Detecting Cloud-Based Phishing Attacks by Combining Deep Learning Models

Web-based phishing attacks nowadays exploit popular cloud web hosting services and apps such as Google Sites and Typeform for hosting their attacks. Since these attacks originate from reputable domains and IP addresses of the cloud services, traditional phishing detection methods such as IP reputation monitoring and blacklisting are not very effective. Here we investigate the effectiveness of deep learning models in detecting this class of cloud-based phishing attacks. Specifically, we evaluate deep learning models for three phishing detection methods-LSTM model for URL analysis, YOLOv2 model for logo analysis, and triplet network model for visual similarity analysis. We train the models using well-known datasets and test their performance on cloud-based phishing attacks in the wild. Our results qualitatively explain why the models succeed or fail. Furthermore, our results highlight how combining results from the individual models can improve the effectiveness of detecting cloud-based phishing attacks.