Machine Learning-Based Technique for Phishing URLs Detection from TLS 1.2 and TLS 1.3 Traffic Without Decryption

Abstract

Phishing is one of the major leading cyberattack leading to huge financial loss and sensitive information loss such as account information, card details, password, login credentials. Existing techniques for phishing URL detection are unable to efficiently classify them. The use of TLS 1.2 and TLS 1.3 for client/server applications to communicate over the Internet securely has also contributed to the increase in these attacks. TLS 1.2 and TLS 1.3 traffic is encrypted, so detecting phishing URLs from encrypted traffic without decryption is a challenging task. In this paper, a machine learning (ML)-based technique is proposed for the detection of phishing URLs from encrypted traffic. The features are extracted from TLS 1.2 and TLS 1.3 traffic and based on the extracted features URLs are classified using ML algorithms. The dataset has been prepared for legitimate and phishing sites based on the features extracted from TLS 1.2 and TLS 1.3 traffic. Based on the experimental results, it is observed that the proposed model achieved promising results in the detection of phishing URLs from the encrypted traffic with an accuracy of 89.6%. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.