Effective Phishing Emails Detection Method
Main Article Content
Abstract
The term “phishing” is a type of cyber-attack where the attacker sends fraudulent emails, then asks the user to follow an embedded link, where the user is asked to enter private information. As a social engineering attack, a phishing attack causes huge financial losses to the recipients. Therefore, there is an urgent need for high-accuracy phishing detection.In this paper, we propose a phishing email detection model based on two classification algorithms that are discussed and compared to detect and classify phishing attacks, such as; Multi-Layer Perceptron (MLP) and Random Forest (RF) Classification algorithms with publicly available datasets for both phishing and benign emails, with the main objective is to develop the phishing email classification with the greatest accuracy and least features. From a dataset of 4600 phishing and benign emails messages, we extract three feature tess from the header, and hyperlinks, The features are extracted using a well-known scheme called Term
Frequency-Inverse Document Frequency (TF-IDF) principle to weight the features in each email message. Furthermore, we selected 25 of the most important features using Information Gain (IG) based feature selection. Ten-fold cross-validation was applied for training, testing, and validation. The best experimental result was achieved by using 25 out of 32 features and applying them to the classification algorithms. The model achieved an accuracy of 99.46% for the Random Forest (RF) algorithm, the highest recorded so far for a validated data set.
Downloads
Metrics
Article Details
Licensing
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.