Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach

Orestis Christou; Nikolaos Pitropakis; Pavlos Papadopoulos; Sean McKeown; William Buchanan

doi:10.5220/0008902202890298

Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach

Orestis Christou, Nikolaos Pitropakis, Pavlos Papadopoulos, Sean McKeown, William Buchanan

2020

Abstract

Phishing is considered to be one of the most prevalent cyber-attacks because of its immense flexibility and alarmingly high success rate. Even with adequate training and high situational awareness, it can still be hard for users to continually be aware of the URL of the website they are visiting. Traditional detection methods rely on blocklists and content analysis, both of which require time-consuming human verification. Thus, there have been attempts focusing on the predictive filtering of such URLs. This study aims to develop a machine-learning model to detect fraudulent URLs which can be used within the Splunk platform. Inspired from similar approaches in the literature, we trained the SVM and Random Forests algorithms using malicious and benign datasets found in the literature and one dataset that we created. We evaluated the algorithms’ performance with precision and recall, reaching up to 85% precision and 87% recall in the case of Random Forests while SVM achieved up to 90% precision and 88% recall using only descriptive features.

Download

Paper Citation

in Harvard Style

Christou O., Pitropakis N., Papadopoulos P., McKeown S. and Buchanan W. (2020). Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 289-298. DOI: 10.5220/0008902202890298

in Bibtex Style

@conference{icissp20,
author={Orestis Christou and Nikolaos Pitropakis and Pavlos Papadopoulos and Sean McKeown and William Buchanan},
title={Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={289-298},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008902202890298},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Phishing URL Detection Through Top-level Domain Analysis: A Descriptive Approach
SN - 978-989-758-399-5
AU - Christou O.
AU - Pitropakis N.
AU - Papadopoulos P.
AU - McKeown S.
AU - Buchanan W.
PY - 2020
SP - 289
EP - 298
DO - 10.5220/0008902202890298