Verifying phishmon: a framework for dynamic webpage classification

Abstract

Phishing attacks are the scourge of the network security manager's job. Looking for a solution to counter this trend, this paper examines and verifies the efficacy of Phishmon, a machine learning framework for scrutinizing webpages that relies on technical attributes of the webpage's structure for classification. More specifically, each of the four machine learning algorithms mentioned in the original paper are applied to a portion of the data set used by Phishmon's creators in order to verify and confirm their results. This paper expands the author's original work in two ways. First, the Phishmon framework is applied to two additional machine learning models for comparison to the first group. Furthermore, dimension reduction and algorithm parameter optimization are explored to determine their effects on the Phishmon framework's accuracy. Our findings suggest improvements to the Phishmon framework's implementation. Namely, downsizing the dataset to include an equal number of phishing and benign webpages as the model is formed appears to balance the accuracy rates achieved for both phishing and benign webpages. Furthermore, removing features with very low relative importance values may save time and processing power while preserving a vast majority of the model's information.