Phishing Detection in Deep Learning: Systematic Literature Review

Authors

Rahmad Abdillah (Scopus ID: 57210600304) Universitas Islam Negeri Sultan Syarif Kasim Riau http://orcid.org/0000-0002-9839-0670
Wenni Syafitri Universitas Lancang Kuning

DOI:

https://doi.org/10.24014/coreit.v10i1.31009

Keywords:

Detection, Deep Learning, Phishing, Systematic Literature Review

Abstract

Abstract. Phishing is an attack that is harmful to organizations and individuals in cybersecurity. Many researchers use deep learning techniques to detect phishing. However, the proposed techniques still have shortcomings in terms of performance, especially in detecting unknown attacks, even though they have been developed in such a way. Therefore, to gain a more comprehensive understanding of the current state of research on the use of deep learning to detect phishing, a systematic literature review (SLR) is needed. This SLR aims to identify deep learning techniques, performance measures, overfitting techniques, datasets, parameters, phishing types, and recommendations for future phishing detection research. The method used by SLR consists of a research question and research objective, Search strategy, Inclusion and exclusion criteria, and Data extraction and Analysis. Over the past five years, SLR successfully identified 25 quality articles on phishing detection using deep learning. The contribution of this SLR is to provide insight into the current state of research and identify future research areas of phishing detection using deep learning techniques.

Author Biography

Rahmad Abdillah (Scopus ID: 57210600304), Universitas Islam Negeri Sultan Syarif Kasim Riau

Scopus ID 57210600304

_______________________
Jurusan Teknik Informatika

Fakultas Sains dan Teknologi

References

N. Altwaijry, I. Al-Turaiki, R. Alotaibi, and F. Alakeel, “Advancing Phishing Email Detection: A Comparative Study of Deep Learning Models,” Sensors, vol. 24, no. 7, p. 2077, Mar. 2024, doi: 10.3390/s24072077.

O. K. Sahingoz, E. BUBEr, and E. Kugu, “DEPHIDES: Deep Learning Based Phishing Detection System,” IEEE Access, vol. 12, pp. 8052–8070, 2024, doi: 10.1109/ACCESS.2024.3352629.

R. Brindha, S. Nandagopal, H. Azath, V. Sathana, G. Prasad Joshi, and S. Won Kim, “Intelligent Deep Learning Based Cybersecurity Phishing Email Detection and Classification,” Comput. Mater. Contin., vol. 74, no. 3, pp. 5901–5914, 2023, doi: 10.32604/cmc.2023.030784.

M. K. Prabakaran, P. Meenakshi Sundaram, and A. D. Chandrasekar, “An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders,” IET Inf. Secur., vol. 17, no. 3, pp. 423–440, May 2023, doi: 10.1049/ise2.12106.

K. Thakur, M. L. Ali, M. A. Obaidat, and A. Kamruzzaman, “A Systematic Review on Deep-Learning-Based Phishing Email Detection,” Electronics, vol. 12, no. 21, p. 4545, Nov. 2023, doi: 10.3390/electronics12214545.

N. Q. Do, A. Selamat, O. Krejcar, E. Herrera-Viedma, and H. Fujita, “Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions,” IEEE Access, vol. 10, pp. 36429–36463, 2022, doi: 10.1109/ACCESS.2022.3151903.

C. Catal, G. Giray, B. Tekinerdogan, S. Kumar, and S. Shukla, “Applications of deep learning for phishing detection: a systematic literature review,” Knowl. Inf. Syst., vol. 64, no. 6, pp. 1457–1500, Jun. 2022, doi: 10.1007/s10115-022-01672-x.

B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey, and S. Linkman, “Systematic literature reviews in software engineering – A systematic literature review,” Inf. Softw. Technol., vol. 51, no. 1, pp. 7–15, Jan. 2009, doi: 10.1016/j.infsof.2008.09.009.

S. Wang, S. Khan, C. Xu, S. Nazir, and A. Hafeez, “Deep Learning-Based Efficient Model Development for Phishing Detection Using Random Forest and BLSTM Classifiers,” Complexity, vol. 2020, pp. 1–7, Sep. 2020, doi: 10.1155/2020/8694796.

M. Somesha, A. R. Pais, R. S. Rao, and V. S. Rathour, “Efficient deep learning techniques for the detection of phishing websites,” Sādhanā, vol. 45, no. 1, p. 165, Dec. 2020, doi: 10.1007/s12046-020-01392-4.

T. Rasymas and L. Dovydaitis, “Detection of phishing URLs by using deep learning approach and multiple features combinations,” Balt. J. Mod. Comput., vol. 8, no. 3, pp. 471–483, 2020, doi: 10.22364/BJMC.2020.8.3.06.

J. Feng, L. yang Zou, O. Ye, and J. zhou Han, “Web2Vec: Phishing Webpage Detection Method Based on Multidimensional Features Driven by Deep Learning,” IEEE Access, vol. 8, 2020, doi: 10.1109/ACCESS.2020.3043188.

A. Al-Alyan and S. Al-Ahmadi, “Robust URL phishing detection based on deep learning,” KSII Trans. Internet Inf. Syst., vol. 14, no. 7, pp. 2752–2768, 2020, doi: 10.3837/tiis.2020.07.001.

M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” J. Enterp. Inf. Manag., vol. ahead-of-p, no. ahead-of-print, Jun. 2020, doi: 10.1108/JEIM-01-2020-0036.

R. Yang, K. Zheng, B. Wu, C. Wu, and X. Wang, “Phishing Website Detection Based on Deep Convolutional Neural Network and Random Forest Ensemble Learning,” Sensors, vol. 21, no. 24, p. 8281, Dec. 2021, doi: 10.3390/s21248281.

S. M. Alzahrani, “Phishing Attack Detection Using Deep Learning,” Int. J. Comput. Sci. Netw. Secur., vol. 21, no. 12, pp. 213–218, Dec. 2021, doi: 10.22937/IJCSNS.2021.21.12.31.

L. Tang and Q. H. Mahmoud, “A Deep Learning-Based Framework for Phishing Website Detection,” IEEE Access, vol. 10, pp. 1509–1521, 2022, doi: 10.1109/ACCESS.2021.3137636.

H. Shaiba, J. S. Alzahrani, M. M. Eltahir, R. Marzouk, H. Mohsen, and M. Ahmed Hamza, “Hunger Search Optimization with Hybrid Deep Learning Enabled Phishing Detection and Classification Model,” Comput. Mater. Contin., vol. 73, no. 3, pp. 6425–6441, 2022, doi: 10.32604/cmc.2022.031625.

Y. Ogawa, T. Kimura, and J. Cheng, “Deep-learning-based sequential phishing detection,” IEICE Commun. Express, vol. 11, no. 4, pp. 171–175, Apr. 2022, doi: 10.1587/comex.2021XBL0212.

M. Korkmaz, E. Kocyigit, O. K. Sahingoz, and B. Diri, “A Hybrid Phishing Detection System Using Deep Learning-based URL and Content Analysis,” Elektron. Ir Elektrotechnika, vol. 28, no. 5, pp. 80–89, Oct. 2022, doi: 10.5755/j02.eie.31197.

M. Elsadig et al., “Intelligent Deep Machine Learning Cyber Phishing URL Detection Based on BERT Features Extraction,” Electronics, vol. 11, no. 22, p. 3647, Nov. 2022, doi: 10.3390/electronics11223647.

S.-J. Bu and H.-J. Kim, “Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection,” Electronics, vol. 11, no. 7, p. 1090, Mar. 2022.

M. Almousa, T. Zhang, A. Sarrafzadeh, and M. Anwar, “Phishing website detection: How effective are deep learning-based models and hyperparameter optimization?,” Secur. Priv., vol. 5, no. 6, p. e256, Nov. 2022, doi: 10.1002/spy2.256.

E. Benavides-Astudillo, W. Fuertes, S. Sanchez-Gordon, D. Nuñez-Agurto, and G. Rodríguez-Galán, “A Phishing-Attack-Detection Model Using Natural Language Processing and Deep Learning,” Appl. Sci., vol. 13, no. 9, p. 5275, Apr. 2023, doi: 10.3390/app13095275.

Z. Alshingiti, R. Alaqel, J. Al-Muhtadi, Q. E. U. Haq, K. Saleem, and M. H. Faheem, “A Deep Learning-Based Phishing Detection System Using CNN, LSTM, and LSTM-CNN,” Electronics, vol. 12, no. 1, p. 232, Jan. 2023, doi: 10.3390/electronics12010232.

E. A. Aldakheel, M. Zakariah, G. A. Gashgari, F. A. Almarshad, and A. I. A. Alzahrani, “A Deep Learning-Based Innovative Technique for Phishing Detection in Modern Security with Uniform Resource Locators,” Sensors, vol. 23, no. 9, p. 4403, Apr. 2023, doi: 10.3390/s23094403.

M. Abdullah Alohali et al., “Metaheuristics with deep learning driven phishing detection for sustainable and secure environment,” Sustain. Energy Technol. Assess., vol. 56, p. 103114, Mar. 2023, doi: 10.1016/j.seta.2023.103114.

S. Atawneh and H. Aljehani, “Phishing Email Detection Model Using Deep Learning,” Electronics, vol. 12, no. 20, p. 4261, Oct. 2023, doi: 10.3390/electronics12204261.

F. S. Alsubaei, A. A. Almazroi, and N. Ayub, “Enhancing Phishing Detection: A Novel Hybrid Deep Learning Framework for Cybercrime Forensics,” IEEE Access, vol. 12, pp. 8373–8389, 2024, doi: 10.1109/ACCESS.2024.3351946.

Downloads

Published

2024-07-15

Issue

Vol. 10 No. 1 (2024): June 2024

Section

Articles

License

The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned to CoreIT journal and published by Informatics Engineering Department Universitas Islam Negeri Sultan Syarif Kasim Riau as publisher of the journal.

Authors who publish with this journal agree to the following terms:

Authors automatically transfer the copyright to the journal and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike (CC BY SA) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

Authors are able to enter into separate permission for non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).