Application of artificial intelligence in phishing attack detection
Published 2025-05-14
Keywords
- Phishing Attacks,
- Cybersecurity,
- Artificial Intelligence,
- Machine Learning Detection,
- Natural Language Processing
How to Cite
Copyright (c) 2025 Author
This work is licensed under a Creative Commons Attribution 4.0 International License.
Abstract
Abstract
Phishing attacks represent one of the most common and dangerous threats in the field of cybersecurity, as confirmed by statistics from the National CERT, which operates as part of the Croatian Academic and Research Network. Attackers employ sophisticated social engineering techniques, fake emails, websites, and malicious messages to deceive users and collect their sensitive data, including login credentials, financial information, and personal identification numbers. With the increasing digitalization of business and everyday life, phishing attacks are becoming more sophisticated, while traditional security methods often fail to detect them quickly or effectively.
The introduction of the paper highlights how phishing attacks in the digital age have become one of the most widespread cyber threats and analyzes the reasons why traditional detection methods, such as blacklists and heuristic rules, have proven insufficient. Attackers continuously develop new techniques to bypass existing security systems by using dynamically generated domains, content manipulation, and sophisticated deception methods, making detection more challenging.
The second part of the paper focuses on research methodology and the potential application of artificial intelligence (AI) in phishing attack detection. Various machine learning models are analyzed, along with their effectiveness in identifying phishing content and their advantages and limitations compared to traditional protection methods. Special attention is given to natural language processing (NLP) algorithms, computer vision, and user behavior analysis, which enable real-time recognition of suspicious patterns. Additionally, key challenges in AI system implementation are considered, including false positive results, the adaptability of phishing attacks, and attackers' ability to circumvent security mechanisms.
The concluding section of the paper, beyond technical aspects, emphasizes the broader perspective of AI applications in cybersecurity. The goal is to highlight key challenges in AI technology implementation, propose strategies for improvement, and assess the long-term effectiveness of AI systems in combating phishing threats. Furthermore, the paper raises questions about the future development of intelligent security solutions that could ensure even more precise and faster threat detection in the future.
References
- Future internet 12(10), 168. https://doi.org/10.3390/fi12100168
- CERT.hr. (2024, April). Statistika računalno-sigurnosnih incidenata - CERT.hr. CERT.hr -. https://www.cert.hr/statistika/
- Chiew, K. L., Yong, K. S. C., & Tan, C. L. (2018). A survey of phishing attacks: Their types, vectors and technical approaches. Expert Systems with Applications, 106, 1-20. https://doi.org/10.1016/j.eswa.2018.03.050
- Jakobsson, M. & Myers, S. (2007). Phishing and countermeasures: Understanding the increasing problem of electronic identity theft. John Wiley & Sons.
- Janeš, H., Bilić, K., & Grgić, M. (2024). Application of simulated phishing attacks for user training. Crisis Management Days. Retrieved from https://ojs.vvg.hr/index.php/DKU/article/view/533
- Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F. & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), 10(2), 1–31. https://doi.org/10.1145/1754393.1754396
- Purkait, S. (2012). Phishing counter measures and their effectiveness – literature review. Information Management & Computer Security, 20(5), 382–420. https://doi.org/10.1108/09685221211286548