A machine learning approach for detecting fast flux phishing hostnames

Nagunwa, Thomas and Kearney, Paul and Fouad, Shereen (2022) A machine learning approach for detecting fast flux phishing hostnames. Journal of Information Security and Applications, 65. p. 103125. ISSN 2214-2126

A machine learning approach.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB)


Attackers are increasingly using Fast Flux Service Networks (FFSNs), networks of compromised machines, to host phishing websites. In FFSNs, the machines rapidly change such that blacklisting them does not entirely stop the networks from operating the websites. This increases the longevity of the websites thus becoming more harmful. Existing solutions for detecting the websites are limited with relatively low or moderate prediction performances, high prediction time and use of less diversified features which increases their susceptibility to detection evasions. This paper proposes a Machine Learning (ML) based approach for detecting phishing websites hosted in FFSNs using a novel set of 56 features. Compared with previous works, the approach achieves high accuracy, a low detection time and uses highly diversified features to enhance resilience to detection evasion. The effectiveness of the features for prediction was evaluated in the context of binary and multi-class classification tasks using multiple traditional and deep learning ML algorithms. The proposed approach achieves an accuracy of 98.42% and 97.81% for binary and multi-class classification tasks respectively. Our results showed that temporal and DNS based features are the strongest predictors while network and host related features are the weakest. Our approach is a significant step towards tracking of core components of FFSNs with an aim of shutting down the entire phishing ecosystem.

Item Type: Article
Identification Number: https://doi.org/10.1016/j.jisa.2022.103125
22 February 2022Accepted
22 February 2022Published Online
Uncontrolled Keywords: Phishing hostname, Fast flux service network, Machine learning, Deep learning, Flat classification, Hierarchical classification
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Paul Kearney
Date Deposited: 24 Feb 2022 10:09
Last Modified: 22 Feb 2024 03:00
URI: https://www.open-access.bcu.ac.uk/id/eprint/12859

Actions (login required)

View Item View Item


In this section...