Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Phishing Website Detection through Multi-Model Analysis of HTML Content

Furkan Çolhak, Mert İlhan Ecevit, Bilal Emir Uçar, Reiner Creutzburg, Hasan Dağ

TL;DR

Phishing remains a major cyber threat, and this work targets detection using HTML content alone. The authors propose MultiText-LP, a fusion model that combines two pretrained NLP transformers (CANINE for titles and RoBERTa for content) with a specialized MLP to jointly process textual and numeric HTML features, feeding fused embeddings into a linear classifier. An up-to-date HTML phishing dataset, publicly shared, supports evaluation and benchmarking against prior HTML-based methods, with MTLP achieving $F1 = 0.9680$ and $Accuracy = 0.9718$ on their dataset and strong improvements on the Aljofey HTML benchmark. The results demonstrate the efficacy of HTML-centric multi-model fusion for phishing detection and offer a practical resource for researchers, with future work extending the fusion to include URL and WHOIS data.

Abstract

The way we communicate and work has changed significantly with the rise of the Internet. While it has opened up new opportunities, it has also brought about an increase in cyber threats. One common and serious threat is phishing, where cybercriminals employ deceptive methods to steal sensitive information.This study addresses the pressing issue of phishing by introducing an advanced detection model that meticulously focuses on HTML content. Our proposed approach integrates a specialized Multi-Layer Perceptron (MLP) model for structured tabular data and two pretrained Natural Language Processing (NLP) models for analyzing textual features such as page titles and content. The embeddings from these models are harmoniously combined through a novel fusion process. The resulting fused embeddings are then input into a linear classifier. Recognizing the scarcity of recent datasets for comprehensive phishing research, our contribution extends to the creation of an up-to-date dataset, which we openly share with the community. The dataset is meticulously curated to reflect real-life phishing conditions, ensuring relevance and applicability. The research findings highlight the effectiveness of the proposed approach, with the CANINE demonstrating superior performance in analyzing page titles and the RoBERTa excelling in evaluating page content. The fusion of two NLP and one MLP model,termed MultiText-LP, achieves impressive results, yielding a 96.80 F1 score and a 97.18 accuracy score on our research dataset. Furthermore, our approach outperforms existing methods on the CatchPhish HTML dataset, showcasing its efficacies.

Phishing Website Detection through Multi-Model Analysis of HTML Content

TL;DR

Phishing remains a major cyber threat, and this work targets detection using HTML content alone. The authors propose MultiText-LP, a fusion model that combines two pretrained NLP transformers (CANINE for titles and RoBERTa for content) with a specialized MLP to jointly process textual and numeric HTML features, feeding fused embeddings into a linear classifier. An up-to-date HTML phishing dataset, publicly shared, supports evaluation and benchmarking against prior HTML-based methods, with MTLP achieving and on their dataset and strong improvements on the Aljofey HTML benchmark. The results demonstrate the efficacy of HTML-centric multi-model fusion for phishing detection and offer a practical resource for researchers, with future work extending the fusion to include URL and WHOIS data.

Abstract

The way we communicate and work has changed significantly with the rise of the Internet. While it has opened up new opportunities, it has also brought about an increase in cyber threats. One common and serious threat is phishing, where cybercriminals employ deceptive methods to steal sensitive information.This study addresses the pressing issue of phishing by introducing an advanced detection model that meticulously focuses on HTML content. Our proposed approach integrates a specialized Multi-Layer Perceptron (MLP) model for structured tabular data and two pretrained Natural Language Processing (NLP) models for analyzing textual features such as page titles and content. The embeddings from these models are harmoniously combined through a novel fusion process. The resulting fused embeddings are then input into a linear classifier. Recognizing the scarcity of recent datasets for comprehensive phishing research, our contribution extends to the creation of an up-to-date dataset, which we openly share with the community. The dataset is meticulously curated to reflect real-life phishing conditions, ensuring relevance and applicability. The research findings highlight the effectiveness of the proposed approach, with the CANINE demonstrating superior performance in analyzing page titles and the RoBERTa excelling in evaluating page content. The fusion of two NLP and one MLP model,termed MultiText-LP, achieves impressive results, yielding a 96.80 F1 score and a 97.18 accuracy score on our research dataset. Furthermore, our approach outperforms existing methods on the CatchPhish HTML dataset, showcasing its efficacies.
Paper Structure (16 sections, 1 figure, 7 tables)

This paper contains 16 sections, 1 figure, 7 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Dataset
  5. Feature Extraction
  6. Model Development
  7. Multilayer Perceptron (MLP)
  8. Pretrained NLP Models
  9. MultiText-LP
  10. Results
  11. Evaluation Metrics
  12. Experimental Setup
  13. Model Performance
  14. Limitations
  15. Conclusion and Future Work
  16. ...and 1 more sections

Figures (1)

  • Figure 1: MultiText-LP Model Structure