Feature Selection for Phishing Detection with Machine Learning

Abstract

In the last 10 years machine learning has been widely used to combat phishing attacks. The most common approach was to build a classification model that would be able to detect whether or not a given URL or website is a phishing attack. In order to effectively detect a phishing page with machine learning we must find an effective method to represent websites (both phish and benign) as features which can be fed into a machine learning model. One of the challenges faced by these approaches was to find a good set of features to represent the phishing and benign sites. Within the last 10 years hundreds of different features had been proposed and used to great success [6] [7] [9]. However, due to the curse of dimensionality, use of all available features will exponentially increase the sparsity of the dataset, lowering the odds of successful classification. In this work we extract 31 features that had been commonly used in the literature and perform an in depth feature ranking analysis in order to find the most effective features for phishing detection. Using both filter and wrapping methods we were able to find 23 effective features for phishing detection. The F1-score for all 31 features was 0.88 and time taken to train the multilevel perceptron model was 45.49 seconds and the size of the data used is 100k. Using these 23 features we were able to train a model that has 0.99 F1-score and which was comparable with all previous work while reducing the overall dimensionality of the data and time taken to train the model was 43.71 seconds.