Enhanced website phishing detection based on the cyber kill chain and cloud computing

Abstract

Crimeware-as-a-service (CaaS) presents a growing cybersecurity threat by facilitating the acquisition of tools for website phishing attacks. Detecting these attacks requires effective techniques to obtain accurate results in real time. Cloud machine learning (CML) emerged as a promising solution with the powerful tools of amazon web services (AWS). This study proposes a novel approach combining cyber kill chain concept with AWS technologies to enhance website phishing detection, using AWS SageMaker to preprocess an 11,430 uniform resource locators (URL) dataset and train 3 algorithms, which are: decision tree (DT), random forest (RF), and support vector machine (SVM), evaluate their performance through batch transform, and deploy them as separate endpoints. Prediction functions are then conducted on each endpoint and compared to batch transform results. Our findings demonstrate that the combination of the cyber kill chain concept and AWS CML significantly enhances website phishing detection by achieving results of 97% for RF in 0.48 seconds, 94% for SVM in 0.94 seconds, and 93% for DT in 0.52 seconds. By leveraging CML algorithms and breaking down attacks into stages, our approach identifies and disrupts attacks earlier, preventing damage. This research highlights the value of our approach in improving cybersecurity and protecting against website phishing attacks.