STFL: Utilizing a Semi-Supervised, Transfer-Learning, Federated-Learning Approach to Detect Phishing URL Attacks

Phishing attacks are continually changing, so machine learning detection models must be continuously updated by collecting new URL data from users without compromising their privacy. Existing approaches for the detection of phishing URLs have unrealistic assumptions: (1) representative URL datasets are available in a centralized location, (2) users' URL entries are labeled, (3) users' unique behavioral patterns are ignored, and (4) users' data are identically and independently distributed (IID data). This paper presents a semi-supervised, transfer-learning (TL), federated-learning (FL) approach for detecting phishing URL attacks, a novel approach that does not hold the above assumptions. We train a bidirectional long short-term memory (Bi-LSTM) autoencoder network across multiple decentralized edge devices (using FL) containing unlabeled data samples without sharing them (the process is privacy-preserving). A centralized server collects the updated Bi-LSTM autoencoder networks from the users' devices and aggregates them into a global Bi-LSTM autoencoder network using the FedAVG algorithm. The server then performs TL in order to use the autoencoder that learns the patterns from the global Bi-LSTM autoencoder networks and induces a classification model. The method is evaluated using three benchmark datasets and compared to state-of-the-art URL phishing detection methods that utilize centralized learning (CL) and FL. Our experiments show that our proposed approach achieves higher results based on the F1 score compared to the state-of-the-art method.