AI can detect phishing via visual markups

Artificial Intelligence (AI) and Machine Learning (ML) models that are trained on visual markups of a website code can enhance the accuracy and speed of detecting phishing websites. According to a document (PDF) published by security researchers at the University of Plymouth and the University of Portsmouth in the United Kingdom, this is the case. The researchers want to overcome the flaws in current detection technologies, which are either too sluggish or insufficiently accurate.

The researchers’ method transforms the markup and code of web pages into images using “binary visualisation” tools.

They constructed a dataset of legal and fraudulent website images using this strategy.

The dataset was then used to train a machine learning model that could distinguish between legitimate and phishing websites based on visual differences.

The target webpage’s code is translated through binary visualisation and run through the trained model to test a new website.

The researchers employed MobileNet, a neural network that has been tailored to run on resource-constrained devices rather than cloud servers, to boost the model’s performance.

To prevent making unwarranted conclusions, the system progressively builds up a database of legitimate and fraudulent websites.

According to the researchers’ tests, the algorithm was able to detect phishing websites with a 94% accuracy rate. It can also run on user devices and offer near-real-time results because it uses a tiny neural network.

One of the paper’s co-authors, Stavros Shiaeles, told The Daily Swig, “We have tested the technique with actual phishing and legit sites.”

This isn’t the first time binary visualisation and machine learning have been employed in the field of cybersecurity. Shiaeles, a cybersecurity lecturer at the University of Portsmouth, was one of the co-authors of another technique in 2019 that combined machine learning and binary visualisation to detect malware and showed promising results.

The team is now taking the next step to make the phishing website detection system suitable for adoption after testing it.

Shiaeles remarked, “We’re working on a new extended method and trying to get a patent.” “Given the preliminary results, I don’t see why it shouldn’t be embraced. “The precision is 100 per cent.”