Detection of online phishing email using dynamic evolving neural network based on reinforcement learning

Smadi, Sami (2017) Detection of online phishing email using dynamic evolving neural network based on reinforcement learning. Doctoral thesis, Northumbria University.

smadi.sami_phd.pdf - Submitted Version

Download (16MB) | Preview


Phishing has been the most frequent cybercrime activity over the last 15 years and has caused billions of dollars to be stolen. This happens due to the fact that phishing attackers always use new (zero-day) and sophisticated techniques to deceive online customers. The most common way to initiate a phishing attack is by using email. In this thesis, a novel framework is proposed that combines a neural network with reinforcement learning for detecting online phishing attacks.

This thesis addresses the effectiveness of phishing email detection, and it makes the following contributions. Firstly, a novel pre-processing system has been designed to gather and extract the features and patterns of phishing email. To cover all behaviour that phishers use to deceive online customers, fifty features were selected. Pre-processing is divided into three layers, based on the main types of email content. Secondly, a novel algorithm has been proposed for the exploration of new phishing behaviour. The proposed algorithm has the ability to select the effective list of features from the list of features extracted in the pre-processing phase. Thirdly, this thesis proposed a novel Dynamic Evolving Neural Network using Reinforcement Learning (DENNuRL) algorithm, which can be used to generate the best neural network for classification problem based on reinforcement learning idea. Finally, a novel framework for Phishing Email Detection System (PEDS) has been proposed. The PEDS has the ability to adapt itself to generate a new PEDS that reflects changes in behaviour. Therefore, reinforcement learning is adopted in the proposed framework combined with neural network to enhance the system dynamically over time in the online mode. The proposed technique can effectively handle zero-day phishing attacks.

The proposed phishing email detection model was trained, tested and validated in the online mode using an approved dataset. The promising results showed that the DENNuRL can provide an effective means of phishing detection. The proposed model successfully classified and identified approximately 98.6% of phishing emails selected from the test dataset, with low false positive rates of 1.8%. A comparison with other similar techniques using the same dataset shows that the proposed technique outperforms the existing methods.

Item Type: Thesis (Doctoral)
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Becky Skoyles
Date Deposited: 08 Oct 2018 10:50
Last Modified: 31 Jul 2021 22:37

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics