GraPhish: A graph-based approach for phishing detection from encrypted TLS traffic
No Thumbnail Available
Date
2025
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier Ltd
Abstract
Phishing has increased substantially over the last few years, with cybercriminals deceiving users via spurious websites or confusing mails to steal confidential data like username and password. Even with browser-integrated security indicators like HTTPS prefixes and padlock symbols, new phishing strategies have circumvented these security features. This paper proposes GraPhish, a novel graph-based phishing detection framework that leverages encrypted TLS traffic features. We constructed an in-house dataset and proposed an effective method for graph generation based solely on TLS-based features. Our model performs better than traditional machine learning algorithms. GraPhish achieved an accuracy of 94.82%, a precision of 96.28%, a recall of 92.11%, and an improved AUC-ROC score of 98.29%. © 2025 Elsevier Ltd
Description
Keywords
Computer crime, Cryptography, Graph neural networks, HTTP, Learning algorithms, Learning systems, Machine learning, Network security, Phishing, Seebeck effect, Confidential data, Cybercriminals, Detection framework, Graph-based, Graphish, Phishing detections, Security features, TLS feature, Graphic methods
Citation
Journal of Information Security and Applications, 2025, 94, , pp. -