Different machine learning and deep learning-based approaches have been proposed for designing defensive mechanisms against various phishing attacks. Recently, researchers showed that phishing attacks can be performed by employing a deep neural network-based phishing URL generating system called DeepPhish. To prevent this kind of attack, we design an ensemble machine learning-based detection system called PhishHaven to identify AI-generated as well as human-crafted phishing URLs. To the best of our knowledge, this is the first study to consider detecting phishing attacks by both AI and human attackers. PhishHaven employs lexical analysis for feature extraction. To further enhance lexical analysis, we introduce URL HTML Encoding to classify URL on-the-fly and proactively compare with some of the existing methods. We also introduce a URL Hit approach to deal with tiny URLs, which is an open problem yet to be solved. Moreover, the final classification of URLs is made on an unbiased voting mechanism in PhishHaven, which aims to avoid misclassification when the number of votes is equal. To speed up the ensemble-based machine learning models, PhishHaven employs a multi-threading approach to execute the classification in parallel, leading to real-time detection. Theoretical analysis of our solution shows that (1) it can always detect tiny URLs, and (2) it can detect future AI-generated Phishing URLs based on our selected lexical features with 100% accuracy. Through experiments, we analyze our solution with a benchmark dataset of 100,000 phishing and normal URLs. The results show that PhishHaven can achieve 98.00% accuracy, outperforming the existing lexical-based human-crafted phishing URLs detection systems. INDEX TERMS AI-generated phishing URLs, ensemble machine learning, human-crafted phishing URLs, lexical features, multi-threading, tiny URLs, URL HTML encoding, voting.
Nowadays, Federated Learning has widely been adopted for data security in the Industrial IoTs. With Federated Learning, local Industrial IoTs devices download the current machine learning model and update it on their own local Industrial IoTs devices. Then, local Industrial IoTs devices transmit these locally trained models back to the Industrial Server. The Industrial Server aggregates all the locally trained models into a single consolidated and enhanced global model. On one side, Federated Learning secures the data; on the other side, Federated Learning itself is vulnerable to one subtle yet severe attack: the model poisoning attack. Model poisoning attack is difficult to detect, especially in Industrial IoTs applications, for two reasons: a) neither the Industrial Server nor the local Industrial IoTs devices in Federated Learning is capable of identifying poisoned local models, and b) every iteration of Federated Learning consists of many Industrial IoTs devices, and therefore, verification of every single device is computationally expensive. Thus, this study proposes an effective and efficient framework for deTectIon of Model Poisoning Attacks usiNg AccuracY (TIMPANY). TIMPANY is the first detection framework for the model poisoning attack that utilizes accuracy as a detection measure. We performed theoretical analysis of TIMPANY with other detection solutions (for model poisoning attack) concerning communication and computational efficiency, security, and detection accuracy. Our thorough theoretical comparative analysis showed that TIMPANY efficiently addresses these open research challenges that previous studies failed to address. In our thorough experimental analysis, error analysis from the first iteration shows that TIMPANY results in 0% error, leading to a True Positive Rate and accuracy of 100% with 0% False Positive Rate. Thus, TIMPANY outperformed some of the existing detection solutions for model poisoning attacks against Federated Learning. We conclude that TIMPANY is effective and efficient against model poisoning attacks in Federated Learning, even for resource-constrained Industrial IoTs devices widely used in various industrial applications.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.