A Phishing detection model based on dynamic-hybrid feature selection
Ruiru, Daniel K
Phishing attacks have been a big internet nuisance since the early 1990s when hackers started stealing information from organizations using messaging platforms. At the time, the problem affected large institutions and corporations as the internet was still in its early stages of development and, had minimal individual subscribers. The early 2000s saw the widespread application of the technology (internet) which subsequently saw phishers target individual users using electronic mails (emails). In itself, phishing is a form of cyber-attack that steals personal information from unsuspecting users by duping them using verification or reward emails. This deception process ultimately helps the intruders to access sensitive data that can be used to access financial records for monetary gains or identity theft. Phishing attacks are so prevalent today that over 95 percent of all cyber-attacks are characterized by their intrusion procedures. Moreover, the attacks seem to increase each year and based on recent surveys are said to have a 60 percent annual growth rate. It is because of this outcome that this research proposes a predictive model to detect phishing attacks by implementing a system that pre-empts the intrusion processes before they happen. Unlike conventional methods that rely on human expertise to mitigate the problem, the proposed model automates the identification of the attacks and subsequently their control. This research aims to achieve this goal by optimizing the selection of subset features using a dynamic model that analyses the structural properties of phishing attacks to get adaptive attributes (features) for detecting phishing threats (as highlighted in chapter 4). Random forest is then used as the final classifier owing to its accuracy results (84.13%). Ultimately, the study then proposes the construction of a base model for bootstrapping other detection models in the cyber-security world.
Thesis Submitted to the Faculty of Information in partial fulfillment of the requirements for the award of Master of Science in Information Technology
Phishers, Phishing attacks, Neural Networks, Uniform Resource Locator