A Framework for Finding Phishing Attacks

Denizens of the Internet are coming under a barrage of phishing attacks of increasing frequency and sophistication. Emails accompanied by authentic-looking websites are ensnaring users who, unwittingly, hand over their credentials compromising both their privacy and security. Methods such as the blacklisting of these phishing websites become untenable and cannot keep pace with the explosion of fake sites. Detection of nefarious websites must become automated and be able to adapt to this ever-evolving form of social engineering.

We develop an open-source framework, called “Fresh-Phish”, for creating current machine learning data for phishing websites. Using 30 different website features that we query using python, we build a large labeled dataset and analyze several machine learning classifiers against this dataset to determine which is the most accurate. We analyze not just the accuracy of the technique, but also how long it takes to train the model. You can find the source code on our GitHub.

Recipient of the IEEE LCN best paper award 2020 for the paper

Improved Phishing Detection Algorithms Using Adversarial Autoencoder Synthesized Data.


Publications

  • Eric Burton Samuel Martin, Hossein Shirazi, Indrakshi Ray: Poster: Towards a Dataset for the Discrimination between Warranted and Unwarranted Emails. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023: 3603-3605 Paper | Link
  • Asif Uz Zaman Asif, Hossein Shirazi, Indrakshi Ray: Machine Learning-Based Phishing Detection Using URL Features: A Comprehensive Review. Stabilization, Safety, and Security of Distributed Systems – 25th International Symposium, SSS 2023, Jersey City, NJ, USA, October 2-4, 2023, Proceedings. Lecture Notes in Computer Science: 481-497 Paper | Link
  • Hossein Shirazi, Shashika R. Muramudalige, Indrakshi Ray, Anura P. Jayasumana, and Haonan Wang, “Adversarial Autoencoder Data Synthesis for Enhancing Machine Learning-based Phishing Detection Algorithms”, IEEE Transactions on Services Computing, 16(4), July-August, 2023 Paper | Link
  • Hossein Shirazi, Katherine Haynes, and Indrakshi Ray, “Towards performance of NLP Transformers on URL-Based Phishing Detection for Mobile Devices”, International Journal of Ubiquitous Systems and Pervasive Networks, 17(2), August 2022. Paper | Link
  • Shirazi, Hossein, Bruhadeshwar Bezawada, Indrakshi Ray, and Chuck Anderson. “Directed Adversarial Sampling Attacks on Phishing Detection.” Journal of Computer Security Preprint (2021): Paper | Link
  • Deval, Shalin Kumar, Meenakshi Tripathi, Bruhadeshwar Bezawada, and Indrakshi Ray. ““X-Phish: Days of Future Past”‡: Adaptive & Privacy Preserving Phishing Detection.” In 2021 IEEE Conference on Communications and Network Security (CNS), pp. 227-235. IEEE, 2021. Paper | Link
  • Haynes, Katherine, Hossein Shirazi, and Indrakshi Ray. “Lightweight URL-Based Phishing Detection Using Natural Language Processing Transformers for Mobile Devices.” Procedia Computer Science 191 (2021): 127-134. Paper | Link
  • Shirazi, Hossein, Shashika R. Muramudalige, Indrakshi Ray, and Anura P. Jayasumana. “Improved Phishing Detection Algorithms Using Adversarial Autoencoder Synthesized Data.” In 2020 IEEE 45th Conference on Local Computer Networks (LCN), pp. 24-32. IEEE, 2020. Paper | Link
  • Shirazi, Hossein, Landon Zweigle, and Indrakshi Ray. “A Machine-Learning Based Unbiased Phishing Detection Approach.” In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications (ICETE 2020)-SECRYPT. 2020. Paper | Link
  • Shirazi, Hossein, Bruhadeshwar Bezawada, Indrakshi Ray, and Charles Anderson. “Adversarial Sampling Attacks Against Phishing Detection.” In IFIP Annual Conference on Data and Applications Security and Privacy, pp. 83-101. Springer, Cham, 2019. Paper | Link
  • Shirazi, Hossein, Bruhadeshwar Bezawada, and Indrakshi Ray. “” Kn0w Thy Doma1n Name” Unbiased Phishing Detection Using Domain Name Based Features.” In 23rd ACM on Symposium on Access Control Models and Technologies, pp. 69-75. 2018. Paper | Link
  • Shirazi, Hossein, Kyle Haefner, and Indrakshi Ray. “Improving Auto-Detection of Phishing Websites using Fresh-Phish Framework.” International Journal of Multimedia Data Engineering and Management (IJMDEM) 9, no. 1 (2018): 51-64. Paper | Link
  • Shirazi, Hossein, Kyle Haefner, and Indrakshi Ray. “Fresh-Phish: A Framework for Auto-Detection of Phishing Websites.” In 2017 IEEE international conference on information reuse and integration (IRI), pp. 137-143. IEEE, 2017. Paper | Link
  • H. Shirazi, B. Bezawada, I. Ray. “Kn0w Thy Doma1n Name”: Unbiased Phishing Detection Using Domain Name Based Features.”research symposium of CS department of Colorado State University, 2017- Best poster award. Paper | Link

Our Team

Indrakshi Ray
Principal Investigator

Colorado State University

Homepage
Hossein Shirazi
Post-Doc Researcher

Colorado State University

Homepage

Alumni

Kyle Haefner

Colorado State University

LinkedIn

Our Sponsors

They help make it happen.