Aggregation-Based Ensemble Classifier Versus Neural Networks Models for Recognizing Phishing Attacks

IF 3.6 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Access Pub Date : 2025-03-17 DOI:10.1109/ACCESS.2025.3551764

Wojciech Gałka;Jan G. Bazan;Urszula Bentkowska;Kamil Szwed;Marcin Mrukowicz;Paweł Drygaś;Lech Zarȩba;Marcin Szpyrka;Piotr Suszalski;Sebastian Obara

{"title":"Aggregation-Based Ensemble Classifier Versus Neural Networks Models for Recognizing Phishing Attacks","authors":"Wojciech Gałka;Jan G. Bazan;Urszula Bentkowska;Kamil Szwed;Marcin Mrukowicz;Paweł Drygaś;Lech Zarȩba;Marcin Szpyrka;Piotr Suszalski;Sebastian Obara","doi":"10.1109/ACCESS.2025.3551764","DOIUrl":null,"url":null,"abstract":"This contribution proposes a classifier designed to reduce the number of false positive detections. It is a self-tuning model, tested in the context of phishing link detection. In this prediction model diverse types of aggregation functions and time-series data periods are used. Aggregation functions are employed to integrate the prediction values of classification models applied in the email phishing problem. Dividing a dataset into subsets allows for incremental learning strategies. This makes it possible to gradually improve the model by using previously acquired knowledge when training on new data. The aim of the contribution is to discuss the problem of obtaining minimal value of FPR while simultaneously getting maximal value of TPR. We applied the proposed ensemble model and neural networks models which were adjusted to the incremental learning strategy (and as base models were applied typical examples of incremental learning models). The study analyzes the dataset provided by FreshMail company. The reason to consider this problem arose with the real-life problem of the Freshamil Company and the data provided by this Company. This dataset uniquely fulfills the criteria essential for our experiments. Unlike other phishing datasets, this data provides dates which is important for the incremental learning approach. The proposed approach of ensemble learning models, based on aggregation functions, is compared to the well-known neural network models which may be treated as state of the art models in recognizing phishing attacks. The main advantage of the proposed algorithm is achieving high numbers of true positives while simultaneously achieving relatively small number of false positives. According to the statistical tests, for some of the desired TPR levels, the proposed model obtained significantly better by a few percentage points results than neural network models. It mitigates the cost arising from the manual analysis of these cases by domain experts.","PeriodicalId":13079,"journal":{"name":"IEEE Access","volume":"13 ","pages":"48469-48487"},"PeriodicalIF":3.6000,"publicationDate":"2025-03-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10928336","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Access","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10928336/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This contribution proposes a classifier designed to reduce the number of false positive detections. It is a self-tuning model, tested in the context of phishing link detection. In this prediction model diverse types of aggregation functions and time-series data periods are used. Aggregation functions are employed to integrate the prediction values of classification models applied in the email phishing problem. Dividing a dataset into subsets allows for incremental learning strategies. This makes it possible to gradually improve the model by using previously acquired knowledge when training on new data. The aim of the contribution is to discuss the problem of obtaining minimal value of FPR while simultaneously getting maximal value of TPR. We applied the proposed ensemble model and neural networks models which were adjusted to the incremental learning strategy (and as base models were applied typical examples of incremental learning models). The study analyzes the dataset provided by FreshMail company. The reason to consider this problem arose with the real-life problem of the Freshamil Company and the data provided by this Company. This dataset uniquely fulfills the criteria essential for our experiments. Unlike other phishing datasets, this data provides dates which is important for the incremental learning approach. The proposed approach of ensemble learning models, based on aggregation functions, is compared to the well-known neural network models which may be treated as state of the art models in recognizing phishing attacks. The main advantage of the proposed algorithm is achieving high numbers of true positives while simultaneously achieving relatively small number of false positives. According to the statistical tests, for some of the desired TPR levels, the proposed model obtained significantly better by a few percentage points results than neural network models. It mitigates the cost arising from the manual analysis of these cases by domain experts.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于聚合的集成分类器与神经网络模型识别网络钓鱼攻击

这一贡献提出了一个分类器，旨在减少误报检测的数量。它是一个自调优模型，在网络钓鱼链接检测的环境中进行了测试。在该预测模型中，使用了不同类型的聚合函数和时间序列数据周期。利用聚合函数对邮件网络钓鱼问题中应用的分类模型的预测值进行整合。将数据集划分为子集允许增量学习策略。这使得在对新数据进行训练时，可以通过使用先前获得的知识逐步改进模型。本文的目的是讨论在获得最大TPR值的同时获得最小FPR值的问题。我们应用了所提出的集成模型和适应增量学习策略的神经网络模型（并将增量学习模型的典型示例作为基础模型）。该研究分析了FreshMail公司提供的数据集。考虑这个问题的原因是由于Freshamil公司的现实问题和该公司提供的数据。这个数据集独特地满足了我们实验的基本标准。与其他网络钓鱼数据集不同，该数据提供了对增量学习方法很重要的日期。本文提出的基于聚合函数的集成学习模型与神经网络模型进行了比较，神经网络模型是网络钓鱼攻击识别的最新模型。该算法的主要优点是实现了大量的真阳性，同时实现了相对较少的假阳性。根据统计检验，对于某些期望的TPR水平，该模型比神经网络模型获得了几个百分点的显著改善。它减少了由领域专家手工分析这些案例所产生的成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Access COMPUTER SCIENCE, INFORMATION SYSTEMSENGIN-ENGINEERING, ELECTRICAL & ELECTRONIC

CiteScore

9.80

自引率

7.70%

发文量

6673

审稿时长

6 weeks

期刊介绍： IEEE Access® is a multidisciplinary, open access (OA), applications-oriented, all-electronic archival journal that continuously presents the results of original research or development across all of IEEE''s fields of interest. IEEE Access will publish articles that are of high interest to readers, original, technically correct, and clearly presented. Supported by author publication charges (APC), its hallmarks are a rapid peer review and publication process with open access to all readers. Unlike IEEE''s traditional Transactions or Journals, reviews are "binary", in that reviewers will either Accept or Reject an article in the form it is submitted in order to achieve rapid turnaround. Especially encouraged are submissions on: Multidisciplinary topics, or applications-oriented articles and negative results that do not fit within the scope of IEEE''s traditional journals. Practical articles discussing new experiments or measurement techniques, interesting solutions to engineering. Development of new or improved fabrication or manufacturing techniques. Reviews or survey articles of new or evolving fields oriented to assist others in understanding the new area.