Detección de ataques de phishing basada en aprendizaje profundo y procesamiento del lenguaje natural.

Abstract

Phishing is a type of Social Engineering cyber-attack that aims to deceive end users, usually using web pages. The most common method to detect this type of attack is by comparing the URLs with a blacklist of URLs already identified as phishing pages. However, the main problem is when new phishing pages appear that are not registered on the blacklist. Currently, one of the most common ways to detect these previously unidentified phishing pages is by analyzing the content of the web pages, that is, by entering words non sequentially into deep learning algorithms, regardless of the sequence of the text entered in Deep Learning algorithms. The main objective of this thesis is to propose a model that detects phishing attacks based on the text of suspicious web pages, using Deep Learning, Natural Language Processing, and Word Embedding with the GloVe dictionary. In this way, we take advantage of the semantic and syntactic richness of the text on the analyzed page. To achieve the main objective, we conducted a literature review, evaluated people’s personality and behavioral traits, and implemented, evaluated, and refined the phishing detection model. Finally, we made a Chrome extension called NDLP to detect these attacks. It was determined that the model works because the four evaluated algorithms, LSTM, BiLSTM, GRU, and BiGRU, obtained over 96.70% mean accuracy, and the algorithm that gave the best results was BiGRU, which achieved 97.39%.