Multi-Modal Hierarchical Attention Model for Enhanced Phishing Website Detection

Abstract

Phishing website attacks persist as a major cyber threat, continually evolving to evade detection. Existing detection methods, such as lookup systems and fraud cue-based approaches, have limitations, prompting the need for advanced techniques capable of addressing these challenges. This paper introduces a novel approach, the Multi-Modal Hierarchical Attention Model (MMHAM), designed to enhance phishing website detection by jointly analysing three crucial modalities: URLs, textual information, and visual design. Traditional lookup systems often fall short in addressing newly created attacks, while fraud cue-based methods may rely heavily on feature engineering, limiting their effectiveness. Deep representation-based methods have shown promise in learning intricate fraud cues, primarily focusing on URLs. However, they neglect the analysis of textual content and visual design, two equally important aspects of website content. MMHAM integrates information from URLs, textual content, and visual design through a shared dictionary learning approach. This innovative mechanism aligns representations from different modalities within the attention model, enabling the model to learn deep fraud cues comprehensively. The proposed MMHAM not only improves phishing detection capabilities but also introduces a hierarchical interpretability system. This system enhances model trustworthiness and provides actionable intelligence for informed decision-making at various levels of phishing threat detection. In our evaluation experiments, MMHAM demonstrated superior performance compared to existing methods, showcasing its ability to learn enhanced deep cues for phishing detection. Furthermore, the hierarchical interpretability system enabled the extraction of valuable phishing threat intelligence. This intelligence can be leveraged to inform phishing website detection strategies at different levels, empowering cybersecurity professionals with a more robust and adaptable defines against phishing attacks. The MMHAM model represents a significant step forward in the ongoing effort to combat the evolving landscape of cyber threats, particularly in the realm of phishing website detection.