Hybrid Rule-Based Model for Phishing URLs Detection

Adewole, Kayode S.; Akintola, Abimbola G.; Salihu, Shakirat Aderonke; Фарук, Насир; Jimoh, Rasheed Gbenga

doi:10.1007/978-3-030-23943-5_9

Cited by 20 publications

(13 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firstly, JRip and PART are sets of non-complex rules and could be integrated easily with any IDS system. Secondly, even though other classification algorithms are available, JRip and PART classifiers are used by many researchers in their recent work (Faizal et al, 2018;Kumar, Viinikainen & Hamalainen, 2018;Adewole et al, 2019). Thirdly, the proposed approach assumed that the hybridisation of the two classifiers would improve the output result; thereby, the final detection model rule is a hybrid of extracted rules from both PART and JRip output.…”

Section: Ratio_suc_respmentioning

confidence: 99%

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Al-Mashhadi

Anbar

Hasbullah

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Botnets can simultaneously control millions of Internet-connected devices to launch damaging cyber-attacks that pose significant threats to the Internet. In a botnet, bot-masters communicate with the command and control server using various communication protocols. One of the widely used communication protocols is the ‘Domain Name System’ (DNS) service, an essential Internet service. Bot-masters utilise Domain Generation Algorithms (DGA) and fast-flux techniques to avoid static blacklists and reverse engineering while remaining flexible. However, botnet’s DNS communication generates anomalous DNS traffic throughout the botnet life cycle, and such anomaly is considered an indicator of DNS-based botnets presence in the network. Despite several approaches proposed to detect botnets based on DNS traffic analysis; however, the problem still exists and is challenging due to several reasons, such as not considering significant features and rules that contribute to the detection of DNS-based botnet. Therefore, this paper examines the abnormality of DNS traffic during the botnet lifecycle to extract significant enriched features. These features are further analysed using two machine learning algorithms. The union of the output of two algorithms proposes a novel hybrid rule detection model approach. Two benchmark datasets are used to evaluate the performance of the proposed approach in terms of detection accuracy and false-positive rate. The experimental results show that the proposed approach has a 99.96% accuracy and a 1.6% false-positive rate, outperforming other state-of-the-art DNS-based botnet detection approaches.

show abstract

Section: Ratio_suc_respmentioning

confidence: 99%

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Al-Mashhadi

Anbar

Hasbullah

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…The detection performances of the developed phishing models are evaluated using Accuracy, F-measure, Area under the Curve (AUC), falsepositive rate (FPR), true positive rate (TPR), and Mathew's correlation coefficient (MCC) performance evaluation metric. Preference for these metrics is based on the wide and frequent usage of these evaluation metrics for phishing website detection from existing studies [2,4,10,11,34,36]. i.…”

Section: Performance Evaluation Metricsmentioning

confidence: 99%

“…The increasing acceptance and adoption of information technology (IT) have led to an increase in the number of web-based solutions provided via cyberspace [1]. These activities range from essential services such as financial transactions to basic activities like e-health applications and education [2,3]. Research has shown that financial transactions, online gaming services and social media are considered top web-based solutions with vast popularity and enormous users.…”

Section: Introductionmentioning

confidence: 99%

Improving the phishing website detection using empirical analysis of Function Tree and its variants

Balogun

Adewole

Raheem

et al. 2021

Heliyon

Self Cite

View full text Add to dashboard Cite

The phishing attack is one of the most complex threats that have put internet users and legitimate web resource owners at risk. The recent rise in the number of phishing attacks has instilled distrust in legitimate internet users, making them feel less safe even in the presence of powerful antivirus apps. Reports of a rise in financial damages as a result of phishing website attacks have caused grave concern. Several methods, including blacklists and machine learning-based models, have been proposed to combat phishing website attacks. The blacklist antiphishing method has been faulted for failure to detect new phishing URLs due to its reliance on compiled blacklisted phishing URLs. Many ML methods for detecting phishing websites have been reported with relatively low detection accuracy and high false alarm. Hence, this research proposed a Functional Tree (FT) based metalearning models for detecting phishing websites. That is, this study investigated improving the phishing website detection using empirical analysis of FT and its variants. The proposed models outperformed baseline classifiers, meta-learners and hybrid models that are used for phishing websites detection in existing studies. Besides, the proposed FT based meta-learners are effective for detecting legitimate and phishing websites with accuracy as high as 98.51% and a false positive rate as low as 0.015. Hence, the deployment and adoption of FT and its metalearner variants for phishing website detection and applicable cybersecurity attacks are recommended.

show abstract

“…In the last decade, several studies like Zamir et al [5], Nepali and Wang [2], Adewole et al [7], Kuyama et al [8],…”

Section: Introductionmentioning

confidence: 99%

Malicious URLs detection using data streaming algorithms

Adewole

Raheem

AbdulRaheem

et al. 2021

J. Teknol. dan Sist. Komput

View full text Add to dashboard Cite

As a result of advancements in technology and technological devices, data is now spawned at an infinite rate, emanating from a vast array of networks, devices, and daily operations like credit card transactions and mobile phones. Datastream entails sequential and real-time continuous data in the inform of evolving stream. However, the traditional machine learning approach is characterized by a batch learning model. Labeled training data are given apriori to train a model based on some machine learning algorithms. This technique necessitates the entire training sample to be readily accessible before the learning process. The training procedure is mainly done offline in this setting due to the high training cost. Consequently, the traditional batch learning technique suffers severe drawbacks, such as poor scalability for real-time phishing websites detection. The model mostly requires re-training from scratch using new training samples. This paper presents the application of streaming algorithms for detecting malicious URLs based on selected online learners: Hoeffding Tree (HT), Naïve Bayes (NB), and Ozabag. Ozabag produced promising results in terms of accuracy, Kappa and Kappa Temp on the dataset with large samples while HT and NB have the least prediction time with comparable accuracy and Kappa with Ozabag algorithm for the real-time detection of phishing websites.

show abstract

Hybrid Rule-Based Model for Phishing URLs Detection

Cited by 20 publications

References 17 publications

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Improving the phishing website detection using empirical analysis of Function Tree and its variants

Malicious URLs detection using data streaming algorithms

Contact Info

Product

Resources

About