From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection

Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text o...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2020, Vol.8, p.76368-76385
Hauptverfasser:	Gualberto, Eder S., De Sousa, Rafael T., De B. Vieira, Thiago P., Da Costa, Joao Paulo C. L., Duque, Claudio G.
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Classification Classification algorithms Cybercrime Dirichlet problem Electronic mail Electronic mail systems Feature engineering Feature extraction Fraud Machine learning Mail Natural language processing Phishing phishing detection Resampling Target detection topics modeling Unsolicited e-mail XGBoost
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	76385
container_issue
container_start_page	76368
container_title	IEEE access
container_volume	8
creator	Gualberto, Eder S. De Sousa, Rafael T. De B. Vieira, Thiago P. Da Costa, Joao Paulo C. L. Duque, Claudio G.
description	Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text of these e-mails. The obtained attributes are then used to feed classification algorithms in order to determine whether they are phishing or legitimate messages. In this paper, it is proposed an approach based on machine learning to detect phishing e-mail attacks. The methods that compose this approach are performed through a feature engineering process based on natural language processing, lemmatization, topics modeling, improved learning techniques for resampling and cross-validation, and hyperparameters configuration. The first proposed method uses all the features obtained from the Document-Term Matrix (DTM) in the classification algorithms. The second one uses Latent Dirichlet Allocation (LDA) as a operation to deal with the problems of the "curse of dimensionality", the sparsity, and the text context portion included in the obtained representation. The proposed approach reached marks with an F1-measure of 99.95% success rate using the XGBoost algorithm. It outperforms state-of-the-art phishing detection researches for an accredited data set, in applications based only on the body of the e-mails, without using other e-mail features such as its header, IP information or number of links in the text.
doi_str_mv	10.1109/ACCESS.2020.2989126
format	Article
fullrecord	<record><control><sourceid>proquest_doaj_</sourceid><recordid>TN_cdi_proquest_journals_2454091879</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9075252</ieee_id><doaj_id>oai_doaj_org_article_eb52153152634b3f95a1f82ccc9278d3</doaj_id><sourcerecordid>2454091879</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-5a36f4622a58c2e308e2a39c89e2972252019bbf89def1fba13153e2dbdb071e3</originalsourceid><addsrcrecordid>eNpNkU9PAyEQxTdGE436CbyQeG6FYdmFo6mtNtHY-OdoCAuzLU1dKmwPfntp1xi5QIb3ezOTVxRXjI4Zo-rmdjKZvr6OgQIdg5KKQXVUnAGr1IgLXh3_e58WlymtaT4yl0R9VnzMYvgkMzT9LiKZdkvfIUbfLYnpHHkLW28TeQoON4n0IQtWprPoyCKi87b3oSMvpsdEfEcWK59We_QOezz8XRQnrdkkvPy9z4v32fRt8jB6fL6fT24fR7aksh8Jw6u2rACMkBaQU4lguLJSIagaQABlqmlaqRy2rG0M40xwBNe4htYM-XkxH3xdMGu9jf7TxG8djNeHQohLbWLv7QY1NgIyzARUvGx4q4RhrQRrrYJaOp69rgevbQxfO0y9Xodd7PL4GkpRUsVkrbKKDyobQ0oR27-ujOp9LHqIRe9j0b-xZOpqoDwi_hGK1iLvyH8ASG-HuA</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454091879</pqid></control><display><type>article</type><title>From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Gualberto, Eder S. ; De Sousa, Rafael T. ; De B. Vieira, Thiago P. ; Da Costa, Joao Paulo C. L. ; Duque, Claudio G.</creator><creatorcontrib>Gualberto, Eder S. ; De Sousa, Rafael T. ; De B. Vieira, Thiago P. ; Da Costa, Joao Paulo C. L. ; Duque, Claudio G.</creatorcontrib><description>Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text of these e-mails. The obtained attributes are then used to feed classification algorithms in order to determine whether they are phishing or legitimate messages. In this paper, it is proposed an approach based on machine learning to detect phishing e-mail attacks. The methods that compose this approach are performed through a feature engineering process based on natural language processing, lemmatization, topics modeling, improved learning techniques for resampling and cross-validation, and hyperparameters configuration. The first proposed method uses all the features obtained from the Document-Term Matrix (DTM) in the classification algorithms. The second one uses Latent Dirichlet Allocation (LDA) as a operation to deal with the problems of the "curse of dimensionality", the sparsity, and the text context portion included in the obtained representation. The proposed approach reached marks with an F1-measure of 99.95% success rate using the XGBoost algorithm. It outperforms state-of-the-art phishing detection researches for an accredited data set, in applications based only on the body of the e-mails, without using other e-mail features such as its header, IP information or number of links in the text.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.2989126</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Classification ; Classification algorithms ; Cybercrime ; Dirichlet problem ; Electronic mail ; Electronic mail systems ; Feature engineering ; Feature extraction ; Fraud ; Machine learning ; Mail ; Natural language processing ; Phishing ; phishing detection ; Resampling ; Target detection ; topics modeling ; Unsolicited e-mail ; XGBoost</subject><ispartof>IEEE access, 2020, Vol.8, p.76368-76385</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-5a36f4622a58c2e308e2a39c89e2972252019bbf89def1fba13153e2dbdb071e3</citedby><cites>FETCH-LOGICAL-c408t-5a36f4622a58c2e308e2a39c89e2972252019bbf89def1fba13153e2dbdb071e3</cites><orcidid>0000-0002-8616-4924 ; 0000-0003-3558-466X ; 0000-0002-2917-3605 ; 0000-0003-0512-374X ; 0000-0003-1101-3029</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9075252$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,778,782,862,2098,4012,27616,27906,27907,27908,54916</link.rule.ids></links><search><creatorcontrib>Gualberto, Eder S.</creatorcontrib><creatorcontrib>De Sousa, Rafael T.</creatorcontrib><creatorcontrib>De B. Vieira, Thiago P.</creatorcontrib><creatorcontrib>Da Costa, Joao Paulo C. L.</creatorcontrib><creatorcontrib>Duque, Claudio G.</creatorcontrib><title>From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection</title><title>IEEE access</title><addtitle>Access</addtitle><description>Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text of these e-mails. The obtained attributes are then used to feed classification algorithms in order to determine whether they are phishing or legitimate messages. In this paper, it is proposed an approach based on machine learning to detect phishing e-mail attacks. The methods that compose this approach are performed through a feature engineering process based on natural language processing, lemmatization, topics modeling, improved learning techniques for resampling and cross-validation, and hyperparameters configuration. The first proposed method uses all the features obtained from the Document-Term Matrix (DTM) in the classification algorithms. The second one uses Latent Dirichlet Allocation (LDA) as a operation to deal with the problems of the "curse of dimensionality", the sparsity, and the text context portion included in the obtained representation. The proposed approach reached marks with an F1-measure of 99.95% success rate using the XGBoost algorithm. It outperforms state-of-the-art phishing detection researches for an accredited data set, in applications based only on the body of the e-mails, without using other e-mail features such as its header, IP information or number of links in the text.</description><subject>Algorithms</subject><subject>Classification</subject><subject>Classification algorithms</subject><subject>Cybercrime</subject><subject>Dirichlet problem</subject><subject>Electronic mail</subject><subject>Electronic mail systems</subject><subject>Feature engineering</subject><subject>Feature extraction</subject><subject>Fraud</subject><subject>Machine learning</subject><subject>Mail</subject><subject>Natural language processing</subject><subject>Phishing</subject><subject>phishing detection</subject><subject>Resampling</subject><subject>Target detection</subject><subject>topics modeling</subject><subject>Unsolicited e-mail</subject><subject>XGBoost</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNkU9PAyEQxTdGE436CbyQeG6FYdmFo6mtNtHY-OdoCAuzLU1dKmwPfntp1xi5QIb3ezOTVxRXjI4Zo-rmdjKZvr6OgQIdg5KKQXVUnAGr1IgLXh3_e58WlymtaT4yl0R9VnzMYvgkMzT9LiKZdkvfIUbfLYnpHHkLW28TeQoON4n0IQtWprPoyCKi87b3oSMvpsdEfEcWK59We_QOezz8XRQnrdkkvPy9z4v32fRt8jB6fL6fT24fR7aksh8Jw6u2rACMkBaQU4lguLJSIagaQABlqmlaqRy2rG0M40xwBNe4htYM-XkxH3xdMGu9jf7TxG8djNeHQohLbWLv7QY1NgIyzARUvGx4q4RhrQRrrYJaOp69rgevbQxfO0y9Xodd7PL4GkpRUsVkrbKKDyobQ0oR27-ujOp9LHqIRe9j0b-xZOpqoDwi_hGK1iLvyH8ASG-HuA</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Gualberto, Eder S.</creator><creator>De Sousa, Rafael T.</creator><creator>De B. Vieira, Thiago P.</creator><creator>Da Costa, Joao Paulo C. L.</creator><creator>Duque, Claudio G.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-8616-4924</orcidid><orcidid>https://orcid.org/0000-0003-3558-466X</orcidid><orcidid>https://orcid.org/0000-0002-2917-3605</orcidid><orcidid>https://orcid.org/0000-0003-0512-374X</orcidid><orcidid>https://orcid.org/0000-0003-1101-3029</orcidid></search><sort><creationdate>2020</creationdate><title>From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection</title><author>Gualberto, Eder S. ; De Sousa, Rafael T. ; De B. Vieira, Thiago P. ; Da Costa, Joao Paulo C. L. ; Duque, Claudio G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-5a36f4622a58c2e308e2a39c89e2972252019bbf89def1fba13153e2dbdb071e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Algorithms</topic><topic>Classification</topic><topic>Classification algorithms</topic><topic>Cybercrime</topic><topic>Dirichlet problem</topic><topic>Electronic mail</topic><topic>Electronic mail systems</topic><topic>Feature engineering</topic><topic>Feature extraction</topic><topic>Fraud</topic><topic>Machine learning</topic><topic>Mail</topic><topic>Natural language processing</topic><topic>Phishing</topic><topic>phishing detection</topic><topic>Resampling</topic><topic>Target detection</topic><topic>topics modeling</topic><topic>Unsolicited e-mail</topic><topic>XGBoost</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Gualberto, Eder S.</creatorcontrib><creatorcontrib>De Sousa, Rafael T.</creatorcontrib><creatorcontrib>De B. Vieira, Thiago P.</creatorcontrib><creatorcontrib>Da Costa, Joao Paulo C. L.</creatorcontrib><creatorcontrib>Duque, Claudio G.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Gualberto, Eder S.</au><au>De Sousa, Rafael T.</au><au>De B. Vieira, Thiago P.</au><au>Da Costa, Joao Paulo C. L.</au><au>Duque, Claudio G.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>76368</spage><epage>76385</epage><pages>76368-76385</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Phishing is a type of fraud attempt in which the attacker, usually by e-mail, pretends to be a trusted person or entity in order to obtain sensitive information from a target. Most recent phishing detection researches have focused on obtaining highly distinctive features from the metadata and text of these e-mails. The obtained attributes are then used to feed classification algorithms in order to determine whether they are phishing or legitimate messages. In this paper, it is proposed an approach based on machine learning to detect phishing e-mail attacks. The methods that compose this approach are performed through a feature engineering process based on natural language processing, lemmatization, topics modeling, improved learning techniques for resampling and cross-validation, and hyperparameters configuration. The first proposed method uses all the features obtained from the Document-Term Matrix (DTM) in the classification algorithms. The second one uses Latent Dirichlet Allocation (LDA) as a operation to deal with the problems of the "curse of dimensionality", the sparsity, and the text context portion included in the obtained representation. The proposed approach reached marks with an F1-measure of 99.95% success rate using the XGBoost algorithm. It outperforms state-of-the-art phishing detection researches for an accredited data set, in applications based only on the body of the e-mails, without using other e-mail features such as its header, IP information or number of links in the text.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.2989126</doi><tpages>18</tpages><orcidid>https://orcid.org/0000-0002-8616-4924</orcidid><orcidid>https://orcid.org/0000-0003-3558-466X</orcidid><orcidid>https://orcid.org/0000-0002-2917-3605</orcidid><orcidid>https://orcid.org/0000-0003-0512-374X</orcidid><orcidid>https://orcid.org/0000-0003-1101-3029</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2020, Vol.8, p.76368-76385
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2454091879
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Algorithms Classification Classification algorithms Cybercrime Dirichlet problem Electronic mail Electronic mail systems Feature engineering Feature extraction Fraud Machine learning Mail Natural language processing Phishing phishing detection Resampling Target detection topics modeling Unsolicited e-mail XGBoost
title	From Feature Engineering and Topics Models to Enhanced Prediction Rates in Phishing Detection
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T09%3A13%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_doaj_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=From%20Feature%20Engineering%20and%20Topics%20Models%20to%20Enhanced%20Prediction%20Rates%20in%20Phishing%20Detection&rft.jtitle=IEEE%20access&rft.au=Gualberto,%20Eder%20S.&rft.date=2020&rft.volume=8&rft.spage=76368&rft.epage=76385&rft.pages=76368-76385&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.2989126&rft_dat=%3Cproquest_doaj_%3E2454091879%3C/proquest_doaj_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454091879&rft_id=info:pmid/&rft_ieee_id=9075252&rft_doaj_id=oai_doaj_org_article_eb52153152634b3f95a1f82ccc9278d3&rfr_iscdi=true