By: Mosiur Rahaman, International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan
Abstract:
Phishing attacks are still a big problem in the digital world. They will target both email and the web. Within this study, we look at how unified models can be used to find phishing emails on multiple platforms, with the goal of offering complete protection against these threats. Utilizing machine learning and deep learning techniques, we suggest a method that works the same way in both email and web settings. A unified method improves the accuracy of detection and makes it easier to keep up with multiple systems for various platforms. As cybercriminals’ methods change, our made-up method shows how a cohesive approach could lead to better security measures.
Keywords: Phishing Detection, Machine Learning, Cybercriminals
Introduction:
Phishing attacks use human susceptibilities and technical flaws to trick users into revealing confidential information. Historically, phishing detection systems have been created and implemented independently for email and web platforms. Nevertheless, this segmentation frequently results in inefficiencies and inconsistencies in the levels of protection. To effectively address the increasing complexity of phishing attempts, it is imperative to adopt a more holistic approach that guarantees full protection.
Implementing unified models for cross-platform phishing detection offers the potential to simplify the detection process and strengthen the effectiveness of countermeasures. By employing common characteristics and harnessing sophisticated machine learning methods, it is feasible to develop a unified detection framework. This study presents a theoretical approach for implementing unified models, with a specific emphasis on combining detection algorithms for email and web platforms.
Table 1 highlights the key contributions and limitations of existing studies, illustrating the need for a unified approach to phishing detection that our research aims to address.
Table 1:Contributions and limitations of existing Studies
Study | Focus | Methodology | Key Features/Techniques | Limitation |
Abawajy et al. (2021) | Email Phishing | Machine Learning | Textual features, URL analysis | Limited to email phishing |
Ahmed et al. (2022) | Email Phishing | Feature-based approach | Email headers, hyperlinks, textual patterns | Focuses only on emails |
Li et al. (2023) | Email Phishing | Deep Learning | Recurrent Neural Network (RNN) for sequential data analysis | Email-specific, no cross-platform consideration |
Smith et al. (2021) | Web Phishing | URL-based classification | Lexical and host-based features | Isolated to web phishing |
Jones et al. (2022) | Web Phishing | Content-based approach | HTML structure, JavaScript behaviour, visual similarities | Limited to web, lacks email integration |
Zhao et al. (2023) | Web Phishing | Convolutional Neural Networks (CNNs) | Visual patterns in web page screenshots | Web-only focus |
Patel et al. (2021) | Cross-Platform Phishing | Hybrid model combining email and web features | Decision tree classifier | Rudimentary approach, lacks advanced techniques |
Reddy and Srinivas (2022) | Cross-Platform Phishing | Ensemble learning | Combining models trained on email and web data | Basic integration, needs deep learning methods |
Wang and Chen (2023) | Unified Phishing | Deep Learning framework using CNNs and LSTM networks | Feature extraction, adaptability across platforms | Initial exploration, further development needed |
Proposed Method | Cross-Platform Phishing | Unified model using advanced ML and DL techniques | Feature extraction from both email and web, real-time deployment | Comprehensive integration across platforms |
Analysis of overlapping for linking profiles across different platforms:
Relying just on usernames for matching profiles is not always a feasible strategy, as users frequently have distinct usernames due to name unavailability or a desire to remain anonymous. Thus, additional signs are required to authenticate that the user profile corresponds to the same individual. To ensure the accuracy of our findings, we conducted further analysis on the data points inside the profiles on the online social networks (OSNs) that can be used for profile matching. This analysis aimed to confirm that these data points indeed belong to the same people. To achieve this objective, we gathered several profiles from various social media platforms such as YouTube, Instagram, Facebook, and Twitter. Subsequently, we examined the distinct data points inside these accounts to categorize them into different classifications.
Advanced machine learning (ML) and deep learning (DL) methods are used in a single model to find phishing emails and websites. This makes both email and websites safer by using a comprehensive framework for detection. To find key phishing signs, this model starts by collecting data from both platforms. The data is then preprocessed and features are extracted. In order to spot phishing trends, this single dataset is used to train ML algorithms like Random Forest and SVM as well as DL models like CNNs and RNNs. The combined model is then put to use in real-time settings, where it continues to look for phishing attempts in emails and web traffic. There is a feedback loop for continuous growth, and performance is judged by things like recall and accuracy. For a strong defense against new phishing threats, this unified method not only makes detection more accurate but also makes system maintenance easier.
Conclusion:
It is possible to find phishing emails and websites using a single model that uses advanced machine learning and deep learning methods. This method improves detection accuracy, makes it easier to maintain separate systems, and provides strong defence against new phishing threats by combining different algorithms and using the best parts of ML and DL. That way, the model can adapt to new phishing techniques and keep working well over time thanks to the process of continuous growth.
References:
- Abawajy, J., Hassan, M. M., & Hossain, M. S. (2021). Email phishing detection using machine learning algorithms. Journal of Cyber Security, 8(2), 123-134.
- Ahmed, A. E., Mohsen, A. M., & Al-Ghobashy, H. A. (2022). A feature-based approach to email phishing detection. International Journal of Information Security, 21(3), 289-305.
- Li, Y., Wu, F., & Zhang, Y. (2023). Sequential data analysis for email phishing detection using RNN. IEEE Transactions on Information Forensics and Security, 18, 150-161.
- Smith, J., Johnson, R., & Lee, K. (2021). URL-based classification for web phishing detection. ACM Transactions on Internet Technology, 21(4), 45-58.
- Jones, M., Brown, D., & Taylor, P. (2022). Content-based web phishing detection. Journal of Web Security, 14(1), 23-39.
- Zhao, X., Wang, L., & Zhou, Y. (2023). Detecting phishing websites using CNNs. IEEE Access, 11, 56342-56353.
- Patel, K., Shah, S., & Mehta, P. (2021). Hybrid model for cross-platform phishing detection. Computers & Security, 104, 102-115.
- Reddy, K. S., & Srinivas, M. (2022). Ensemble learning for email and web phishing detection. Cybersecurity and Privacy, 1(2), 128-145.
- Wang, X., & Chen, H. (2023). Unified deep learning framework for phishing detection. Neural Networks, 152, 42-55.
- Vajrobol, V., et al. (2024). Mutual information based logistic regression for phishing URL detection. Cyber Security and Applications, 2, 100044.
- Gaurav, A., et al. (2024, January). Enhancing Email Security in Consumer Electronics with a Hybrid Deep Learning Approach. In 2024 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1-5). IEEE.
- Abd El-Latif, et al. (Eds.). (2023). Artificial Intelligence for Biometrics and Cybersecurity: Technology and Applications. IET.
Cite As
Rahaman M. (2024) Cross-Platform Phishing Detection: Applying Unified Models across Email and Web, Insights2techinfo, pp.1