Enhancing Phishing URL Detection with Graph Neural Networks: A Combination of URL and HTML Features
摘要
Phishing websites are designed to steal sensitive user information, causing financial damage. Detecting and blocking these websites before users provide personal data is a critical task in cybersecurity. This paper proposes HUGPhish, a phishing URL detection method using URL and HTML feature extraction. This method extracts the top potential n-gram features of URLs combined with handcrafted features extracted from them. HTML content is also analyzed and represented as graphs based on HTML tags. HUGPhish uses Graph Neural Networks (GNNs) to extract embeddings from HTML graphs. These embeddings, along with handcrafted HTML features and extracted URL features, are integrated into a comprehensive feature set, which is then classified using a LightGBM model for accurate phishing detection. The experimental results clearly demonstrate that HUGPhish outperforms all of the compared methods. With an F1 score of 90.92%, HUGPhish not only exceeds the standalone LightGBM model with an F1 score of 84.43%, but also surpasses advanced deep learning models.