Advanced Phishing Attack Detection Through Network Forensic Methods and Incident Response Planning Based on Machine Learning

Abstract

The widespread use of smartphones has led to an increase in cybercrimes, particularly phishing attacks. Phishing attacks are commonly propagated through email, WhatsApp groups, and other communication channels. The stolen data is then used to commit further crimes, exploiting the victims' personal information. This study addresses the detection of phishing attacks using network forensic methods and incident response planning. Unlike previous approaches that relied solely on Incident Response Plans (IRPs) and Incident Handling methods to react to phishing attacks, this research emphasizes proactive detection. By employing network forensics, suspicious websites can be identified and differentiated from legitimate ones, enabling early detection and prevention of phishing attacks. The results demonstrate that network forensics can significantly enhance the ability to detect phishing sites before they can harm users. In our experiments, we analyzed a dataset of 10,000 websites, identifying 95% of phishing sites with a false positive rate of only 2%. Utilizing the Random Forest machine learning algorithm, we achieved high performance metrics with an accuracy of 96.5%, precision of 97.1%, recall of 95.8%, and an F1-score of 96.4%. This proactive approach not only mitigates the risk of phishing but also provides a robust framework for incident response, ensuring that potential threats are identified and neutralized promptly.