sis 18: e69

Research Article

Learning to Detect Phishing Web Pages Using Lexical and String Complexity Analysis

Download162 downloads
  • @ARTICLE{10.4108/eai.20-4-2022.173950,
        author={Dharmaraj Patil and Tareek Pattewar and Shailendra Pardeshi and Vipul Punjabi and Rajnikant Wagh},
        title={Learning to Detect Phishing Web Pages Using Lexical and String Complexity Analysis},
        journal={EAI Endorsed Transactions on Scalable Information Systems: Online First},
        volume={},
        number={},
        publisher={EAI},
        journal_a={SIS},
        year={2022},
        month={4},
        keywords={Phishing detection, Lexical analysis, Entropy, Kolmogorov complexity, Huffman coding complexity, online machine learning, cyber security},
        doi={10.4108/eai.20-4-2022.173950}
    }
    
  • Dharmaraj Patil
    Tareek Pattewar
    Shailendra Pardeshi
    Vipul Punjabi
    Rajnikant Wagh
    Year: 2022
    Learning to Detect Phishing Web Pages Using Lexical and String Complexity Analysis
    SIS
    EAI
    DOI: 10.4108/eai.20-4-2022.173950
Dharmaraj Patil1, Tareek Pattewar2,*, Shailendra Pardeshi1, Vipul Punjabi1, Rajnikant Wagh1
  • 1: Department of Computer Engineering, SES’s RC Patel Institute of Technology, Shirpur, India
  • 2: Department of Computer Engineering, Vishwakarma University Pune, India
*Contact email: tareek.pattewar@vupune.ac.in

Abstract

Phishing is the most common and effective sort of attack employed by cybercriminals to deceive and steal sensitive information from innocent Web users. Researchers have developed major solutions to deal with this problem in recent years, but there are still a number of open challenges due to the ever-changing nature of phishing attacks. To discriminate between benign and phishing URLs, this paper proposes a static method based on lexical and string complexity analysis and distinguishing URL features. Proposed approach has been evaluated on the basis of two state of the art online learning classifiers. The confidence weighted learning classifier achieved a significant phishing URL detection accuracy of 98.35 %, error-rate of 1.65%, FPR of 0.026 and FNR of 0.005. Also, adaptive regularization of weight classifier achieved accuracy of 97.28%, error-rate of 2.72%, FPR of 0.000 and FNR of 0.052. Similar approach shows the improvement in the detection of the phishing web pages.