Applications of deep learning for phishing detection: a systematic literature review

Cagatay Catal; Görkem Giray; Bedir Tekinerdogan; Sandeep Kumar; Suyash Shukla

doi:10.1007/s10115-022-01672-x

Applications of deep learning for phishing detection: a systematic literature review

Knowl Inf Syst. 2022;64(6):1457-1500. doi: 10.1007/s10115-022-01672-x. Epub 2022 May 23.

Authors

Cagatay Catal¹, Görkem Giray², Bedir Tekinerdogan³, Sandeep Kumar⁴, Suyash Shukla⁴

Affiliations

¹ Department of Computer Science and Engineering, Qatar University, Doha, Qatar.
² Independent Researcher, Izmir, Turkey.
³ Information Technology Group, Wageningen University & Research, Wageningen, The Netherlands.
⁴ Department of Computer Science and Engineering, Indian Institute of Technology Roorkee, Roorkee, India.

Abstract

Phishing attacks aim to steal confidential information using sophisticated methods, techniques, and tools such as phishing through content injection, social engineering, online social networks, and mobile applications. To avoid and mitigate the risks of these attacks, several phishing detection approaches were developed, among which deep learning algorithms provided promising results. However, the results and the corresponding lessons learned are fragmented over many different studies and there is a lack of a systematic overview of the use of deep learning algorithms in phishing detection. Hence, we performed a systematic literature review (SLR) to identify, assess, and synthesize the results on deep learning approaches for phishing detection as reported by the selected scientific publications. We address nine research questions and provide an overview of how deep learning algorithms have been used for phishing detection from several aspects. In total, 43 journal articles were selected from electronic databases to derive the answers for the defined research questions. Our SLR study shows that except for one study, all the provided models applied supervised deep learning algorithms. The widely used data sources were URL-related data, third party information on the website, website content-related data, and email. The most used deep learning algorithms were deep neural networks (DNN), convolutional neural networks, and recurrent neural networks/long short-term memory networks. DNN and hybrid deep learning algorithms provided the best performance among other deep learning-based algorithms. 72% of the studies did not apply any feature selection algorithm to build the prediction model. PhishTank was the most used dataset among other datasets. While Keras and Tensorflow were the most preferred deep learning frameworks, 46% of the articles did not mention any framework. This study also highlights several challenges for phishing detection to pave the way for further research.

Keywords: Cybersecurity; Deep learning; Machine learning; Malicious URL prediction; Phishing detection; Systematic literature review (SLR).