An Attention Based Deep Neural Network Architecture for Identification of Phishing URLS Through Character Level N-Gram Embeddings

Abstract

Despite the various technological advancements that have been made in the fight against phishing attacks, the problem still remains one of the most common threats in the cybersecurity domain. Due to the increasing number of communication channels and the rise of social media, the need for effective and rapid phishing detection has become more prevalent. In this thesis, we focused on developing an end-to-end deep learning model named Grambeddings that can recognize malicious websites from URL information while introducing the following novelties into the literature; (1) constructing and employing n-gram embeddings seamlessly without requiring any preliminary learning stage, (2) eliminating the necessity of language-knowledge by representing terms from n-grams instead of words or sub-words, (3) providing fast, intelligent and efficient n-gram/feature selection procedure. Besides, we also published an exclusive large-scale novel dataset that contains 800.000 real-world half of which were legitimate and half were phish.

Grambeddings presents an adjustable and automated n-gram extraction and selection mechanism along with a new deep architecture that enables to merging of four different n-gram level features from its corresponding channel while each channel obtains required deep features through cascading CNN, LSTM, and attention layers. In this way, the model becomes able to capture the multiple discriminative character sequence patterns without requiring any hand-crafted operation. As a result, the proposed approach contributes the following features to the phishing detection domain: (1) real-time inference and protection while providing excellent performance, (2) language-agnostic corpus and embedding construction, and (3) eliminating the necessity of hand-crafted features, or the need of using any third-party service. In addition, we conducted a series of comparative experiments in both dataset-wise and method-wise manner. We verified the superiority of our model in all tests since it outperforms the other models in the literature by achieving 98.27\% accuracy. Lastly, we also analyzed the Grambeddings' robustness against adversarial attacks and examined in-depth the characteristics of the model both in the pre-trained and re-trained conditions in terms of seeing any adversarial sample before during the training phase. Our codebase is shared with the community to be used for benchmarking purposes in the future.