AI-enabled Phishing Links Detection

& Alert System

Innovative Project III
(PROJCS501)

Bachelor of Technology
In

Department of CSE (IoTCSBT)

Submitted by

Nitesh Kumar Thakur

Enrolment no: 22022002017003

Under the Guidance of

Prof. Somyendu Sekhar

Institute of Engineering and Management

Kolkata
November,2023
 Index

Content Pages
1. Abstract 01
2. Introduction 02
3. Problem
• Key Issue 03-04
• Project Goals
4. Application Area 05-06
5. Literature Review 07-08

6. Conclusion 09-10
7. References 11
 Acknowledgement

I wish to express my heartfelt gratitude to the all the

people who have played a crucial role in the research for
this project, without their active cooperation the
preparation of this project could not have been completed
within the specified time limit. I am thankful to my project
guide Prof. Somyendu Sekhar, who supported me
throughout this project with utmost cooperation and
patience and for helping me in doing this Project.
I am also thankful to our respected Head of the
Department Prof. Dr. Moutushi Singh, for motivating me
to complete this project with complete focus and attention.
I am thankful to my department and all my teachers for
the help and guidance provided for this work.
I extend my sincere thanks to my institute, the Institute of
Engineering and Management, Kolkata for the opportunity
provided to me for the betterment of my academics.

--------------------------------------------
Nitesh Kumar Thakur
Department of CSE (IoTCSBT)
Enrolment No: 22022002017003
Date: 30-11-2023
Place: Kolkata
 Abstract

In recent times, a phishing attack has become one of the most prominent
attacks faced by internet users, governments, and service-providing
organizations. In a phishing attack, the attacker(s) collects the client’s
sensitive data (i.e., user account login details, credit/debit card numbers,
etc.) by using spoofed emails or fake websites. Phishing websites are common
entry points of online social engineering attacks, including numerous frauds
on the websites. In such types of attacks, the attacker(s) create website pages
by copying the behavior of legitimate websites and sends URL(s) to the
targeted victims through spam messages, texts, or social networking. To
provide a thorough understanding of phishing attack(s), this paper provides
a literature review of Artificial Intelligence (AI) techniques: Machine Learning,
Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing
attack detection. This paper also presents the comparison of different studies
detecting the phishing attack for each AI technique and examines the
qualities and shortcomings of these methodologies. Furthermore, this paper
provides a comprehensive set of current challenges of phishing attacks and
future research direction in this domain.

Page | 1
 Introduction

Cybersecurity, vital in safeguarding internet resources, faces escalating

challenges due to the growing complexity of cyber threats. Cyberattacks,
malicious digital endeavors to access confidential data, are exemplified by
phishing attacks using deceptive websites to extract sensitive information.
The ineffectiveness of current anti-phishing methods is evident in alarming
statistics, with over 51,000 phishing websites reported in 2018 and global
losses reaching $9 billion in 2016. This underscores the urgency for improved
defenses. This paper focuses on the integral role of Artificial Intelligence (AI)
in countering phishing attacks, utilizing advanced techniques such as
machine learning and deep learning to enhance detection accuracy. As cyber
threats evolve, understanding and mitigating these risks become paramount.
The comprehensive survey delves into communication media, target devices,
attack techniques, and counter-measures employed in phishing attacks. By
categorizing and assessing these aspects, the survey aims to provide a
thorough overview of existing techniques, challenges, and future research
directions in phishing attack detection. The contributions of this study
include a detailed exploration of deep learning, machine learning, hybrid
learning, and scenario-based techniques, along with a comparative analysis
of reported results. Additionally, the paper discusses prevalent phishing
attack methods and outlines current challenges, offering valuable insights for
the advancement of cybersecurity practices..

Page | 2
 Problem Definition

In the ever-evolving landscape of cybersecurity, a significant challenge

persists—the continual threat of phishing attacks. Conventional methods
often fall short in effectively detecting and preventing these sophisticated
attacks, posing risks to individuals and organizations alike. To address this
pressing issue, the project aims to harness the power of Artificial Intelligence
(AI) to enhance phishing attack detection techniques. The primary objective
is to develop an AI-enabled system that not only accurately identifies phishing
threats but also aligns with the contemporary expectations of real-time
responsiveness, adaptability, and heightened security.

Key Issues:

Phishing Threat Detection:

Challenge: Traditional approaches to detecting phishing attacks may struggle

to keep pace with evolving tactics, leading to increased vulnerability.
Objective: Develop AI-driven models capable of dynamic and adaptive
analysis, leveraging diverse data sources to enhance the accuracy of phishing
threat detection.

Real-time Responsiveness:

Challenge: Delayed detection and response to phishing attacks can result in

compromised security and data breaches.
Objective: Implement AI algorithms to enable real-time detection and
response, minimizing the impact of phishing attacks and enhancing overall
cybersecurity.

Regulatory Compliance:

Challenge: Adhering to evolving regulatory standards is crucial for

cybersecurity practices, and noncompliance poses legal and reputational
risks.

Page | 3
Objective: Ensure that AI-enabled detection models and processes align with
existing and emerging regulatory standards, creating a compliant and robust
defense against phishing threats.

Adoption of Advanced AI Techniques:

Challenge: Conventional methods may not fully leverage the capabilities of

advanced AI techniques, limiting the depth of analysis and adaptability.
Objective: Integrate cutting-edge AI technologies to enable continuous
learning, adaptation, and proactive identification of sophisticated phishing
techniques.

Project Goals:

Effective Phishing Threat Identification:

Develop and implement AI-driven models that analyze diverse data sources
to enhance the precision of phishing threat detection, reducing the
susceptibility to phishing attacks.

Real-time Detection and Response:

Utilize AI algorithms to create a system that detects phishing threats in real-

time, enabling swift and adaptive responses to mitigate potential security
risks.

Regulatory Adherence:

Design AI-enabled models and processes to adhere to existing and evolving

regulatory standards, ensuring a secure and compliant framework for
phishing threat detection.

Integration of Advanced AI Techniques:

Leverage the latest advancements in AI technologies to enable continuous

learning and adaptation, staying ahead of evolving phishing tactics and
improving overall cybersecurity resilience.

Page | 4
 Application Area
The project's impact is extensive, catering to a diverse range of sectors eager
to fortify their defenses against phishing attacks and enhance overall
cybersecurity. It holds relevance and applicability in various domains,
including:

Corporate Enterprises:
Corporate entities can employ AI-enabled phishing attack detection
techniques to bolster their cybersecurity posture. By implementing advanced
threat detection models, businesses can safeguard sensitive data, protect
employee accounts, and ensure the integrity of their digital infrastructure.

Financial Institutions:
Similar to loan approval processes, banks and financial institutions can
utilize AI techniques for detecting phishing attacks. This approach enhances
their ability to identify and neutralize phishing threats in real-time,
safeguarding customer information and maintaining the trust of account
holders.

E-commerce Platforms:
Online businesses face a constant threat of phishing attacks targeting
customer accounts and sensitive transaction information. The
implementation of AI-driven detection methods ensures a proactive defense
against phishing threats, providing a secure online shopping experience for
users.

Healthcare Organizations:
Given the sensitive nature of healthcare data, AI-enabled phishing detection
techniques are crucial for safeguarding patient information. Healthcare
institutions can deploy advanced models to identify and thwart phishing
attempts, ensuring data privacy and compliance with regulatory standards.

Government Agencies:
Government entities are frequent targets of phishing attacks seeking to
compromise sensitive information. By incorporating AI-based detection
systems, government agencies can enhance their cybersecurity measures,
protecting critical data and maintaining the integrity of public services.

Page | 5
Educational Institutions:
Phishing attacks often target educational institutions, seeking unauthorized
access to student and faculty accounts. Implementing AI-enabled detection
techniques helps these institutions preemptively identify and neutralize
phishing threats, securing sensitive academic and personal information.

Technology Companies:
Companies in the technology sector can benefit from advanced AI techniques
to fortify their defenses against phishing attacks. By leveraging machine
learning and scenario-based detection methods, these companies can stay
ahead of evolving cyber threats and protect their intellectual property.

The overarching goal is to provide a robust and adaptable solution that spans
across industries, ensuring a comprehensive defense against the ever-
evolving landscape of phishing attacks.

Page | 6
 Literature Review

The literature review provides a comprehensive overview of AI-enabled

phishing attack detection techniques, focusing on machine learning (ML),
deep learning (DL), scenario-based, and hybrid learning (HL) approaches. The
study explores various methodologies employed by researchers to address the
growing threat of phishing attacks, emphasizing the importance of accurate
and efficient detection methods.

The paper begins by highlighting the severity of phishing attacks, tracing

their evolution from early telephone networks to the sophisticated online
threats faced today. It underlines the significance of user awareness and the
potential consequences of falling victim to phishing, including substantial
financial losses.

In the realm of AI-enabled detection, the review categorizes existing work into
four main approaches:

1. Deep Learning (DL) for Phishing Attack Detection:

- Describes various DL models such as deep neural networks, feed-forward
deep neural networks, recurrent neural networks, convolutional neural
networks, restricted Boltzmann machines, deep belief networks, and deep
auto-encoders.
- Highlights the importance of parameter settings in DL approaches and
discusses the research gap in utilizing DL algorithms for cyber-attack
recognition.

2. Machine Learning (ML) for Phishing Attack Detection:

- Discusses popular ML approaches for detecting phishing websites,
framing the problem as a classification task.
- Emphasizes the effectiveness of classifiers like C4.5, k-NN, and SVM, and
the role of feature reduction techniques.
- Notes the limitations of some studies, such as the lack of ensemble
learning techniques and insufficient feature reduction.

3. Scenario-Based Phishing Attack Detection:

Page | 7
 - Explores studies that employ scenarios to understand and detect phishing
attacks.
- Compares different methods used in scenario-based detection, including
the analysis of social engineering attack scenarios and game-based
investigation techniques.

4. Hybrid Learning (HL) Based Phishing Attack Detection:

- Presents hybrid approaches that combine various techniques for improved
accuracy.
- Discusses methods like the Search and Heuristic Rule and Logistic
Regression (SHLR) hybrid model, ensemble techniques, and the EKRV model
combining KNN and random committee techniques.

Page | 8
 Conclusion

In this project, we delved into the realm of AI-enabled phishing attack

detection techniques, exploring a landscape where artificial intelligence
serves as a crucial ally in the ongoing battle for cybersecurity. The relentless
evolution of phishing attacks necessitates advanced, intelligent systems to
safeguard individuals and organizations.

Our exploration uncovered a diverse array of AI methodologies employed for

phishing attack detection, ranging from traditional machine learning to
cutting-edge deep learning techniques. These methods, including Random
Forests, Support Vector Machines, and sophisticated neural networks,
exhibit substantial promise in enhancing the accuracy of detection
mechanisms.

The literature review highlighted the significance of machine learning, deep

learning, and hybrid models in achieving robust results. Machine learning
techniques, with their ability to discern patterns, demonstrated
commendable accuracy rates, while deep learning approaches, particularly
those involving neural networks, showcased the potential for improved
performance.

As we reflect on the comprehensive survey conducted over the course of this

project, it is evident that the integration of AI has significantly elevated the
capabilities of phishing attack detection systems. However, challenges
persist, including the need for scalability, adaptability to emerging attack
vectors, and the mitigation of false positives.

Looking ahead, future endeavors in this domain could explore novel AI

architectures, leverage ensemble methods for enhanced accuracy, and
consider the incorporation of real-time, dynamic learning approaches.
Furthermore, the development of user-friendly, intelligent solutions, such as
smart plugins, could empower end-users in recognizing and thwarting
phishing attempts effectively.

9
In conclusion, AI stands at the forefront of the ongoing battle against phishing
attacks. The strides made in this project underscore the pivotal role of
artificial intelligence in fortifying our defenses against ever-evolving cyber
threats. As we move forward, the collaborative efforts of researchers,
practitioners, and the cybersecurity community at large will be essential in
building even more resilient and adaptive AI-driven solutions for the detection
and prevention of phishing attacks.

10
 REFERENCES:
1. A Comprehensive Survey of AI-enabled Phishing Attacks Detection Techniques
Authors: Ahmed, I. A., Abdullah, A. B., Ibrahim, A. N., & Ab Rahman, M. F. (2020).
a. Journal: SpringerLink
2. Visual-AI: Anti Phishing With Detection Powered By Visual-AI
a. Presenter: Alessandro Prest
b. Company: Visua
3. AI-enabled Phishing Link Detection and Alert System
a. Author: Stefin Franklin
b. Repository: GitHub - T-Phish
4. Phishing Detection: A Machine Learning Approach
a. Authors: Jain, A. K., Gupta, B., & Sikka, G. (2009).
b. Journal: arXiv
5. A Hybrid Approach for Phishing Detection Using Machine Learning and Natural Language
Processing
a. Authors: Alzahrani, Z., Alharbi, K., Aljundi, I., & Menasri, W. (2020, November).
b. Conference: 2020 IEEE International Conference on Artificial Intelligence in Cyber Security
(AICyberS).
c. Publisher: IEEE

11