Comprehensive phishing detection: A multi-channel approach with variants TCN fusion leveraging URL and HTML features

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-03-17 DOI:10.1016/j.jnca.2025.104170

Ali Aljofey , Saifullahi Aminu Bello , Jian Lu , Chen Xu

{"title":"Comprehensive phishing detection: A multi-channel approach with variants TCN fusion leveraging URL and HTML features","authors":"Ali Aljofey , Saifullahi Aminu Bello , Jian Lu , Chen Xu","doi":"10.1016/j.jnca.2025.104170","DOIUrl":null,"url":null,"abstract":"<div><div>Phishing represents a major threat to the financial and privacy security of Internet users, and often serves as a precursor to cyberattacks. While many deep learning-based methods focus on analyzing URLs to detect phishing due to their simplicity and efficiency, they face challenges. Hidden phishing websites may employ tactics like concealing URL addresses, deceiving deep learning models, and attackers frequently change URLs, which presents obstacles to effective detection. In this study, we introduce a robust multi-channel temporal convolutional network (TCN) approach designed for precise phishing website detection, emphasizing the extraction of features from both URL and HTML components. Our hybrid methodology combines URL character embedding and various handcrafted features, using a two-channel input structure. These inputs undergo embedding and SpatialDropout1D before integration into diverse TCN layers, capturing features effectively. Outputs from TCN layers in both channels are concatenated, globally max-pooled, and late fused for binary webpage classification. Our approach demonstrates notable contributions, including novel features, meticulous architecture, and heightened accuracy. Experimentally, our approach achieves 99.81% accuracy on our dataset and 98.16% and 98.96% on two benchmark datasets, respectively. It outperforms state-of-the-art methods on real phishing webpages, demonstrating superior performance with reduced reliance on labeled data.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"238 ","pages":"Article 104170"},"PeriodicalIF":7.7000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525000670","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Phishing represents a major threat to the financial and privacy security of Internet users, and often serves as a precursor to cyberattacks. While many deep learning-based methods focus on analyzing URLs to detect phishing due to their simplicity and efficiency, they face challenges. Hidden phishing websites may employ tactics like concealing URL addresses, deceiving deep learning models, and attackers frequently change URLs, which presents obstacles to effective detection. In this study, we introduce a robust multi-channel temporal convolutional network (TCN) approach designed for precise phishing website detection, emphasizing the extraction of features from both URL and HTML components. Our hybrid methodology combines URL character embedding and various handcrafted features, using a two-channel input structure. These inputs undergo embedding and SpatialDropout1D before integration into diverse TCN layers, capturing features effectively. Outputs from TCN layers in both channels are concatenated, globally max-pooled, and late fused for binary webpage classification. Our approach demonstrates notable contributions, including novel features, meticulous architecture, and heightened accuracy. Experimentally, our approach achieves 99.81% accuracy on our dataset and 98.16% and 98.96% on two benchmark datasets, respectively. It outperforms state-of-the-art methods on real phishing webpages, demonstrating superior performance with reduced reliance on labeled data.

查看原文本刊更多论文

全面的网络钓鱼检测：利用URL和HTML功能的变体TCN融合的多通道方法

网络钓鱼对互联网用户的财务和隐私安全构成了重大威胁，往往是网络攻击的前兆。虽然许多基于深度学习的方法由于简单和高效而专注于分析url以检测网络钓鱼，但它们面临着挑战。隐藏的网络钓鱼网站可能会采用隐藏URL地址、欺骗深度学习模型等策略，攻击者经常更改URL，这给有效检测带来了障碍。在这项研究中，我们引入了一种鲁棒的多通道时间卷积网络（TCN）方法，旨在精确检测网络钓鱼网站，强调从URL和HTML组件中提取特征。我们的混合方法结合了URL字符嵌入和各种手工制作的功能，使用双通道输入结构。这些输入经过嵌入和SpatialDropout1D，然后集成到不同的TCN层中，有效地捕获特征。两个通道中TCN层的输出被连接起来，全局最大池化，并后期融合用于二进制网页分类。我们的方法展示了显著的贡献，包括新颖的功能、细致的架构和更高的准确性。在实验中，我们的方法在我们的数据集上达到了99.81%的准确率，在两个基准数据集上分别达到了98.16%和98.96%。它在真实的网络钓鱼网页上优于最先进的方法，在减少对标记数据的依赖的情况下表现出卓越的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.