Detecting Cloud-Based Phishing Attacks by Combining Deep Learning Models

TL;DR

This paper evaluates deep learning models including LSTM, YOLOv2, and triplet networks for detecting cloud-based phishing attacks, demonstrating that combining these models enhances detection effectiveness.

Contribution

It introduces a multi-model deep learning approach specifically targeting cloud-based phishing attacks, which are challenging for traditional detection methods.

Findings

Deep learning models can effectively identify cloud-based phishing attacks.

Combining models improves detection accuracy.

Models perform variably depending on attack characteristics.

Abstract

Web-based phishing attacks nowadays exploit popular cloud web hosting services and apps such as Google Sites and Typeform for hosting their attacks. Since these attacks originate from reputable domains and IP addresses of the cloud services, traditional phishing detection methods such as IP reputation monitoring and blacklisting are not very effective. Here we investigate the effectiveness of deep learning models in detecting this class of cloud-based phishing attacks. Specifically, we evaluate deep learning models for three phishing detection methods--LSTM model for URL analysis, YOLOv2 model for logo analysis, and triplet network model for visual similarity analysis. We train the models using well-known datasets and test their performance on cloud-based phishing attacks in the wild. Our results qualitatively explain why the models succeed or fail. Furthermore, our results highlight how combining results from the individual models can improve the effectiveness of detecting cloud-based phishing attacks.