Towards improved Phishing website detection: heuristic-based approaches vs. Machine Learning

Abstract

Phishing is widely acknowledged as one of the most
insidious types of social engineering attacks. Despite substantial
efforts to combat this issue, it continues to evolve in sophistication,
resulting in increasing financial losses. Historically,
countering phishing involved a blend of human vigilance and
software-based detection mechanisms, primarily relying on listbased
strategies. However, with the advent of advanced data
science, innovative phishing detection techniques utilizing Machine
Learning models have emerged and garnered significant
research attention. This study aims to comprehensively compare
the effectiveness of traditional heuristic-based and modern Machine
Learning classification models, while addressing challenges
associated with their efficiency. Experimental results involving
the Random Forest classifier, although requiring slightly more
computational power, demonstrated a substantial increase in
detection accuracy (57.2% higher) and a remarkable reduction in
testing time (11.28 seconds faster vs 0.01 seconds) when compared
to heuristics using the same input data.