AI-enabled Phishing Links Detection

& Alert System

Innovative Project III
(PROJCS501)

Bachelor of Technology
In

Department of CSE (IoTCSBT)

Submitted by

Nitesh Kumar Thakur

Enrolment no: 22022002017003

Under the Guidance of

Prof. Somyendu Sekhar

Institute of Engineering and Management

Kolkata
November,2023
 Index

Content Pages
1. Abstract 01
2. Introduction 02
3. Problem
• Key Issue 03-04
• Project Goals
4. Application Area 05-06
5. Literature Review 07-08

6. Conclusion 09-10
7. References 11

Acknowledgement
I wish to express my heartfelt gratitude to the all the
people who have played a crucial role in the research for
this project, without their active cooperation the
preparation of this project could not have been completed
within the specified time limit. I am thankful to my
project guide Prof. Somyendu Sekhar, who supported
me throughout this project with utmost cooperation and
patience and for helping me in doing this Project.
I am also thankful to our respected Head of the
Department Prof. Dr. Moutushi Singh, for motivating
me to complete this project with complete focus and
attention. I am thankful to my department and all my
teachers for the help and guidance provided for this
work.
I extend my sincere thanks to my institute, the Institute
of Engineering and Management, Kolkata for the
opportunity provided to me for the betterment of my
academics.

--------------------------------------------
Nitesh Kumar Thakur
Department of CSE (IoTCSBT)
Enrolment No: 22022002017003
Date: 30-11-2023
Place: Kolkata
 Abstract

In recent times, a phishing attack has become one of the most prominent
attacks faced by internet users, governments, and service-providing
organizations. In a phishing attack, the attacker(s) collects the client’s
sensitive data (i.e., user account login details, credit/debit card numbers,
etc.) by using spoofed emails or fake websites. Phishing websites are
common entry points of online social engineering attacks, including
numerous frauds on the websites. In such types of attacks, the attacker(s)
create website pages by copying the behavior of legitimate websites and
sends URL(s) to the targeted victims through spam messages, texts, or
social networking. To provide a thorough understanding of phishing
attack(s), this paper provides a literature review of Artificial Intelligence (AI)
techniques: Machine Learning, Deep Learning, Hybrid Learning, and
Scenario-based techniques for phishing attack detection. This paper also
presents the comparison of different studies detecting the phishing attack
for each AI technique and examines the qualities and shortcomings of these
methodologies. Furthermore, this paper provides a comprehensive set of
current challenges of phishing attacks and future research direction in this
domain.

Page | 1
 Introduction
Cybersecurity, vital in safeguarding internet resources, faces escalating
challenges due to the growing complexity of cyber threats. Cyberattacks,
malicious digital endeavors to access confidential data, are exemplified by
phishing attacks using deceptive websites to extract sensitive information.
The ineffectiveness of current anti-phishing methods is evident in alarming
statistics, with over 51,000 phishing websites reported in 2018 and global
losses reaching $9 billion in 2016. This underscores the urgency for
improved defenses. This paper focuses on the integral role of Artificial
Intelligence (AI) in countering phishing attacks, utilizing advanced
techniques such as machine learning and deep learning to enhance
detection accuracy. As cyber threats evolve, understanding and mitigating
these risks become paramount. The comprehensive survey delves into
communication media, target devices, attack techniques, and counter-
measures employed in phishing attacks. By categorizing and assessing
these aspects, the survey aims to provide a thorough overview of existing
techniques, challenges, and future research directions in phishing attack
detection. The contributions of this study include a detailed exploration of
deep learning, machine learning, hybrid learning, and scenario-based
techniques, along with a comparative analysis of reported results.
Additionally, the paper discusses prevalent phishing attack methods and
outlines current challenges, offering valuable insights for the advancement
of cybersecurity practices..

Page | 2
 Problem Definition

In the ever-evolving landscape of cybersecurity, a significant challenge

persists—the continual threat of phishing attacks. Conventional methods
often fall short in effectively detecting and preventing these sophisticated
attacks, posing risks to individuals and organizations alike. To address this
pressing issue, the project aims to harness the power of Artificial
Intelligence (AI) to enhance phishing attack detection techniques. The
primary objective is to develop an AI-enabled system that not only
accurately identifies phishing threats but also aligns with the contemporary
expectations of real-time responsiveness, adaptability, and heightened
security.

Key Issues:

Phishing Threat Detection:

Challenge: Traditional approaches to detecting phishing attacks may

struggle to keep pace with evolving tactics, leading to increased
vulnerability.
Objective: Develop AI-driven models capable of dynamic and adaptive
analysis, leveraging diverse data sources to enhance the accuracy of
phishing threat detection.

Real-time Responsiveness:

Challenge: Delayed detection and response to phishing attacks can result in

compromised security and data breaches.
Objective: Implement AI algorithms to enable real-time detection and
response, minimizing the impact of phishing attacks and enhancing overall
cybersecurity.

Regulatory Compliance:

Page | 3
Challenge: Adhering to evolving regulatory standards is crucial for
cybersecurity practices, and noncompliance poses legal and reputational
risks.
Objective: Ensure that AI-enabled detection models and processes align
with existing and emerging regulatory standards, creating a compliant and
robust defense against phishing threats.

Adoption of Advanced AI Techniques:

Challenge: Conventional methods may not fully leverage the capabilities of

advanced AI techniques, limiting the depth of analysis and adaptability.
Objective: Integrate cutting-edge AI technologies to enable continuous
learning, adaptation, and proactive identification of sophisticated phishing
techniques.

Project Goals:

Effective Phishing Threat Identification:

Develop and implement AI-driven models that analyze diverse data sources
to enhance the precision of phishing threat detection, reducing the
susceptibility to phishing attacks.

Real-time Detection and Response:

Utilize AI algorithms to create a system that detects phishing threats in

real-time, enabling swift and adaptive responses to mitigate potential
security risks.

Regulatory Adherence:

Design AI-enabled models and processes to adhere to existing and evolving

regulatory standards, ensuring a secure and compliant framework for
phishing threat detection.

Integration of Advanced AI Techniques:

Page | 4
Leverage the latest advancements in AI technologies to enable continuous
learning and adaptation, staying ahead of evolving phishing tactics and
improving overall cybersecurity resilience.

Application Area
The project's impact is extensive, catering to a diverse range of sectors eager
to fortify their defenses against phishing attacks and enhance overall
cybersecurity. It holds relevance and applicability in various domains,
including:

Corporate Enterprises:
Corporate entities can employ AI-enabled phishing attack detection
techniques to bolster their cybersecurity posture. By implementing
advanced threat detection models, businesses can safeguard sensitive data,
protect employee accounts, and ensure the integrity of their digital
infrastructure.

Financial Institutions:
Similar to loan approval processes, banks and financial institutions can
utilize AI techniques for detecting phishing attacks. This approach
enhances their ability to identify and neutralize phishing threats in real-
time, safeguarding customer information and maintaining the trust of
account holders.

E-commerce Platforms:
Online businesses face a constant threat of phishing attacks targeting
customer accounts and sensitive transaction information. The
implementation of AI-driven detection methods ensures a proactive defense
against phishing threats, providing a secure online shopping experience for
users.

Healthcare Organizations:
Given the sensitive nature of healthcare data, AI-enabled phishing detection
techniques are crucial for safeguarding patient information. Healthcare
institutions can deploy advanced models to identify and thwart phishing
attempts, ensuring data privacy and compliance with regulatory standards.

Government Agencies:

Page | 5
Government entities are frequent targets of phishing attacks seeking to
compromise sensitive information. By incorporating AI-based detection
systems, government agencies can enhance their cybersecurity measures,
protecting critical data and maintaining the integrity of public services.

Educational Institutions:
Phishing attacks often target educational institutions, seeking unauthorized
access to student and faculty accounts. Implementing AI-enabled detection
techniques helps these institutions preemptively identify and neutralize
phishing threats, securing sensitive academic and personal information.

Technology Companies:
Companies in the technology sector can benefit from advanced AI
techniques to fortify their defenses against phishing attacks. By leveraging
machine learning and scenario-based detection methods, these companies
can stay ahead of evolving cyber threats and protect their intellectual
property.

The overarching goal is to provide a robust and adaptable solution that

spans across industries, ensuring a comprehensive defense against the
ever-evolving landscape of phishing attacks.

Page | 6
 Literature Review
The literature review provides a comprehensive overview of AI-enabled
phishing attack detection techniques, focusing on machine learning (ML),
deep learning (DL), scenario-based, and hybrid learning (HL) approaches.
The study explores various methodologies employed by researchers to
address the growing threat of phishing attacks, emphasizing the importance
of accurate and efficient detection methods.

The paper begins by highlighting the severity of phishing attacks, tracing

their evolution from early telephone networks to the sophisticated online
threats faced today. It underlines the significance of user awareness and the
potential consequences of falling victim to phishing, including substantial
financial losses.

In the realm of AI-enabled detection, the review categorizes existing work

into four main approaches:

1. Deep Learning (DL) for Phishing Attack Detection:

- Describes various DL models such as deep neural networks, feed-
forward deep neural networks, recurrent neural networks, convolutional
neural networks, restricted Boltzmann machines, deep belief networks, and
deep auto-encoders.
- Highlights the importance of parameter settings in DL approaches and
discusses the research gap in utilizing DL algorithms for cyber-attack
recognition.

2. Machine Learning (ML) for Phishing Attack Detection:

- Discusses popular ML approaches for detecting phishing websites,
framing the problem as a classification task.
- Emphasizes the effectiveness of classifiers like C4.5, k-NN, and SVM,
and the role of feature reduction techniques.

Page | 7
 - Notes the limitations of some studies, such as the lack of ensemble
learning techniques and insufficient feature reduction.

3. Scenario-Based Phishing Attack Detection:

- Explores studies that employ scenarios to understand and detect
phishing attacks.
- Compares different methods used in scenario-based detection, including
the analysis of social engineering attack scenarios and game-based
investigation techniques.

4. Hybrid Learning (HL) Based Phishing Attack Detection:

- Presents hybrid approaches that combine various techniques for
improved accuracy.
- Discusses methods like the Search and Heuristic Rule and Logistic
Regression (SHLR) hybrid model, ensemble techniques, and the EKRV
model combining KNN and random committee techniques.

Page | 8
 Conclusion

In this project, we delved into the realm of AI-enabled phishing attack

detection techniques, exploring a landscape where artificial intelligence
serves as a crucial ally in the ongoing battle for cybersecurity. The
relentless evolution of phishing attacks necessitates advanced, intelligent
systems to safeguard individuals and organizations.

Our exploration uncovered a diverse array of AI methodologies employed for

phishing attack detection, ranging from traditional machine learning to
cutting-edge deep learning techniques. These methods, including Random
Forests, Support Vector Machines, and sophisticated neural networks,
exhibit substantial promise in enhancing the accuracy of detection
mechanisms.

The literature review highlighted the significance of machine learning, deep

learning, and hybrid models in achieving robust results. Machine learning
techniques, with their ability to discern patterns, demonstrated
commendable accuracy rates, while deep learning approaches, particularly
those involving neural networks, showcased the potential for improved
performance.

As we reflect on the comprehensive survey conducted over the course of this

project, it is evident that the integration of AI has significantly elevated the
capabilities of phishing attack detection systems. However, challenges
persist, including the need for scalability, adaptability to emerging attack
vectors, and the mitigation of false positives.

Looking ahead, future endeavors in this domain could explore novel AI

architectures, leverage ensemble methods for enhanced accuracy, and
consider the incorporation of real-time, dynamic learning approaches.
Furthermore, the development of user-friendly, intelligent solutions, such
as smart plugins, could empower end-users in recognizing and thwarting
phishing attempts effectively.

In conclusion, AI stands at the forefront of the ongoing battle against

phishing attacks. The strides made in this project underscore the pivotal
9
role of artificial intelligence in fortifying our defenses against ever-evolving
cyber threats. As we move forward, the collaborative efforts of researchers,
practitioners, and the cybersecurity community at large will be essential in
building even more resilient and adaptive AI-driven solutions for the
detection and prevention of phishing attacks.

REFERENCES:
10
1. A Comprehensive Survey of AI-enabled Phishing Attacks Detection Techniques
Authors: Ahmed, I. A., Abdullah, A. B., Ibrahim, A. N., & Ab Rahman, M. F. (2020).
a. Journal: SpringerLink
2. Visual-AI: Anti Phishing With Detection Powered By Visual-AI
a. Presenter: Alessandro Prest
b. Company: Visua
3. AI-enabled Phishing Link Detection and Alert System
a. Author: Stefin Franklin
b. Repository: GitHub - T-Phish
4. Phishing Detection: A Machine Learning Approach
a. Authors: Jain, A. K., Gupta, B., & Sikka, G. (2009).
b. Journal: arXiv
5. A Hybrid Approach for Phishing Detection Using Machine Learning and Natural Language
Processing
a. Authors: Alzahrani, Z., Alharbi, K., Aljundi, I., & Menasri, W. (2020, November).
b. Conference: 2020 IEEE International Conference on Artificial Intelligence in Cyber Security
(AICyberS).
c. Publisher: IEEE

11