A Flexible Phishing Detection Approach Based On Software-Defined Networking Using Ensemble Learning Method

With the development of the Internet and the application of the Internet to every aspect of people's lives,the phishing is one of the most harmful social engineering attacks.A common method of phishing attacks is to leak personal information by using an email with an embedded hyperlink that the user clicks to go to a phishing site prepared by the attacker.The existing phishing attack detection techniques in traditional networks generally judge whether a website is a phishing website through the proxy server,which lacks the flexibility of detection.The control separation feature of the software defined network solves the limitations of traditional network.The ensemble learning method can integrate the results of a variety of detection methods,and the decoupling between the basic learners in Stacking mode can enhance the comprehensive scalability of detection methods.Based on the above background,this paper mainly studied ensemble learning method using in phishing detction with SDN(software defined network)architecture.The phishing detection system contains lots of modules,such as pacakage module,controller module,filter module.The main work of this paper is presented as follows:(1)One of the limitations of traditional network is the flow cannot be controlled by the network architecture neatly,for this limitation,this paper proposed a phishing protection mechanism based on SDN architecture.Using the separating character of forward layer and control layer in SDN,the proposed system can centralize management of user traffic and unify the control of network nodes,this process is transparent to users.(2)In view of the traditional detection methods are always simplex and unexpandable,this paper presents a phishing site detection method based on ensemble learning method.The ensemble learning method could combine several machine learning technology to give a more reasonable judgment.The detection method using in this paper improved detection accuracy in phishing detection and extended several methods fexibly.(3)Based on Floodlight controller and Mininet as SDN environment,this paper integrated the phishing site detection method with ensemble learning.This paper designed and implemented a phishing sites protection system.The system adopts the mode of separating the controller from the actual fishing website detection module.The system is divided into deep packet analysis module,controller module,URL filtering module,communication module,feature extraction module and the fishing website detection module based on the integrated learning method of Stacking mode.The function of each module of the system is tested,and the whole system is tested and analyzed.It is proved that the system has advantages in filtering and protecting phishing websites,and can better protect phishing websites from attacks in practical application.