A recent study in the International Journal of Information and Computer Security has introduced an innovative approach to addressing the persistent challenge of zero-day phishing attacks in cybersecurity. Zero-day threats represent a significant challenge for computer security systems. Such threats can be used to exploit previously unidentified vulnerabilities in software, networks, and computer systems before those security systems can be patched or updated to address the new exploit. Although they have only a brief window to circumvent conventional malware detection, antivirus software, and firewalls this can be sufficient to allow a data breach or other malicious process to be undertaken.
Thomas Nagunwa of the Department of Computer Science at the Institute of Finance Management in Dar Es Salaam, Tanzania, has proposed a machine learning (ML) model that is designed to detect these emerging and ever-evolving threats in real time. It could offer a much-needed and pragmatic solution to enhancing computer security in a range of environments.
One of the biggest threats to computer security often exploits social engineering wherein the user’s gullibility or lack of understanding is used to breach the first line of defence. In the case of a “phishing” attack, for instance, an unwary user is persuaded or coerced into unwittingly clicking a malicious link in an email or on a website. Often such phishing attacks will use zero-day tactics, approaches that have not been widely recognised at the point or time of implementation. Commonly, such exploits evade detection because their characteristics and format have not been added to the conventional blacklists used by security systems to otherwise block them.
The newly developed model aims to overcome these limitations by using a diverse set of features extracted from the structural characteristics of phishing websites. Those features are categorized into five groups, including web page structure, URL characteristics, WHOIS records, TLS certificates, and web page reputation. Notably, features derived from third-party services and web page reputation proved particularly influential in predicting phishing attacks, highlighting the significance of external sources and reputation-based indicators in enhancing detection capabilities.
Nagunwa evaluated the performance of his model against both traditional machine learning and deep learning algorithms, with promising results. Accuracy above 99% with minimal false positives and false negatives was achievable. Critically, working in a browser in real-time did not slow the loading of websites to the point at which they would compromise the user browsing experience.
Nagunwa, T. (2024) ‘AI-driven approach for robust real-time detection of zero-day phishing websites’, Int. J. Information and Computer Security, Vol. 23, No. 1, pp.79–118.