A machine learning approach for detecting fast flux phishing hostnames
Nagunwa, Thomas and Kearney, Paul and Fouad, Shereen (2022) A machine learning approach for detecting fast flux phishing hostnames. Journal of Information Security and Applications, 65. p. 103125. ISSN 2214-2126
Preview |
Text
A machine learning approach.pdf - Accepted Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) |
Abstract
Attackers are increasingly using Fast Flux Service Networks (FFSNs), networks of compromised machines, to host phishing websites. In FFSNs, the machines rapidly change such that blacklisting them does not entirely stop the networks from operating the websites. This increases the longevity of the websites thus becoming more harmful. Existing solutions for detecting the websites are limited with relatively low or moderate prediction performances, high prediction time and use of less diversified features which increases their susceptibility to detection evasions. This paper proposes a Machine Learning (ML) based approach for detecting phishing websites hosted in FFSNs using a novel set of 56 features. Compared with previous works, the approach achieves high accuracy, a low detection time and uses highly diversified features to enhance resilience to detection evasion. The effectiveness of the features for prediction was evaluated in the context of binary and multi-class classification tasks using multiple traditional and deep learning ML algorithms. The proposed approach achieves an accuracy of 98.42% and 97.81% for binary and multi-class classification tasks respectively. Our results showed that temporal and DNS based features are the strongest predictors while network and host related features are the weakest. Our approach is a significant step towards tracking of core components of FFSNs with an aim of shutting down the entire phishing ecosystem.
Item Type: | Article |
---|---|
Identification Number: | 10.1016/j.jisa.2022.103125 |
Dates: | Date Event 22 February 2022 Accepted 22 February 2022 Published Online |
Uncontrolled Keywords: | Phishing hostname, Fast flux service network, Machine learning, Deep learning, Flat classification, Hierarchical classification |
Subjects: | CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science |
Divisions: | Faculty of Computing, Engineering and the Built Environment > College of Computing |
Depositing User: | Paul Kearney |
Date Deposited: | 24 Feb 2022 10:09 |
Last Modified: | 22 Feb 2024 03:00 |
URI: | https://www.open-access.bcu.ac.uk/id/eprint/12859 |
Actions (login required)
![]() |
View Item |