Conceptual model of detection of phishing attacks based on the use of support vector methods

DOI: 10.31673/2409-7292.2024.020003

Authors

  • Г. І. Гайдур, (Haidur H. I.) State University of Information and Communication Technologies, Kyiv
  • С. О. Гахов, (Gakhov S. O.) State University of Information and Communication Technologies, Kyiv
  • В. В. Марченко, (Marchenko V. V.) State University of Information and Communication Technologies, Kyiv
  • К. В. Гайдур, (Haidur K. V.) State University of Information and Communication Technologies, Kyiv

DOI:

https://doi.org/10.31673/2409-7292.2024.020003

Abstract

The article examines the problem of identifying cyberthreats in the information system of organizations, using the example of phishing attacks. Phishing is the initial vector of attacks to achieve the attacker’s goal and will allow information about user accounts, network data or administrator data to be obtained. To solve the problem of detecting cyberattacks on the information system of the organization, the concept of detecting phishing attacks is proposed in the work. The main idea of the concept is the application of machine learning methods that allow analysis of large volumes of data. Phishing attacks can be detected precisely through the analysis of large volumes of data. One advantage of machine learning methods is that such methods will detect illicit trends, known tactics and practices of this type of attack. The paper shows the peculiarities of identifying features in relation to the input data of the proposed model. It was the identification of signs by known techniques of phishing attacks that allowed us to obtain a set of data as input signs. The input data was used as the basis of the support vector method, which classifies the received data into phishing and legitimate ones. As a result of the study, qualitative characteristics of the phishing attack detection model were obtained. The calculated accuracy and sensitivity of the model are applied to SVM with a linear kernel and radial basis function (RBF). Verification of the adequacy and accuracy of the selected models is shown on the example of the ROC curve, which shows the predictions regarding the detection of phishing. Therefore, the proposed conceptual model allows to expand the directions of research on the detection of phishing attacks in the information system of the organization by means of additional methods of processing input data and improving methods of machine learning.

Keywords: information system, model, cyber security, attack, phishing, anomaly, signs of intrusion detection, information security, machine learning.

Downloads

Published

2024-06-21

Issue

No. 2 (2024)

Section

Articles