UDC 681.322
MACHINE LEARNING APPROACH IN THE PHISHING ATTACK DETECTION PROBLEM
A. S. Naidenov, This email address is being protected from spambots. You need JavaScript enabled to view it.
The article describes phishing attack detection problem in Internet. The aim is to study the relationship between the external resource properties and the presence of phishing addresses. The study builds the classification model to predict the "original / phishing" resource based on the external resource information using machine learning techniques. Original addresses and spoofed Internet resources from public sources («Open Directory Project» and «PhishTank») were collected. The work carries out lexical analysis of resource address: template selection, key word checks, resource address structure allocation, analysis of the connection to the resource: transmission protocol, connection port. Data are enriched with the information about domain using Whois service. The feature selection is based on model. The article report quality evaluation of classification model, error analysis, the possibility of its practical application is made.
Key words: computer systems and networks, computer attacks detection, phishing attacks, machine learning, classification algorithms, n-gram method, ROC analysis.