Look Before You Leap: Detecting Phishing Web Pages by Exploiting Raw URL And HTML Characteristics

TL;DR

This paper introduces WebPhish, a deep learning model that detects phishing websites by analyzing raw URL and HTML content, achieving high accuracy without manual feature engineering.

Contribution

It presents an end-to-end neural network that automatically learns features from raw URL and HTML data, overcoming limitations of traditional handcrafted feature-based methods.

Findings

Achieved 98.1% accuracy in phishing detection

Outperformed baseline approaches in experiments

Effectively models semantic dependencies in URL and HTML content

Abstract

Phishing websites distribute unsolicited content and are frequently used to commit email and internet fraud; detecting them before any user information is submitted is critical. Several efforts have been made to detect these phishing websites in recent years. Most existing approaches use hand-crafted lexical and statistical features from a website's textual content to train classification models to detect phishing web pages. However, these phishing detection approaches have a few challenges, including 1) the tediousness of extracting hand-crafted features, which require specialized domain knowledge to determine which features are useful for a particular platform; and 2) the difficulties encountered by models built on hand-crafted features to capture the semantic patterns in words and characters in URL and HTML content. To address these challenges, this paper proposes WebPhish, an end-to-end deep neural network trained using embedded raw URLs and HTML content to detect website phishing attacks. First, the proposed model automatically employs an embedding technique to extract the corresponding characters into homologous dense vectors. Then, the concatenation layer merges the URL and HTML embedding matrices. Following that, Convolutional layers are used to model its semantic dependencies. Extensive experiments were conducted with real-world phishing data, which yielded an accuracy of 98.1\%, showing that WebPhish outperforms baseline detection approaches in identifying phishing pages.