10.1007/978-3-030-20005-3_4

Nagunwa, Thomas ; Naqvi, Syed ; Fouad, Shereen et al. / A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites. International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings. editor / Francisco Martínez Álvarez ; Alicia Troncoso Lora ; Héctor Quintián ; José António Sáez Muñoz ; Emilio Corchado. Springer, 2019. pp. 36-46 (Advances in Intelligent Systems and Computing).

@inproceedings{8b884ded3e16474fb2f5882bc12242f2,

title = "A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites",

abstract = "Existing machine learning based approaches for detecting zero hour phishing websites have moderate accuracy and false alarm rates and rely heavily on limited types of features. Phishers are constantly learning their features and use sophisticated tools to adopt the features in phishing websites to evade detections. Therefore, there is a need for continuous discovery of new, robust and more diverse types of prediction features to improve resilience against detection evasions. This paper proposes a framework for predicting zero hour phishing websites by introducing new hybrid features with high prediction performances. Prediction performance of the features was investigated using eight machine learning algorithms in which Random Forest algorithm performed the best with accuracy and false negative rates of 98.45% and 0.73% respectively. It was found that domain registration information and webpage reputation types of features were strong predictors when compared to other feature types. On individual features, webpage reputation features were highly ranked in terms of feature importance weights. The prediction runtime per webpage measured at 7.63{\^A} s suggest that our approach has a potential for real time applications. Our framework is able to detect phishing websites hosted in either compromised or dedicated phishing domains.",

keywords = "Machine learning, Phishing, Phishing webpage detection, Webpage features, Zero hour phishing website",

author = "Thomas Nagunwa and Syed Naqvi and Shereen Fouad and Hanifa Shah",

note = "Funding Information: The research leading to the results presented in the paper was partially funded by the UK Commonwealth Scholarship Commission (CSC). ; International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2019 and 10th International Conference on European Transnational Education, ICEUTE 2019 ; Conference date: 13-05-2019 Through 15-05-2019",

year = "2019",

month = apr,

day = "28",

doi = "10.1007/978-3-030-20005-3_4",

language = "English",

isbn = "9783030200046",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer",

pages = "36--46",

editor = "{Mart{\'i}nez {\'A}lvarez}, Francisco and {Troncoso Lora}, Alicia and H{\'e}ctor Quinti{\'a}n and {S{\'a}ez Mu{\~n}oz}, {Jos{\'e} Ant{\'o}nio} and Emilio Corchado",

booktitle = "International Joint Conference",

address = "Germany",

}

Nagunwa, T, Naqvi, S, Fouad, S & Shah, H 2019, A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites. in F Martínez Álvarez, A Troncoso Lora, H Quintián, JA Sáez Muñoz & E Corchado (eds), International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings. Advances in Intelligent Systems and Computing, vol. 951, Springer, pp. 36-46, International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2019 and 10th International Conference on European Transnational Education, ICEUTE 2019, Seville, Spain, 13/05/19. https://doi.org/10.1007/978-3-030-20005-3_4

A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites. / Nagunwa, Thomas; Naqvi, Syed; Fouad, Shereen et al.
International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings. ed. / Francisco Martínez Álvarez; Alicia Troncoso Lora; Héctor Quintián; José António Sáez Muñoz; Emilio Corchado. Springer, 2019. p. 36-46 (Advances in Intelligent Systems and Computing; Vol. 951).

Research output: Chapter in Book/Published conference output › Conference publication

TY - GEN

T1 - A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites

AU - Nagunwa, Thomas

AU - Naqvi, Syed

AU - Fouad, Shereen

AU - Shah, Hanifa

N1 - Funding Information: The research leading to the results presented in the paper was partially funded by the UK Commonwealth Scholarship Commission (CSC).

PY - 2019/4/28

Y1 - 2019/4/28

N2 - Existing machine learning based approaches for detecting zero hour phishing websites have moderate accuracy and false alarm rates and rely heavily on limited types of features. Phishers are constantly learning their features and use sophisticated tools to adopt the features in phishing websites to evade detections. Therefore, there is a need for continuous discovery of new, robust and more diverse types of prediction features to improve resilience against detection evasions. This paper proposes a framework for predicting zero hour phishing websites by introducing new hybrid features with high prediction performances. Prediction performance of the features was investigated using eight machine learning algorithms in which Random Forest algorithm performed the best with accuracy and false negative rates of 98.45% and 0.73% respectively. It was found that domain registration information and webpage reputation types of features were strong predictors when compared to other feature types. On individual features, webpage reputation features were highly ranked in terms of feature importance weights. The prediction runtime per webpage measured at 7.63Â s suggest that our approach has a potential for real time applications. Our framework is able to detect phishing websites hosted in either compromised or dedicated phishing domains.

AB - Existing machine learning based approaches for detecting zero hour phishing websites have moderate accuracy and false alarm rates and rely heavily on limited types of features. Phishers are constantly learning their features and use sophisticated tools to adopt the features in phishing websites to evade detections. Therefore, there is a need for continuous discovery of new, robust and more diverse types of prediction features to improve resilience against detection evasions. This paper proposes a framework for predicting zero hour phishing websites by introducing new hybrid features with high prediction performances. Prediction performance of the features was investigated using eight machine learning algorithms in which Random Forest algorithm performed the best with accuracy and false negative rates of 98.45% and 0.73% respectively. It was found that domain registration information and webpage reputation types of features were strong predictors when compared to other feature types. On individual features, webpage reputation features were highly ranked in terms of feature importance weights. The prediction runtime per webpage measured at 7.63Â s suggest that our approach has a potential for real time applications. Our framework is able to detect phishing websites hosted in either compromised or dedicated phishing domains.

KW - Machine learning

KW - Phishing

KW - Phishing webpage detection

KW - Webpage features

KW - Zero hour phishing website

UR - http://www.scopus.com/inward/record.url?scp=85065704127&partnerID=8YFLogxK

UR - https://link.springer.com/chapter/10.1007%2F978-3-030-20005-3_4

U2 - 10.1007/978-3-030-20005-3_4

DO - 10.1007/978-3-030-20005-3_4

M3 - Conference publication

AN - SCOPUS:85065704127

SN - 9783030200046

T3 - Advances in Intelligent Systems and Computing

SP - 36

EP - 46

BT - International Joint Conference

A2 - Martínez Álvarez, Francisco

A2 - Troncoso Lora, Alicia

A2 - Quintián, Héctor

A2 - Sáez Muñoz, José António

A2 - Corchado, Emilio

PB - Springer

T2 - International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems, CISIS 2019 and 10th International Conference on European Transnational Education, ICEUTE 2019

Y2 - 13 May 2019 through 15 May 2019

ER -

Nagunwa T, Naqvi S, Fouad S, Shah H. A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites. In Martínez Álvarez F, Troncoso Lora A, Quintián H, Sáez Muñoz JA, Corchado E, editors, International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), Proceedings. Springer. 2019. p. 36-46. (Advances in Intelligent Systems and Computing). doi: 10.1007/978-3-030-20005-3_4

A Framework of New Hybrid Features for Intelligent Detection of Zero Hour Phishing Websites

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this