Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions

Abstract

Phishing has become an increasing concern and captured the attention of end-users as well as security experts. Despite decades of development and improvement, existing phishing detection techniques still suffer from the deficiency in performance accuracy and the inability to detect unknown attacks. Motivated to solve these problems, many researchers in the cybersecurity domain have shifted their attention to phishing detection that capitalizes on machine learning techniques. In recent years, deep learning has emerged as a branch of machine learning that has become a promising solution for phishing detection. As a result, this study proposes a taxonomy of deep learning algorithms for phishing detection by examining 81 selected papers using a systematic literature review approach. The paper first introduces the concept of phishing and deep learning in the context of cybersecurity. Then, phishing detection and deep learning algorithm taxonomies are provided to classify the existing literature into various categories. Next, taking the proposed taxonomy as a baseline, this study comprehensively reviews the state-of-the-art deep learning techniques and analyzes their advantages as well as disadvantages. Subsequently, the paper discusses various issues deep learning faces in phishing detection and proposes future research directions to overcome these challenges. Finally, an empirical analysis is conducted to evaluate the performance of various deep learning techniques in a practical context and highlight the related issues that motivate researchers in their future works. The results obtained from the empirical experiment showed that the common issues among most of the state-of-the-art deep learning algorithms are manual parameter-tuning, long training time, and deficient detection accuracy. Author