Çoğunluk Oylamasına Dayalı Farklı Etkinleştirme İşlevine Sahip Aşırı Öğrenme Makinelerini Kullanan Kimlik Avı Tespit Sistemi

Kimlik avı, oturum açma kimlik bilgileri, kullanıcı şifreleri, kredi kartı bilgileri gibi özel bilgileri çalmak amacıyla gerçekleştirilen yazılım tabanlı bir siber saldırı türüdür. Son yıllarda yayınlanan güvenlik raporları incelendiğinde milyonlarca kimlik avı sahteciliği yapan web sayfasının olduğu görülmektedir. Bu nedenle bu çalışmada etkili bir kimlik avı tespit modelinin geliştirilmesi amaçlanmıştır. Çalışmada sinüs, hiperbolik tanjant fonksiyonu, doğrultulmuş doğrusal birim, sızıntılı doğrultulmuş doğrusal birim ve üstel doğrusal birim gibi farklı aktivasyon fonksiyonlarının kullanıldığı aşırı öğrenme makineleri tabanlı bir model önerilmiş ve karşılaştırmalı analizler yapılmıştır. Ayrıca modellerin çoğunluk oyu ile birleştirildiğindeki performansları da değerlendirilmiş ve en yüksek doğruluk değerinin %97.123 ile en başarılı üç aktivasyon fonksiyonun çoğunluk oyu ile birleştirildiğinde elde edildiği görülmüştür. Deneysel sonuçlar, çalışmada önerilen modelin etkinliğini ve uygulanabilirliğini göstermektedir.

Anahtar Kelimeler:

Kimlik avı tespiti, aşırı makine öğrenimi, çoğunluk oylaması

Phishing Detection System Using Extreme Learning Machines with Different Activation Function based on Majority Voting

Phishing is a type of software-based cyber-attack carried out to steal private information such as login credentials, user passwords, and credit card information. When the security reports published in recent years are examined, it is seen that there are millions of phishing spoofing web pages. Therefore, in this study, it is aimed to develop an effective phishing detection model. In the study, an extreme learning machine based model using different activation functions such as sine, hyperbolic tangent function, rectified linear unit, leaky rectified linear unit and exponential linear unit was proposed and comparative analyses were made. In addition, the performances of the models when combined with the majority vote were also evaluated and it was seen that the highest accuracy value of 97.123% was obtained when the three most successful activation functions were combined with the majority vote. Experimental results show the effectiveness and applicability of the model proposed in the study.

Keywords:

Phishing detection, extreme machine learning, majority voting,

PDF

___

[1] Zhu, E., Chen, Y., Ye, C., Li, X., & Liu, F., “OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network”, IEEE Access, 7, 73271-73284, (2019).
[2] Anti-Phishing Working Group, “Phishing Activity Trends Report 3rd Quarter 2021,” https://apwg.org/trendsreports/#:~:text=APWG%20saw%20260%2C642%20phishing%20attacks,monthly%20in%20APWG's%20reporting%20h istory.&text=The%20number%20of%20brands%20being,Q2%20to%207%2C741%20in%20Q3 Erişim Tarihi: 03.01.2022
[3] Phishtank, https://www.phishtank.com/ Erişim Tarihi 10.01.2022.
[4] Wei, B., Hamad, R. A., Yang, L., He, X., Wang, H., Gao, B., & Woo, W. L., “A deep-learning-driven light-weight phishing detection sensor”, Sensors, 19(19): 4258, (2019).
[5] Xiang, G., Hong, J., Rose, C. P., & Cranor, L., “Cantina+ a feature-rich machine learning framework for detecting phishing web sites”, ACM Transactions on Information and System Security (TISSEC), 14(2): 1-28, (2011).
[6] El-Alfy, E. S. M., “Detection of phishing websites based on probabilistic neural networks and K-medoids clustering”, The Computer Journal, 60(12): 1745-1759, (2017).
[7] Jain, A. K., & Gupta, B. B., “Towards detection of phishing websites on client-side using machine learning based approach”. Telecommunication Systems, 68(4): 687-700, (2018).
[8] Sahingoz, O. K., Buber, E., Demir, O., & Diri, B.,“Machine learning based phishing detection from URLs”, Expert Systems with Applications, 117, 345-357, (2019).
[9] Chiew, K. L., Tan, C. L., Wong, K., Yong, K. S., & Tiong, W. K., “A new hybrid ensemble feature selection framework for machine learning- based phishing detection system”, Information Sciences, 484, 153-166, (2019).
[10] Rao, R. S., & Pais, A. R., “Detection of phishing websites using an efficient feature-based machine learning framework”, Neural Computing and Applications, 31(8): 3851-3873, (2019).
[11] Kasım Ö., “Malicious XSS code detection with decision tree”, Politeknik Dergisi, 23(1): 67-72, (2020).
[12] Çıtlak, O., Dörterler, M. & Dogru, İ. “A Hybrid Spam Detection Framework for Social Networks”, Politeknik Dergisi, 1-1. (2022).
[13] Uçar, E., Ucar, M., and İncetaş, M. O., “A Deep learning approach for detection of malicious URLs”, In 6th International Management Information Systems Conference, pp.10-17, (2019).
[14] Bahnsen, A. C., Bohorquez, E. C., Villegas, S., Vargas, J., & González, F. “Classifying phishing URLs using recurrent neural networks”, In 2017 APWG symposium on electronic crime research (eCrime), IEEE, pp.1-8, (2017).
[15] Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., & Zhu, T., “Web phishing detection using a deep learning framework”, Wireless Communications and Mobile Computing, (2018).
[16] Yang, P., Zhao, G., & Zeng, P., “Phishing website detection based on multidimensional features driven by deep learning”, IEEE Access, 7, 15196-15209, (2019).
[17] Feng, J., Zou, L., Ye, O., & Han, J., “Web2Vec: Phishing Webpage Detection Method Based on Multidimensional Features Driven by Deep Learning”, IEEE Access, 8, 221214-221224, (2020).
[18] Priya, M., Sandhya, L., & Thomas, C., “A static approach to detect drive-by-download attacks on webpages”, In 2013 International Conference on Control Communication and Computing (ICCC), IEEE, pp. 298-303, (2013).
[19] Toğaçar, M., “Web Sitelerinde Gerçekleştirilen Oltalama Saldırılarının Yapay Zekâ Yaklaşımı ile Tespiti. Bitlis Eren Üniversitesi Fen Bilimleri Dergisi, 10(4): 1603-1614, (2021).
[20] Koşan, M. A., YILDIZ, O., & Karacan, H., “Kimlik avı web sitelerinin tespitinde makine öğrenmesi algoritmalarının karşılaştırmalı analizi”, Pamukkale Üniversitesi Mühendislik Bilimleri Dergisi, 24(2): 276-282, (2018).
[21] Ali, W., & Malebary, S., “Particle swarm optimization-based feature weighting for improving intelligent phishing website detection”, IEEE Access, 8, 116766-116780, (2020).
[22] Minocha, S., & Singh, B., “A novel phishing detection system using binary modified equilibrium optimizer for feature selection”, Computers & Electrical Engineering, 98, 107689, (2022).
[23] Kaytan, M., & Hanbay, D., “Effective classification of phishing web pages based on new rules by using extreme learning machines”, Computer Science, 2(1): 15-36, (2017).
[24] Li, Y., Yang, Z., Chen, X., Yuan, H., & Liu, W., “A stacking model using URL and HTML features for phishing webpage detection”, Future Generation Computer Systems, 94, 27-39, (2019).
[25] Yang, L., Zhang, J., Wang, X., Li, Z., Li, Z., & He, Y., “An improved ELM-based and data preprocessing integrated approach for phishing detection considering comprehensive features”, Expert Systems with Applications, 165, 113863, (2021).
[26] Savaş, T. & Savaş, S. “Tekdüzen Kaynak Bulucu Yoluyla Kimlik Avı Tespiti için Makine Öğrenmesi Algoritmalarının Özellik Tabanlı Performans Karşılaştırması”, Politeknik Dergisi, 1-1. (2021).
[27] Somesha, M., Pais, A. R., Rao, R. S., & Rathour, V. S., “Efficient deep learning techniques for the detection of phishing websites”, Sādhanā, 45(1): 1-18, (2020).
[28] Ozcan, A., Catal, C., Donmez, E., & Senturk, B. “A hybrid DNN–LSTM model for detecting phishing URLs”, Neural Computing and Applications, 1-17. (2021).
[29] Al-Ahmadi, S., Alotaibi, A., & Alsaleh, O. “PDGAN: Phishing Detection with Generative Adversarial Networks”, IEEE Access, (2022).
[30] Huang, G. B., Zhu, Q. Y., & Siew, C. K., “Extreme learning machine: theory and applications”, Neurocomputing, 70(1-3): 489-501, (2006).
[31] Suresh, S., Saraswathi, S., & Sundararajan, N., “Performance enhancement of extreme learning machine for multi-category sparse data classification problems”, Engineering Applications of Artificial Intelligence, 23(7): 1149-1157, (2010).
[32] Kaya, Y., & Tekin, R., “Epileptik nöbetlerin tespiti için aşırı öğrenme makinesi tabanlı uzman bir system”, Bilişim Teknolojileri Dergisi, 5(2): 33-40, (2012).
[33] Sopena, J. M., Romero, E., & Alquezar, R., “Neural networks with periodic and monotonic activation functions: a comparative study in classification problems”, In 9th International Conference on Artificial Neural Networks: ICANN '99, (1999).
[34] Sharma, S., Sharma, S., & Athaiya, A., “Activation functions in neural networks”, towards data science, 6(12): 310-316, (2017).
[35] Nair, V., & Hinton, G. E., “Rectified linear units improve restricted boltzmann machines”, In Icml, (2010).
[36] Pedamonti, D., “Comparison of non-linear activation functions for deep neural networks on MNIST classification task”, arXiv preprint arXiv:1804.02763, (2018).
[37] Clevert, D. A., Unterthiner, T., & Hochreiter, S., “Fast and accurate deep network learning by exponential linear units (elus)”, arXiv preprint arXiv:1511.07289, (2015).
[38] Dataset, Chand E. 2021. Phishing website Detector. Kaggle. https://www.kaggle.com/datasets/eswarchandt/phishing-website- detector Erişim Tarihi: 05.12.2021.