Integrating Deep Learning with First-Order Logic Programmed Constraints for Zero-Day Phishing Attack Detection

Bu, Seok-Jun; Cho, Sung-Bae

doi:10.1109/icassp39728.2021.9414850

Cited by 15 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bu and Cho improved performance by additionally using not only character and word-level URL features, but also feature sets based on expert knowledge [3]. The output of the deep learning classifier was successfully corrected by utilizing the phishing attackdetection rule expressed in the form of first-order logic, and the necessity of optimizing the feature set for phishing detection was addressed.…”

Section: Related Workmentioning

confidence: 99%

“…Character-CNN with W2V-LSTM VirusTotal Tajaddodianfar [6] CNN-LSTM with Attention MS anonymized browsing data In this paper, we extend the URL feature extraction and selection process to detect phishing attacks. In contrast to the attempts that use a rule-based system consisting of an optimized detection ruleset and machine learning algorithms in parallel [3,16], we explicitly include the step of optimizing the feature-selection process. The genetic algorithm is representative method of combinatorial searching [15], which divides the wide search space of deep learning parameters and performs recall-oriented optimization.…”

Section: Gan Phishtankmentioning

confidence: 99%

“…A phishing attack using URLs can be defined as a scalable and deceptive action in which an impersonated web server obtains information from an individual [1]. Various deep learning models have been introduced to classify phishing attacks based on the URL features [2,3]. Prominent among these is the method of optimizing the structure of the convolutional-recurrent neural network [4] by focusing on the expression of URL features in the character-and word-level, which has achieved a plausible performance comparable to the existing detection system [5].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection

Kim

2022

Electronics

View full text Add to dashboard Cite

Deep learning models for phishing URL classification based on character- and word-level URL features achieve the best performance in terms of accuracy. Various improvements have been proposed through deep learning parameters, including the structure and learning strategy. However, the existing deep learning approach shows a degradation in recall according to the nature of a phishing attack that is immediately discarded after being reported. An additional optimization process that can minimize the false negatives by selecting the core features of phishing URLs is a promising avenue of improvement. To search the optimal URL feature set and to fully exploit it, we propose a combined searching and learning strategy that effectively models the URL classifier for recall. By incorporating the deep-learning-based URL classifier with the genetic algorithm to search the optimal feature set that minimizing the false negatives, an optimized classifier that guarantees the best performance was obtained. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the deep learning models. We demonstrated the superiority of the method by 10-fold cross-validation and confirmed that the recall improved compared to the latest deep learning method. In particular, the accuracy and recall were improved by 4.13%p and 7.07%p, respectively, compared to the convolutional–recurrent neural network in which the feature selection optimization was omitted.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Gan Phishtankmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection

Kim

2022

Electronics

View full text Add to dashboard Cite

show abstract

“…A 50:50 ratio was used for training and testing the supervised algorithm in the case of meta-level learners. The performance of the stacker was compared against different datasets, and the highest accuracy was shown for CICIDS2017 by 0.9997 alongside 0.998 (precision), 1.000 (recall), and 0.999 (F1-Score) [102].…”

Section: Comparative Analysismentioning

confidence: 99%

Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection

et al. 2022

View full text Add to dashboard Cite

Many intrusion detection and prevention systems (IDPS) have been introduced to identify suspicious activities. However, since attackers are exploiting new vulnerabilities in systems and are employing more sophisticated advanced cyber-attacks, these zero-day attacks remain hidden from IDPS in most cases. These features have incentivized many researchers to propose different artificial intelligence-based techniques to prevent, detect, and respond to such advanced attacks. This has also created a new requirement for a comprehensive comparison of the existing schemes in several aspects ; after a thorough study we found that there currently exists no detailed comparative analysis of artificial intelligence-based techniques published in the last five years. Therefore, there is a need for this kind of work to be published, as there are many comparative analyses in other fields of cyber security that are available for readers to review.In this paper, we provide a comprehensive review of the latest and most recent literature, which introduces well-known machine learning and deep learning algorithms and the challenges they face in detecting zero-day attacks. Following these qualitative analyses, we present the comparative evaluation results regarding the highest accuracy, precision, recall, and F1 score compared to different datasets.

show abstract

“…However, phishing URLs based on web applications have zero-day exploit characteristics that frequently involve novel attack instances, as URLs can be generated very conveniently in such applications. For this reason, phishing URLs hardly detected by predefined databases or simple detection rules [2,5,6].…”

Section: Introductionmentioning

confidence: 99%

Ensemble Learning of Deep URL Features based on Convolutional Neural Network for Phishing Attack Detection

Bu¹,

Kim²

2021

Adv. sci. technol. eng. syst. j.

Self Cite

View full text Add to dashboard Cite

The deep learning-based URL classification approach using massive observations has been verified especially in the field of phishing attack detection. Various improvements have been achieved through the modeling of character and word sequence of URL based on convolutional and recurrent neural networks, and it has been proven that an ensemble approach of each model has the best performance. However, existing ensemble methods have limitations in effectively fusing the nonlinear correlation between heterogeneous features extracted from characters and the sequence of sub-domains. In this paper, we propose a convolutional network-based ensemble learning approach to systematically fuse syntactic and semantic features for phishing URL detection. By learning the weights that integrating the heterogeneous features extracted from the URL, an ensemble rule that guarantees the best performance was obtained. A total of 45,000 benign URLs and 15,000 phishing URLs were collected and 10-fold cross-validation was conducted for quantitative validation. The obtained classification accuracy of 0.9804 indicates that the proposed method outperforms the existing machine learning algorithms and provides plausible solution for phishing URL detection. We demonstrated the superiority of the proposed method by receiver-operating characteristic (ROC) curve analysis and the case analysis and confirmed that the accuracy improved by 1.93% compared to the latest deep model.

show abstract

Integrating Deep Learning with First-Order Logic Programmed Constraints for Zero-Day Phishing Attack Detection

Cited by 15 publications

References 17 publications

Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection

Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection

Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection

Ensemble Learning of Deep URL Features based on Convolutional Neural Network for Phishing Attack Detection

Contact Info

Product

Resources

About