ABSTRACT
In this paper, we propose a technique to detect phishing attacks based on behavior of human when exposed to fake website. Some online users submit fake credentials to the login page before submitting their actual credentials. He/She observes the login status of the resulting page to check whether the website is fake or legitimate. We automate the same behavior with our application (FeedPhish) which feeds fake values into login page. If the web page logs in successfully, it is classified as phishing otherwise it undergoes further heuristic filtering. If the suspicious site passes through all heuristic filters then the website is classified as a legitimate site. As per the experimentation results, our application has achieved a true positive rate of 97.61%, true negative rate of 94.37% and overall accuracy of 96.38%. Our application neither demands third party services nor prior knowledge like web history, whitelist or blacklist of URLS. It is able to detect not only zero-day phishing attacks but also detects phishing sites which are hosted on compromised domains.
- HTTrack Website Copier - Free Software Offline Browser (GNU GPL). https://www.httrack.com/.Google Scholar
- Jsoup Java HTML Parser, with best of DOM, CSS, and jquery. https://jsoup.org/.Google Scholar
- Selenium. http://docs.seleniumhq.org/download/.Google Scholar
- Wget - GNU Project - Free Software Foundation. https://www.gnu.org/software/wget/.Google Scholar
- Phishing attack trends reports, 4th quarter 2015. http://docs.apwg.org/reports/apwg_trends_report_q4_2015.pdf, 2015. Accessed: 2016-06-01.Google Scholar
- APWG. Phishing attack trends reports, first quarter 2016. http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf, 2016. Accessed: 2016-06-01.Google Scholar
- Y. Cao, W. Han, and Y. Le. Anti-phishing based on automated individual white-list. In Proceedings of the 4th ACM workshop on Digital identity management, pages 51--60. ACM, 2008. Google ScholarDigital Library
- K. L. Chiew, E. H. Chang, W. K. Tiong, et al. Utilisation of website logo for phishing detection. Computers & Security, 54:16--26, 2015. Google ScholarDigital Library
- N. Chou, R. Ledesma, Y. Teraguchi, J. C. Mitchell, et al. Client-side defense against web-based identity theft. In NDSS, 2004.Google Scholar
- A. Y. Fu, L. Wenyin, and X. Deng. Detecting phishing web pages with visual similarity assessment based on earth mover's distance (emd). IEEE transactions on dependable and secure computing, 3(4):301--311, 2006. Google ScholarDigital Library
- S. Garera, N. Provos, M. Chew, and A. D. Rubin. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM workshop on Recurring malcode, pages 1--8. ACM, 2007. Google ScholarDigital Library
- M. Hara, A. Yamada, and Y. Miyake. Visual similarity-based phishing detection without victim site information. In Computational Intelligence in Cyber Security, 2009. CICS'09. IEEE Symposium on, pages 30--36. IEEE, 2009. Google ScholarCross Ref
- M. He, S.-J. Horng, P. Fan, M. K. Khan, R.-S. Run, J.-L. Lai, R.-J. Chen, and A. Sutanto. An efficient phishing webpage detector. Expert Systems with Applications, 38(10):12018--12027, 2011. Google ScholarDigital Library
- Y. Joshi, S. Saklikar, D. Das, and S. Saha. Phishguard: A browser plug-in for protection from phishing. In Internet Multimedia Services Architecture and Applications, 2008. IMSAA 2008. 2nd International Conference on, pages 1--6. IEEE, 2008. Google ScholarCross Ref
- H. Kazemian and S. Ahmed. Comparisons of machine learning techniques for detecting malicious webpages. Expert Systems with Applications, 42(3):1166 -- 1177, 2015. Google ScholarDigital Library
- P. Mensah, G. Blanc, K. Okada, D. Miyamoto, and Y. Kadobayashi. Ajna: Anti-phishing js-based visual analysis, to mitigate users' excessive trust in ssl/tls.Google Scholar
- M. Moghimi and A. Y. Varjani. New rule-based phishing detection method. Expert systems with applications, 53:231--242, 2016. Google ScholarDigital Library
- Y. Pan and X. Ding. Anomaly based web phishing page detection. In Proceedings - Annual Computer Security Applications Conference, ACSAC, volume 6, pages 381--392, 2006. Google ScholarDigital Library
- P. Prakash, M. Kumar, R. R. Kompella, and M. Gupta. Phishnet: Predictive blacklisting to detect phishing attacks. In INFOCOM, 2010 Proceedings IEEE, pages 1--5. IEEE, 2010.Google ScholarDigital Library
- G. Ramesh, I. Krishnamurthi, and K. S. S. Kumar. An efficacious method for detecting phishing webpages through target domain identification. Decision Support Systems, 61:12 -- 22, 2014. Google ScholarCross Ref
- R. S. Rao and S. T. Ali. A computer vision technique to detect phishing attacks. In Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, pages 596--601. IEEE, 2015. Google ScholarCross Ref
- R. S. Rao. and S. T. Ali. Phishshield: A desktop application to detect phishing webpages through heuristic approach. Procedia Computer Science, 54:147--156, 2015. Google ScholarCross Ref
- H. Shahriar and M. Zulkernine. Trustworthiness testing of phishing websites: A behavior model-based approach. Future Generation Computer Systems, 28(8):1258--1271, 2012. Google ScholarDigital Library
- C. L. Tan, K. L. Chiew, et al. Phishing website detection using url-assisted brand name weighting system. In 2014 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS), pages 054--059. IEEE, 2014. Google ScholarCross Ref
- C. L. Tan, K. L. Chiew, K. Wong, and S. N. Sze. Phishwho: Phishing webpage detection via identity keywords extraction and target domain name finder. Decision Support Systems, 88:18 -- 27, 2016. Google ScholarDigital Library
- T. Van Goethem, F. Piessens, W. Joosen, and N. Nikiforakis. Clubbing seals: Exploring the ecosystem of third-party security seals. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 918--929. ACM, 2014. Google ScholarDigital Library
- G. Varshney, M. Misra, and P. K. Atrey. A phish detector using lightweight search features. Computers & Security, 62:213 -- 228, 2016. Google ScholarCross Ref
- L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng. Detection of phishing webpages based on visual similarity. In Special interest tracks and posters of the 14th international conference on World Wide Web, pages 1060--1061. ACM, 2005. Google ScholarDigital Library
- G. Xiang, J. Hong, C. P. Rose, and L. Cranor. CantinaGoogle Scholar
- : A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security (TISSEC), 14(2):21, 2011.Google Scholar
- J. Zhang, P. A. Porras, and J. Ullrich. Highly predictive blacklisting. In USENIX Security Symposium, pages 107--122, 2008.Google ScholarDigital Library
- Y. Zhang, J. I. Hong, and L. F. Cranor. Cantina: a content-based approach to detecting phishing web sites. In Proceedings of the 16th international conference on World Wide Web, pages 639--648. ACM, 2007. Google ScholarDigital Library
Index Terms
- Detecting Phishing Websites using Automation of Human Behavior
Recommendations
A comprehensive and efficacious architecture for detecting phishing webpages
Phishing is a web-based criminal act. Phishing sites lure sensitive information from naive online users by camouflaging themselves as trustworthy entities. Phishing is considered an annoying threat in the field of electronic commerce. Due to the short ...
Anti-phishing: A comprehensive perspective
AbstractPhishing is a form of deception technique that attackers often use to acquire sensitive information related to individuals and organizations fraudulently. Although Phishing attacks have been known for more than two decades, and there is ongoing ...
Highlights- Classification and discussion of various phishing attacks, motives, and their types.
- The role of social and cognitive factors in the success of a phishing attack.
- A comprehensive survey of various phishing detection and prevention ...
A heuristic technique to detect phishing websites using TWSVM classifier
AbstractPhishing websites are on the rise and are hosted on compromised domains such that legitimate behavior is embedded into the designed phishing site to overcome the detection. The traditional heuristic techniques using HTTPS, search engine, Page ...
Comments