Research Area:  Machine Learning

Abstract:

Phishing website attack, as one of the most persistent forms of cyber threats, evolves and remains a major cyber threat. Various detection methods (e.g., lookup systems, fraud cue-based methods) have been proposed to identify phishing websites. The limitations of lookup systems (e.g., failing to address newly created attacks) and the fraud cue-based methods (e.g., relying on feature engineering) motivated the development of deep representation-based methods capable of learning deep fraud cues for enhanced anti-phishing capacity. Focusing mostly on URLs, these methods fail to analyze other two important modalities of website content: textual information and visual design. Moreover, the interpretability of these deep learning based methods is limited, reducing model trustworthiness and preventing relevant and actionable intelligence. As such, we propose a multi-modal hierarchical attention model (MMHAM) which jointly learns the deep fraud cues from the three major modalities of website content for phishing website detection. Specifically, MMHAM features an innovative shared dictionary learning approach for aligning representations from different modalities in the attention mechanism. In our evaluation experiments, the proposed MMHAM not only learned improved deep cues for enhanced phishing detection, but provided a hierarchical interpretability system from which we could develop phishing threat intelligence to inform phishing websites detection at different levels.

Keywords:  
Phishing
Navigation
Visualization
Uniform resource locators
Deep learning
Protocols
Blacklisting

Author(s) Name:  Yidong Chai; Yonghang Zhou; Weifeng Li

Publisher name:  IEEE

DOI:  10.1109/TDSC.2021.3119323

Volume Information:  Volume: 19

Paper Link:   https://ieeexplore.ieee.org/abstract/document/9568704