A novel approach to protect against phishing attacks at client side using auto-updated white-list

Most of the anti-phishing solutions are having two major limitations; the first is the need of a fast access time for a real-time environment and the second is the need of high detection rate. Black-list-based solutions have the fast access time but they suffer from the low detection rate while other solutions like visual similarity and machine learning suffer from the fast access time. In this paper, we propose a novel approach to protect against phishing attacks using auto-updated white-list of legitimate sites accessed by the individual user. Our proposed approach has both fast access time and high detection rate. When users try to open a website which is not available in the white-list, the browser warns users not to disclose their sensitive information. Furthermore, our approach checks the legitimacy of a webpage using hyperlink features. For this, hyperlinks from the source code of a webpage are extracted and apply to the proposed phishing detection algorithm. Our experimental results show that the proposed approach is very effective for protecting against phishing attacks as it has 86.02 % true positive rate while less than 1.48 % false negative rate. Moreover, our proposed system is efficient to detect various other types of phishing attacks (i.e., Domain Name System (DNS) poisoning, embedded objects, zero-hour attack).

[1]  Brij B. Gupta,et al.  ICMPv6 Flood Attack Detection using DENFIS Algorithms , 2013 .

[2]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[3]  Parminder Singh,et al.  Design, deployment and use of HTTP-based botnet (HBB) testbed , 2014, 16th International Conference on Advanced Communication Technology.

[4]  Ankit Kumar Jain,et al.  PHISH-SAFE: URL Features-Based Phishing Detection System Using Machine Learning , 2018 .

[5]  Selvakumar Manickam,et al.  Phishing Dynamic Evolving Neural Fuzzy Framework for Online Detection Zero-day Phishing Email , 2013, ArXiv.

[6]  Gholam Ali Montazer,et al.  Detection of phishing attacks in Iranian e-banking using a fuzzy-rough hybrid system , 2015, Appl. Soft Comput..

[7]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[8]  Aakanksha Tewari,et al.  Recent survey of various defense mechanisms against phishing attacks , 2016 .

[9]  Ali Yazdian Varjani,et al.  New rule-based phishing detection method , 2016, Expert Syst. Appl..

[10]  Ilango Krishnamurthi,et al.  A comprehensive and efficacious architecture for detecting phishing webpages , 2014, Comput. Secur..

[11]  Gang Liu,et al.  Automatic Detection of Phishing Target from Phishing Webpage , 2010, 2010 20th International Conference on Pattern Recognition.

[12]  B. B. Gupta,et al.  A Survey of Phishing Email Filtering Techniques , 2013, IEEE Communications Surveys & Tutorials.

[13]  Harry Wechsler,et al.  phishGILLNET—phishing detection methodology using probabilistic latent semantic analysis, AdaBoost, and co-training , 2012 .

[14]  N. R. Shetty,et al.  Emerging Research in Computing, Information, Communication and Applications: ERCICA 2015, Volume 2 , 2015 .

[15]  Carolyn Penstein Rosé,et al.  CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites , 2011, TSEC.

[16]  Lorrie Faith Cranor,et al.  An Empirical Analysis of Phishing Blacklists , 2009, CEAS 2009.

[17]  Malcolm Robert Pattinson,et al.  The design of phishing studies: Challenges for researchers , 2015, Comput. Secur..

[18]  Ramana Rao Kompella,et al.  PhishNet: Predictive Blacklisting to Detect Phishing Attacks , 2010, 2010 Proceedings IEEE INFOCOM.

[19]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[20]  Weili Han,et al.  Anti-phishing based on automated individual white-list , 2008, DIM '08.

[21]  Xiaotie Deng,et al.  An antiphishing strategy based on visual similarity assessment , 2006, IEEE Internet Computing.