Detecting Cloud-Based Phishing Attacks by Combining Deep Learning Models
This addresses phishing detection for web security, but it is incremental as it applies existing deep learning methods to a new type of attack.
The paper tackled the problem of detecting cloud-based phishing attacks that exploit reputable domains, by evaluating deep learning models for URL, logo, and visual similarity analysis, and found that combining these models improves detection effectiveness, though no concrete numbers are provided.
Web-based phishing attacks nowadays exploit popular cloud web hosting services and apps such as Google Sites and Typeform for hosting their attacks. Since these attacks originate from reputable domains and IP addresses of the cloud services, traditional phishing detection methods such as IP reputation monitoring and blacklisting are not very effective. Here we investigate the effectiveness of deep learning models in detecting this class of cloud-based phishing attacks. Specifically, we evaluate deep learning models for three phishing detection methods--LSTM model for URL analysis, YOLOv2 model for logo analysis, and triplet network model for visual similarity analysis. We train the models using well-known datasets and test their performance on cloud-based phishing attacks in the wild. Our results qualitatively explain why the models succeed or fail. Furthermore, our results highlight how combining results from the individual models can improve the effectiveness of detecting cloud-based phishing attacks.