Phishing URL prediction – two-phase model using logistic regression and finite state automata

Abstract

The human factor in security is more important when they become the carriers of attacks on enterprises. Phishing attacks can be classified as insider attacks when the employees unintentionally participate in the attack propagation. Since complete user training is a myth, enterprises must implement detection tools for phishing attacks on their network perimeters. This research discusses a two-phase model for phishing URL detection, in which the first phase identifies the properties of URLs that detect phishing and their relative weight using logistic regression. The second phase checks the probability of a new URL being categorized as phishing using the knowledge achieved during the first phase using the dynamically created Finite state machines. The model defines a malicious score (MS), which can be used to check any URL in real-time to identify whether it is phishing or not. The model described in this work has been experimented with different benchmarking datasets to verify the performance. The model provided a decent result in classifying a URL as phishing or naive. The malicious score (MS) defined by this model can be used to evaluate any URL and can be used as a filtering mechanism for end-point phishing URL detection. The key contribution is towards developing a two-phase model which evaluates the URL with the help of self-crafted features without reliance on a feature set. This accommodates the model's hyper-competitive phishing URL detection area in cyber security.