The LSTM-based automated phishing detection driven model for detecting multiple attacks on Tor hidden services

Abstract

Phishing is a major problem on darknets. Phishing is the practice of attacking an unaware person by pretending to be someone else to steal their digital data. In anonymous platforms such as the dark web or deep web of Tor, detecting the attacker or phishing attacks is a much more complicated practice. Generic phishing attacks can be easy to spot. Today’s challenge is detecting the various attacks in the anonymous network is very hard. The intelligent factor of attacks can bypass traditional detection solutions. To solve the problem of complications in the Tor Network, this work focuses on the development of automated detection of vulnerable attacks in phishing-based Tor hidden services. The proposed model initially divides the attack parameters into three categories into Class A, Class B, and Class C based on technical perspectives and some defined threshold values. Next, the class A attacks (i.e. top level domain and protocol similarity) attacks are detected by a random forest (RF) classifier. Then, the class B attacks can be identified by the convolutional neural network (CNN). Finally, the LSTM model is applied for the accurate classification of multiple attacks in the Tor network. The experimental validation of the proposed model is tested using the CIRCL and AIL datasets. The experimental values highlighted the promising performance of the proposed model over other methods with a maximum overall detection accuracy of 95.60% and 95.77% on CIRCL and AIL datasets respectively. Therefore, the proposed model effectively detects multiple attacks in the Tor network under dynamic and real-time environments.