Aggregation-Based Ensemble Classifier Versus Neural Networks Models for Recognizing Phishing Attacks

IF 3.4 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Access Pub Date : 2025-03-17 DOI:10.1109/ACCESS.2025.3551764

Wojciech Gałka;Jan G. Bazan;Urszula Bentkowska;Kamil Szwed;Marcin Mrukowicz;Paweł Drygaś;Lech Zarȩba;Marcin Szpyrka;Piotr Suszalski;Sebastian Obara

{"title":"Aggregation-Based Ensemble Classifier Versus Neural Networks Models for Recognizing Phishing Attacks","authors":"Wojciech Gałka;Jan G. Bazan;Urszula Bentkowska;Kamil Szwed;Marcin Mrukowicz;Paweł Drygaś;Lech Zarȩba;Marcin Szpyrka;Piotr Suszalski;Sebastian Obara","doi":"10.1109/ACCESS.2025.3551764","DOIUrl":null,"url":null,"abstract":"This contribution proposes a classifier designed to reduce the number of false positive detections. It is a self-tuning model, tested in the context of phishing link detection. In this prediction model diverse types of aggregation functions and time-series data periods are used. Aggregation functions are employed to integrate the prediction values of classification models applied in the email phishing problem. Dividing a dataset into subsets allows for incremental learning strategies. This makes it possible to gradually improve the model by using previously acquired knowledge when training on new data. The aim of the contribution is to discuss the problem of obtaining minimal value of FPR while simultaneously getting maximal value of TPR. We applied the proposed ensemble model and neural networks models which were adjusted to the incremental learning strategy (and as base models were applied typical examples of incremental learning models). The study analyzes the dataset provided by FreshMail company. The reason to consider this problem arose with the real-life problem of the Freshamil Company and the data provided by this Company. This dataset uniquely fulfills the criteria essential for our experiments. Unlike other phishing datasets, this data provides dates which is important for the incremental learning approach. The proposed approach of ensemble learning models, based on aggregation functions, is compared to the well-known neural network models which may be treated as state of the art models in recognizing phishing attacks. The main advantage of the proposed algorithm is achieving high numbers of true positives while simultaneously achieving relatively small number of false positives. According to the statistical tests, for some of the desired TPR levels, the proposed model obtained significantly better by a few percentage points results than neural network models. It mitigates the cost arising from the manual analysis of these cases by domain experts.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"48469-48487"},"PeriodicalIF":3.4000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10928336","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10928336/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This contribution proposes a classifier designed to reduce the number of false positive detections. It is a self-tuning model, tested in the context of phishing link detection. In this prediction model diverse types of aggregation functions and time-series data periods are used. Aggregation functions are employed to integrate the prediction values of classification models applied in the email phishing problem. Dividing a dataset into subsets allows for incremental learning strategies. This makes it possible to gradually improve the model by using previously acquired knowledge when training on new data. The aim of the contribution is to discuss the problem of obtaining minimal value of FPR while simultaneously getting maximal value of TPR. We applied the proposed ensemble model and neural networks models which were adjusted to the incremental learning strategy (and as base models were applied typical examples of incremental learning models). The study analyzes the dataset provided by FreshMail company. The reason to consider this problem arose with the real-life problem of the Freshamil Company and the data provided by this Company. This dataset uniquely fulfills the criteria essential for our experiments. Unlike other phishing datasets, this data provides dates which is important for the incremental learning approach. The proposed approach of ensemble learning models, based on aggregation functions, is compared to the well-known neural network models which may be treated as state of the art models in recognizing phishing attacks. The main advantage of the proposed algorithm is achieving high numbers of true positives while simultaneously achieving relatively small number of false positives. According to the statistical tests, for some of the desired TPR levels, the proposed model obtained significantly better by a few percentage points results than neural network models. It mitigates the cost arising from the manual analysis of these cases by domain experts.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.