Evaluation of Federated Learning in Phishing Email Detection

Chandra Thapa; Jun Wen Tang; Alsharif Abuadbba; Yansong Gao; Seyit Camtepe; Surya Nepal; Mahathir Almashor; Yifeng Zheng

doi:10.3390/s23094346

Evaluation of Federated Learning in Phishing Email Detection

Sensors (Basel). 2023 Apr 27;23(9):4346. doi: 10.3390/s23094346.

Authors

Chandra Thapa¹, Jun Wen Tang², Alsharif Abuadbba^{1

3}, Yansong Gao¹, Seyit Camtepe¹, Surya Nepal^{1

3}, Mahathir Almashor¹, Yifeng Zheng⁴

Affiliations

¹ Commonwealth Scientific and Industrial Research Organisation, Data61, Sydney 2122, Australia.
² School of Chemical Engineering, The University of New South Wales, Sydney 2052, Australia.
³ Cyber Security Cooperative Research Centre, Australian Capital Territory 2604, Australia.
⁴ Harbin Institute of Technology, Harbin 150001, China.

Abstract

The use of artificial intelligence (AI) to detect phishing emails is primarily dependent on large-scale centralized datasets, which has opened it up to a myriad of privacy, trust, and legal issues. Moreover, organizations have been loath to share emails, given the risk of leaking commercially sensitive information. Consequently, it has been difficult to obtain sufficient emails to train a global AI model efficiently. Accordingly, privacy-preserving distributed and collaborative machine learning, particularly federated learning (FL), is a desideratum. As it is already prevalent in the healthcare sector, questions remain regarding the effectiveness and efficacy of FL-based phishing detection within the context of multi-organization collaborations. To the best of our knowledge, the work herein was the first to investigate the use of FL in phishing email detection. This study focused on building upon a deep neural network model, particularly recurrent convolutional neural network (RNN) and bidirectional encoder representations from transformers (BERT), for phishing email detection. We analyzed the FL-entangled learning performance in various settings, including (i) a balanced and asymmetrical data distribution among organizations and (ii) scalability. Our results corroborated the comparable performance statistics of FL in phishing email detection to centralized learning for balanced datasets and low organizational counts. Moreover, we observed a variation in performance when increasing the organizational counts. For a fixed total email dataset, the global RNN-based model had a 1.8% accuracy decrease when the organizational counts were increased from 2 to 10. In contrast, BERT accuracy increased by 0.6% when increasing organizational counts from 2 to 5. However, if we increased the overall email dataset by introducing new organizations in the FL framework, the organizational level performance improved by achieving a faster convergence speed. In addition, FL suffered in its overall global model performance due to highly unstable outputs if the email dataset distribution was highly asymmetric.

Keywords: bidirectional encoder representations from transformers (BERT); federated learning; phishing email detection; recurrent neural network.

Grants and funding

Not applicable/Partially supported by the Cyber Security Cooperative Research Centre, 639 Australia.