Enhancing IoT Security: Proactive Phishing Website Detection Using Deep Neural Networks Case study: Smart Home

Main Article Content

Habiba Bouijij https://orcid.org/0009-0001-9248-0800
Amine Berqia https://orcid.org/0000-0002-3566-2894

Keywords

Smart Home, Phishing, URL Classification, Security, Deep Neural Network

Abstract

The Internet of Things (IoT) has proven its utility across various domains, including healthcare, agriculture, industry, and finance. It comprises Internet-connected devices that offer remote control capabilities. However, this very connectivity exposes these devices to potential cyberattacks. Cybercriminals can exploit the vulnerabilities in these devices by sending deceptive emails or text messages containing malicious links leading to hacker websites or destructive applications. This allows them unauthorized access to connected devices and the acquisition of sensitive personal information. Such malicious tactics are collectively known as phishing and pose one of the most prevalent threats.


This article presents an innovative method that harnesses the power of a Deep Neural Network to accurately classify and proactively prevent phishing websites by analyzing their URLs. The method is demonstrated through a smart home use case, aiming to reinforce IoT security and safeguard users’ sensitive data by proactively identifying and preventing phishing attacks. By harnessing the power of the Deep Learning model, this innovative technique seeks to enhance online safety and protect users from potential cyber threats.


 

Downloads

Download data is not yet available.
Abstract 277 | 822-PDF-v12n1pp446-462 Downloads 32

References

Abbas, S. G., Vaccari, I., Hussain, F., Zahid, S., Fayyaz, U. U., Shah, G. A., Bakhshi, T., & Cambiaso, E. (2021). Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach. Sensors, 21(14). https://doi.org/10.3390/s21144816
Adebowale, M. A., Lwin, K. T., Sánchez, E., & Hossain, M. A. (2019). Intelligent web-phishing detection and protection scheme using integrated features of Images, frames and text. Expert Systems with Applications, 115, 300–313. https://doi.org/10.1016/j.eswa.2018.07.067
APWG. (n.d.). Phishing Activity Trends Reports. Retrieved May 17, 2023, from https://apwg.org/trendsreports/
Atitallah, S. Ben, Driss, M., Boulila, W., & Ghezala, H. Ben. (2020). Leveraging Deep Learning and IoT big data analytics to support the smart cities development: Review and future directions. Computer Science Review, 38, 100303. https://doi.org/10.1016/j.cosrev.2020.100303
Barraclough, P. A., Hossain, M. A., Tahir, M. A., Sexton, G., & Aslam, N. (2013). Intelligent phishing detection and protection scheme for online transactions. Expert Systems with Applications, 40(11), 4697–4706. https://doi.org/10.1016/j.eswa.2013.02.009
Berqia, A., & Nacsimento, G. (2004). A distributed approach for intrusion detection systems. Proceedings. 2004 International Conference on Information and Communication Technologies: From Theory to Applications, 2004, pp. 493–494.
Bouijij, H., & Berqia, A. (2021). Machine Learning Algorithms Evaluation for Phishing URLs Classification. 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pp. 1–5. https://doi.org/10.1109/ISAECT53699.2021.9668489
Bouijij, H., Berqia, A., & Saliah-Hassan, H. (2022). Phishing URL classification using Extra-Tree and DNN. 2022 10th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–6. https://doi.org/10.1109/ISDFS55398.2022.9800795
Cybermalveillance Homepage. (n.d.). Retrieved July 30, 2023, from https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/rapport-activite-2021
Ding, Y., Luktarhan, N., Li, K., & Slamu, W. (2019). A keyword-based combination approach for detecting phishing webpages. Computers and Security, 84, 256–275. https://doi.org/10.1016/j.cose.2019.03.018
Kaggle Homepage. (n.d.). Retrieved July 31, 2023, from https://www.kaggle.com/datasets/shashwatwork/phishing-dataset-for-machine-learning
Keras Homepage. (n.d.). Retrieved July 30, 2023, from https://keras.io/guides/
Liu, D. J., Geng, G. G., & Zhang, X. C. (2022a). Multi-scale semantic deep fusion models for phishing website detection. Expert Systems with Applications, 209. https://doi.org/10.1016/j.eswa.2022.118305
Liu, D. J., Geng, G. G., & Zhang, X. C. (2022b). Multi-scale semantic deep fusion models for phishing website detection. Expert Systems with Applications, 209. https://doi.org/10.1016/j.eswa.2022.118305
Mendeley Data Homepage. (n.d.). Retrieved July 31, 2023, from https://data.mendeley.com/datasets/n96ncsr5g4/1
“Pandas Tutorial”. (2024). Available at https://www.w3schools.com/python/pandas/default.asp
Rajkumar, S., Sheeba, S. L., Sivakami, R., Prabu, S., & Selvarani, A. (2023). An IoT-Based Deep Learning Approach for Online Fault Detection Against Cyber-Attacks. SN Computer Science, 4(4), 393. https://doi.org/10.1007/s42979-023-01808-y
Sabiri, B., Asri, B. E., & Rhanoui, M. (2022). Mechanism of Overfitting Avoidance Techniques for Training Deep Neural Networks. International Conference on Enterprise Information Systems, ICEIS - Proceedings, 1, pp. 418–427. https://doi.org/10.5220/0011114900003179
Safi, A., & Singh, S. (2023). A systematic literature review on phishing website detection techniques. Journal of King Saud University - Computer and Information Sciences, 35(2), 590–611. https://doi.org/10.1016/j.jksuci.2023.01.004
Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing detection from URLs. Expert Systems with Applications, 117, 345–357. https://doi.org/10.1016/j.eswa.2018.09.029
Salah, H., & Zuhair, H. (2023). Deep learning in phishing mitigation: a uniform resource locator-based predictive model. International Journal of Electrical and Computer Engineering, 13(3), 3227–3243. https://doi.org/10.11591/ijece.v13i3.pp3227-3243
Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., & Alaiz-Rodríguez, R. (2022). Phishing websites detection using a novel multipurpose dataset and web technologies features. Expert Systems with Applications, 207. https://doi.org/10.1016/j.eswa.2022.118010
Scikit-learn Homepage. (n.d.). Retrieved May 17, 2023, from https://scikit-learn.org/stable/supervised_learning.html#supervised-learning
TensorFlow. (n.d.). Create production-grade machine learning models with TensorFlow. Available at https://www.tensorflow.org/
Wei, W., Ke, Q., Nowak, J., Korytkowski, M., Scherer, R., & Woźniak, M. (2020). Accurate and fast URL phishing detector: A convolutional neural network approach. Computer Networks, 178. https://doi.org/10.1016/j.comnet.2020.107275
Yuan, J., Chen, G., Tian, S., & Pei, X. (2021). Malicious URL detection based on a parallel neural joint model. IEEE Access, 9, 9464–9472. https://doi.org/10.1109/ACCESS.2021.3049625